Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple conhost exe taking up memeory and running very slow


  • This topic is locked This topic is locked
2 replies to this topic

#1 rexmac

rexmac

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 13 July 2015 - 07:36 PM

A couple weeks ago a warning popped up about infected system from some software that said buy fix / solution now - my wife promptly closed the program about a week later the same thing happened.  Things were going fine until yesterday morning...nothing was running on the machine.  I opened task manager and noticed a few conhost processes running taking up a lot of memory.  Eventually, there were numerous conhost processes running taking up about 95%+ of the memory; I could not the process(es).

 

So I ran a Symantec virus scan, which began last night around 8:30 and finished this afternoon around 1:30...nothing was identified.  I disconnected machine from the internet and began looking for a solution viz my laptop.  I found this site; I ran FRST, Malware and Adware.  I thought things were cleaned up but I again noticed memory usage skyrocketing this time by other processes and things coming to a halt...

 

Here are the contents of he FRST and Additions logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by rexmac (administrator) on REXMAC-THINK on 13-07-2015 16:15:10
Running from D:\
Loaded Profiles: rexmac (Available Profiles: rexmac)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(GARMIN Corp.) C:\Garmin\gStart.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Intuit) C:\Program Files (x86)\QUICKENW\QWDLLS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files (x86)\QUICKENW\qagent.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Marimba Inc.) C:\Windows\SysWOW64\mrtMngr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\PELMICED.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-09] (Realtek Semiconductor)
HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [99840 2010-07-29] (Primax Electronics Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-02-02] ()
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2010-12-16] ()
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [344576 2010-04-08] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [QAGENT] => C:\Program Files (x86)\QUICKENW\QAGENT.EXE [94208 2001-07-31] ()
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115624 2011-06-23] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [LTT] => C:\Program Files\PC-Doctor\EnableToolbarW32.exe [23120 2011-06-27] (PC-Doctor, Inc.)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-09] (Google Inc.)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-04-23] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\MountPoints2: {2f59b0d2-7ab2-11e1-963f-806e6f6e6963} - D:\TL-Bootstrap.exe
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\MountPoints2: {4104dd6f-5f69-11e4-9f2b-e89a8fa90635} - D:\TL_Bootstrap.exe
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\MountPoints2: {99838e46-536a-11e1-96ed-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\MountPoints2: {c8dfcff6-5e21-11e4-bea4-e89a8fa90635} - D:\TL_Bootstrap.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2012-02-18]
ShortcutTarget: Billminder.lnk -> C:\Program Files (x86)\QUICKENW\BILLMIND.EXE (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk [2012-02-18]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files (x86)\QUICKENW\QWDLLS.EXE (Intuit)
Startup: C:\Users\rexmac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-04-07]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.altavista.com/
http://www.gmail.com/
http://www.espn.com/
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4286240386-1833348207-4035722467-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS471
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-04-06] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Ziftr Alerts - formerly FreePriceAlerts.com -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> C:\Program Files (x86)\Ziftr Alerts\win64\vbobho.dll [2013-07-11] (MyVBO LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-04-06] (RealDownloader)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Ziftr Alerts - formerly FreePriceAlerts.com -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> C:\Program Files (x86)\Ziftr Alerts\vbobho.dll [2013-07-11] (MyVBO LLC)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-18] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-4286240386-1833348207-4035722467-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Tcpip\..\Interfaces\{6BC3AAB5-52ED-445F-8280-F4A57C79E5BE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8D3C286-0CC8-460F-BF54-DB7F628EF9C8}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-18] (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2010-01-04] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-04-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-04-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-04-06] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-26]

Chrome:
=======
CHR Profile: C:\Users\rexmac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer Downloader) - C:\Users\rexmac\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rexmac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\rexmac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-06-23] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-06-23] (Symantec Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [713736 2015-04-23] (Garmin Ltd. or its subsidiaries)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-05-26] (Symantec Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsDtsServer100; C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214040 2007-11-09] (Microsoft Corporation)
S2 MSOLAP$REXMAC2008; C:\Program Files (x86)\Microsoft SQL Server\MSAS10.REXMAC2008\OLAP\bin\msmdsrv.exe [21987352 2007-11-09] (Microsoft Corporation)
S2 MSSQL$REXMAC2008; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.REXMAC2008\MSSQL\Binn\sqlservr.exe [32756248 2007-11-09] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PelService; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [177152 2010-04-21] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S2 ReportServer$REXMAC2008; C:\Program Files (x86)\Microsoft SQL Server\MSRS10.REXMAC2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [889368 2007-11-09] (Microsoft Corporation)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3262240 2011-09-29] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2011-09-29] (Symantec Corporation)
S3 SQLAgent$REXMAC2008; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.REXMAC2008\MSSQL\Binn\SQLAGENT.EXE [347160 2007-11-09] (Microsoft Corporation)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1851224 2011-09-29] (Symantec Corporation)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2001-02-28] (Marimba, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-10-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-09-07] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-09-07] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-09-07] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-09-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-09-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-09-07] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-28] (Symantec Corporation)
R1 Teefer3; C:\Windows\System32\DRIVERS\Teefer3.sys [53880 2011-01-13] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R3 VMC429; C:\Windows\System32\Drivers\VMC429.sys [192000 2009-12-25] (Vimicro Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [54392 2011-09-29] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 16:14 - 2015-07-13 15:56 - 02248704 _____ C:\Users\rexmac\Downloads\AdwCleaner.exe
2015-07-13 16:14 - 2015-07-13 13:54 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\rexmac\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-13 16:14 - 2015-07-13 13:54 - 05632449 _____ (Swearware) C:\Users\rexmac\Downloads\ComboFix.exe
2015-07-13 15:57 - 2015-07-13 16:08 - 00000000 ____D C:\AdwCleaner
2015-07-13 13:56 - 2015-07-13 13:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-13 13:56 - 2015-07-13 13:56 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-13 13:56 - 2015-07-13 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-13 13:56 - 2015-07-13 13:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-13 13:56 - 2015-07-13 13:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-13 13:56 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-13 13:56 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-13 13:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-13 13:43 - 2015-07-13 16:15 - 00000000 ____D C:\FRST
2015-07-07 17:17 - 2015-07-11 11:04 - 00000000 ____D C:\Users\rexmac\AppData\Roaming\SmartDraw
2015-07-07 17:17 - 2015-07-07 17:17 - 00000000 ____D C:\Users\rexmac\Documents\SmartDraw
2015-07-07 17:17 - 2015-07-07 17:17 - 00000000 ____D C:\Users\rexmac\AppData\System
2015-07-07 17:17 - 2015-07-07 17:17 - 00000000 ____D C:\Users\rexmac\AppData\Local\SmartDraw
2015-07-07 17:16 - 2015-07-07 17:16 - 00003654 _____ C:\Windows\System32\Tasks\SDMsgUpdate (Local)
2015-07-07 17:16 - 2015-07-07 17:16 - 00003646 _____ C:\Windows\System32\Tasks\SDMsgUpdate (TE)
2015-07-07 17:16 - 2015-07-07 17:16 - 00000618 _____ C:\Users\Public\Desktop\SmartDraw CI.lnk
2015-07-07 17:16 - 2015-07-07 17:16 - 00000000 ____D C:\SmartDraw CI
2015-07-07 17:16 - 2015-07-07 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2015-07-04 06:05 - 2015-07-04 06:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-07-04 05:54 - 2015-07-04 05:54 - 00000000 ____D C:\Users\rexmac\AppData\Roaming\Momes
2015-07-04 05:53 - 2015-07-04 05:53 - 00001146 _____ C:\Users\Public\Desktop\Ridesync.lnk
2015-07-04 05:53 - 2015-07-04 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RideSync
2015-07-04 05:53 - 2015-07-04 05:53 - 00000000 ____D C:\Program Files (x86)\Silabs
2015-07-04 05:53 - 2015-07-04 05:53 - 00000000 ____D C:\Program Files (x86)\Momes
2015-06-24 21:26 - 2015-06-24 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genymotion
2015-06-14 05:34 - 2015-07-12 05:09 - 00003372 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4286240386-1833348207-4035722467-1000
2015-06-14 05:34 - 2015-07-12 05:09 - 00003240 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4286240386-1833348207-4035722467-1000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 16:14 - 2012-02-09 15:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 16:12 - 2012-06-20 21:02 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-13 16:11 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 16:10 - 2009-07-13 21:51 - 00112726 _____ C:\Windows\setupact.log
2015-07-13 16:09 - 2010-11-20 20:47 - 00888284 _____ C:\Windows\PFRO.log
2015-07-13 16:08 - 2012-02-09 15:11 - 01863380 _____ C:\Windows\WindowsUpdate.log
2015-07-13 15:57 - 2009-07-13 21:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 15:57 - 2009-07-13 21:45 - 00031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 15:21 - 2012-02-17 17:27 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-13 15:18 - 2012-02-09 15:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 14:29 - 2012-02-17 17:27 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-07-13 14:11 - 2012-02-17 17:27 - 00003502 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-07-13 13:43 - 2009-07-13 22:13 - 00993120 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-13 13:40 - 2014-04-13 16:48 - 00007609 _____ C:\Users\rexmac\AppData\Local\Resmon.ResmonCfg
2015-07-12 21:17 - 2012-02-09 15:39 - 00000000 ____D C:\ProgramData\PCDr
2015-07-12 05:09 - 2012-02-18 20:15 - 00000000 _____ C:\Windows\PCSB.ERR
2015-07-11 10:59 - 2012-02-18 13:58 - 00000000 ____D C:\Users\rexmac\Documents\_Running
2015-07-06 08:21 - 2012-02-18 12:02 - 00002386 ____H C:\Users\rexmac\Documents\Default.rdp
2015-07-03 21:44 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-24 21:26 - 2014-04-30 22:36 - 00000000 ____D C:\Users\rexmac\AppData\Local\Genymobile
2015-06-24 21:26 - 2014-04-30 22:33 - 00000992 _____ C:\Users\Public\Desktop\Genymotion.lnk
2015-06-24 21:26 - 2014-04-30 22:33 - 00000987 _____ C:\Users\Public\Desktop\Genymotion Shell.lnk
2015-06-24 21:24 - 2014-04-30 22:35 - 00000000 ____D C:\Users\rexmac\.VirtualBox
2015-06-24 08:21 - 2012-03-30 14:56 - 00000000 ____D C:\Users\rexmac\AppData\Local\CrashDumps
2015-06-21 08:21 - 2012-02-18 20:24 - 00001195 _____ C:\Windows\QUICKEN.INI
2015-06-19 23:05 - 2012-02-17 17:27 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-06-18 08:57 - 2012-02-17 17:27 - 00004242 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-17 20:03 - 2012-02-18 12:13 - 00000000 ____D C:\_Home
2015-06-14 15:27 - 2012-02-18 12:22 - 00000000 ____D C:\Users\rexmac\Documents\Church

==================== Files in the root of some directories =======

2012-09-13 17:26 - 2014-05-28 18:38 - 0007168 _____ () C:\Users\rexmac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-13 16:48 - 2015-07-13 13:40 - 0007609 _____ () C:\Users\rexmac\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\rexmac\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\rexmac\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\rexmac\AppData\Local\Temp\lowproc.exe
C:\Users\rexmac\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\rexmac\AppData\Local\Temp\Quarantine.exe
C:\Users\rexmac\AppData\Local\Temp\restarter2167282480614850470.exe
C:\Users\rexmac\AppData\Local\Temp\restarter6601508086614842249.exe
C:\Users\rexmac\AppData\Local\Temp\sqlite3.dll
C:\Users\rexmac\AppData\Local\Temp\stubhelper.dll
C:\Users\rexmac\AppData\Local\Temp\SymCCIS.dll
C:\Users\rexmac\AppData\Local\Temp\VistaLauncher5689812768469148202.exe
C:\Users\rexmac\AppData\Local\Temp\_is45A7.exe
C:\Users\rexmac\AppData\Local\Temp\{421C15DE-CB6E-4462-8397-30438E0808BB}-chrome_updater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 15:51

==================== End of log ============================

 

Additions Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by rexmac at 2015-07-13 13:47:38
Running from D:\
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4286240386-1833348207-4035722467-500 - Administrator - Disabled)
Guest (S-1-5-21-4286240386-1833348207-4035722467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4286240386-1833348207-4035722467-1013 - Limited - Enabled)
rexmac (S-1-5-21-4286240386-1833348207-4035722467-1000 - Administrator - Enabled) => C:\Users\rexmac

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - Lenovo)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Android Studio (HKLM-x32\...\Android Studio) (Version: 1.0 - Google Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Elevated Installer (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{3ee9d193-ab0b-47f1-a31c-cce4678679ce}) (Version: 4.0.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Genymotion version 2.5.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.0 - Genymobile)
Giant RideSync 1.0 (HKLM-x32\...\SASGiant Analyzing System_is1) (Version: 1.0 - WRPSoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.45 - Lenovo)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.1.0.3 - Lenovo)
Lenovo MuteSync (x32 Version: 1.1.0.3 - Lenovo) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LG Verizon United Driver (HKLM-x32\...\{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}) (Version: 2.18.0 - LG Electronics)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.107 - Symantec Corporation)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office OneNote 2007 (HKLM-x32\...\ONENOTER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{469DC78C-4B1F-48B5-B43E-C034BDFB7CB5}) (Version: 8.05.2302 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Developer) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Books Online (HKLM-x32\...\{40CB3F61-5BF0-4340-BF9E-7E185861FB49}) (Version: 10.0.1075.23 - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{13183147-F211-4948-8D5B-8E893F7DD02F}) (Version: 10.0.1075.23 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{9009BAD8-90CE-4E66-AFC4-E8FDEE7A5605}) (Version: 10.0.1075.23 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{6C6439B7-B882-43C6-B306-4D51B8484837}) (Version: 10.0.1075.23 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Beta ENU (HKLM-x32\...\{2408C7B3-A3C2-4F95-B14F-92FC0EC1229D}) (Version: 3.5.5608.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Beta Management Tools ENU (HKLM-x32\...\{DE1BCE47-F70D-4F8B-9F04-F9E637E45B99}) (Version: 3.5.5608.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{FA8EEB4C-AC81-4A66-9021-8F13C8DF5080}) (Version: 10.0.1075.23 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU (HKLM-x32\...\{C25EF637-BE7A-4761-9B45-9069989C319F}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PC Study Bible 3.1 (HKLM-x32\...\PC Study Bible 3.1) (Version:  - )
Quicken 2002 Deluxe (HKLM-x32\...\Quicken 2002 Deluxe) (Version:  - )
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
SourceGear Vault Professional Client (HKLM-x32\...\{D8653634-E04C-4079-9762-BBC5ECC89984}) (Version: 5.1.2.19283 - SourceGear)
SQLXML4 (HKLM\...\{06DFE58A-6378-4469-89D8-6F1A6D2226DE}) (Version: 10.0.1075.23 - Microsoft Corporation)
Symantec Endpoint Protection (HKLM\...\{5C8BE867-CC84-452B-940C-1C18200277E5}) (Version: 11.0.7101.1056 - Symantec Corporation)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkCentre M90z Camera (HKLM-x32\...\{71A51C15-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 1.03.0013 - Lenovo Group Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-003B-0000-0000-0000000FF1CE}_PRJPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0) (HKLM\...\0280B3B7D69B4EF8682431036906CCB3CDF58AA8) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display  (08/25/2010 8.15.10.2202) (HKLM\...\88E990D6383E318C5979ABF24E51E4BA123379E5) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Intel® Corporation (IntcDAud) MEDIA  (08/30/2010 6.12.00.3071) (HKLM\...\5932278B7BDE800199F141BA54B5BE6937C702EF) (Version: 08/30/2010 6.12.00.3071 - Intel® Corporation)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/09/2010 6.0.1.6086) (HKLM\...\DB79546847C956BE77F1C5CF86CA6F11E168EC2D) (Version: 04/09/2010 6.0.1.6086 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (04/09/2010 6.0.1.6086) (HKLM\...\EE07259DC3821E80F477E67FB8B0F3814AF49B1E) (Version: 04/09/2010 6.0.1.6086 - Realtek Semiconductor Corp.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Vimicro (VMC429) Image  (01/13/2010 347.2001.4001.03) (HKLM\...\D1AA7E6B08A2627E6743C822F2B173CC539EEBEE) (Version: 01/13/2010 347.2001.4001.03 - Vimicro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Ziftr Alerts - formerly FreePriceAlerts.com 3.2.0 (HKLM\...\{DC3381CB-10D4-431D-B9B3-7DB84B00645F}) (Version: 3.2.0 - myVBO LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4286240386-1833348207-4035722467-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\shsetup.dll (ofstop oioniacrCMortr) <==== ATTENTION

==================== Restore Points =========================

17-06-2015 08:45:21 Scheduled Checkpoint
24-06-2015 09:47:03 Scheduled Checkpoint
01-07-2015 10:13:22 Scheduled Checkpoint
08-07-2015 22:07:24 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {034C40AE-61E9-478C-852E-460FC44A50D1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4286240386-1833348207-4035722467-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {077D4388-5D74-4720-B87B-D8D19A984AB4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {0A309EBD-EC3A-4D51-8079-05F1F955CF16} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0D2E48A1-D3C6-4701-AADA-827D1791D5CB} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {1BEEE0B4-946F-450A-AD16-F3E314898DBA} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for rexmac-THINK.rexmac => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: {25605FD5-CA1C-435F-A541-659240AA4B49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {390FE4C3-D438-4DCC-A780-881A8486351E} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-12-16] (Lenovo Group Limited)
Task: {4CBB5AAD-9EA0-4DB0-824D-800B5F1AF6C3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {6CF30243-8BDF-46F3-A71F-92E72C7FD2BA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4286240386-1833348207-4035722467-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {84C6536E-4A04-4728-98F9-A1BAD4AAF65A} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {8D69807F-9B19-433F-BEC4-6B931A512A3A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-05-15] (Lenovo)
Task: {960BDAA0-0872-4309-86E8-F9A471D8ADAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {A02011F5-003E-45FA-94B6-AB4380C68542} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {A1748273-EA5F-4B1E-9B2F-728C4EF93017} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {AA246CCE-F52C-4485-9A41-31C533CA349F} - System32\Tasks\{03BA4D47-D759-4D20-8DCF-AB9A7B501D61} => pcalua.exe -a "C:\Users\rexmac\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZYAXTWV\VirtualBox-4.3.12-93733-Win.exe" -d C:\Users\rexmac\Desktop
Task: {AB84D2EE-471E-4E01-B4B2-72C687D2F81C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {AFD02B05-48B7-4AB9-92BF-3E5A6A337AF6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D1A28C2D-39E5-4507-B019-10B156FEC1A4} - System32\Tasks\FpaUpdaterTask => C:\Program Files (x86)\Ziftr Alerts\FpaUpdaterLauncher.exe [2013-07-11] (MyVBO LLC)
Task: {D868557D-F7D1-4D82-A984-4E191E35C1CC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-04-23] ()
Task: {E0483CEA-EFAC-45FC-8D73-DDC96EEC3B3D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4286240386-1833348207-4035722467-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {E43EE841-460F-4FC8-9D2B-A4D91202D65A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E99A1B8B-E330-4040-B694-25894EA53F3A} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {EB4E9800-88EF-4EAB-9183-505F4A66220F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4286240386-1833348207-4035722467-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F0A97BF5-6127-4AE2-80C7-0D19C260B0E8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-09-21 16:04 - 2009-09-21 16:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-02-09 15:24 - 2010-04-21 23:20 - 00177152 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-02-19 16:09 - 2005-04-21 21:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-18 20:24 - 2001-07-31 21:59 - 00094208 _____ () C:\Program Files (x86)\QUICKENW\qagent.exe
2012-02-09 15:24 - 2008-11-27 01:16 - 00018432 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
2012-02-09 15:25 - 2010-12-14 10:03 - 00029184 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-02-09 15:24 - 2010-06-01 20:37 - 00228352 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
2009-05-27 23:09 - 2009-05-27 23:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2012-02-18 20:24 - 2001-07-31 21:59 - 00102400 _____ () C:\Program Files (x86)\QUICKENW\QCOMUTIL.dll
2012-02-18 20:24 - 2001-07-31 21:59 - 00172032 _____ () C:\Program Files (x86)\QUICKENW\QWAPP.DLL
2012-02-18 20:24 - 2001-07-31 21:59 - 00484864 _____ () C:\Program Files (x86)\QUICKENW\ALRTINT8.DLL
2012-02-19 16:09 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-07-26 00:18 - 2011-07-26 00:18 - 00087352 _____ () C:\Program Files (x86)\Lenovo\System Update\tvsutil.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\...\garmin.com -> hxxps://buy.garmin.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4286240386-1833348207-4035722467-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rexmac\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1C8C7EA-9C68-4A26-8857-65D8B558F543}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61992253-4E1B-42FB-8C56-8FA9D6151EFA}] => (Allow) LPort=2869
FirewallRules: [{965D9EF4-A0CF-4DAC-BE76-CAA8DB0ABE94}] => (Allow) LPort=1900
FirewallRules: [{4C990976-30FC-4DB6-B1C1-07E74389539F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DD5C8EFA-6BD8-41DF-A534-3E30B02E6AA4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D3A47D6B-60B9-4664-BC24-1CE5AA8C57AA}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{698441FD-7995-4235-8F34-F9B2BD5574A1}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{C780C6D4-CC80-4DD3-AE46-4CD349172434}] => (Allow) LPort=54925
FirewallRules: [{853CE7BE-F74E-413D-8785-E66AA4429B66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6252042-C862-4C73-A45B-EFA0A9EC293B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD4DDC67-FC73-4BB2-911E-6739C1D12EC8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6BE0C52-0F5E-44FC-9980-8DF947F043CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49FE6B36-CA57-4AD8-8C85-A3A40D8A3B85}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{39861F17-F946-4398-8D70-BB61757C92E3}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{FEBF71A9-67E9-42D6-A738-D213CB8107EF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{B522D0C5-6898-4547-A986-F0727065304F}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{1FD98A69-EBFF-4113-8100-A02A952EC0A6}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{23D7B9FA-FB7A-4F78-A1CA-0A59133758C3}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [TCP Query User{907D197C-DE07-4B2F-9377-4F01C4689702}C:\program files\java\jdk1.7.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\jre\bin\java.exe
FirewallRules: [UDP Query User{38986050-9680-4860-9CE2-148CE17B90A9}C:\program files\java\jdk1.7.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\jre\bin\java.exe
FirewallRules: [TCP Query User{7275136B-3EE9-416E-93B0-2415CF6F5137}C:\program files (x86)\android\android-studio\bin\studio64.exe] => (Allow) C:\program files (x86)\android\android-studio\bin\studio64.exe
FirewallRules: [UDP Query User{B4A84FD9-E175-4AF4-84DD-A05166B675F8}C:\program files (x86)\android\android-studio\bin\studio64.exe] => (Allow) C:\program files (x86)\android\android-studio\bin\studio64.exe
FirewallRules: [TCP Query User{B3E4A9DA-AB96-455C-8B30-EEAA85E2979F}C:\program files\java\jdk1.7.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [UDP Query User{40446CAA-1885-4A77-A900-92025D9A8F30}C:\program files\java\jdk1.7.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [{0BA20526-4CF7-4778-96A5-D56E329882C2}] => (Block) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [{F5466664-1B70-419C-AB28-FDF228FC6498}] => (Block) C:\program files (x86)\android\android-studio\bin\studio64.exe
FirewallRules: [{47FE30F6-1441-45FE-979B-03675FAF8E62}] => (Block) C:\program files\java\jdk1.7.0_45\bin\java.exe
FirewallRules: [{C7F4DB1C-9B21-4BD3-962E-304C53D9553D}] => (Block) C:\program files (x86)\android\android-studio\bin\studio64.exe
FirewallRules: [{DB9EA2C9-D77C-48AC-9D95-3E850D4F8150}] => (Block) C:\program files\java\jdk1.7.0_45\jre\bin\java.exe
FirewallRules: [{119CF07F-DDF9-480D-9341-CDD050A489A1}] => (Block) C:\program files\java\jdk1.7.0_45\jre\bin\java.exe
FirewallRules: [{FD2B510A-BDDB-4CE9-BFEF-F7465964F628}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F30A4890-59E7-4ED8-BFE5-7C66E57E3A2B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1E428EE8-2004-435C-88FF-5E48B2B168F5}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{ACD4C429-3649-4EE8-8D4E-8906B7606D88}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{FF6B3298-3CDE-4B40-9A79-CAC91B0172D6}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{23B73775-5763-4CC9-9541-776EC09B2A76}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe

==================== Faulty Device Manager Devices =============

Name: Intel® WiFi Link 1000 BGN
Description: Intel® WiFi Link 1000 BGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw5s64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 05:03:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDNotify.exe version 4.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22d8

Start Time: 01d0bd1a335597f5

Termination Time: 30

Application Path: C:\SmartDraw CI\Messages\SDNotify.exe

Report Id: 14253019-2957-11e5-bf91-e89a8fa90635

Error: (07/12/2015 09:55:44 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.

Error: (07/12/2015 09:52:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 164c

Start Time: 01d0bd2773a2638a

Termination Time: 440

Application Path: C:\Windows\system32\rundll32.exe

Report Id: d8894706-291a-11e5-bf91-e89a8fa90635

Error: (07/12/2015 09:42:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program pcdrcui.exe version 6.0.5849.23 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e68

Start Time: 01d0bd1a37325d50

Termination Time: 1381

Application Path: C:\Program Files\PC-Doctor\pcdrcui.exe

Report Id:

Error: (07/12/2015 09:41:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3010

Start Time: 01d0bd25c922ecba

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/12/2015 08:36:32 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (11880) Asapi: (20:36:32:1750)(11880) ASAPI-Global - Fatal -- 266 Getting enumeration info TIMED OUT!

Error: (07/12/2015 08:35:58 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (11880) Asapi: (20:35:58:1880)(11880) enumerator - Error -- 116 pcdrsysinfosoftware: Module timed out after 149669 milliseconds and was terminated

Error: (07/12/2015 08:35:58 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (11880) Asapi: (20:35:58:1880)(11880) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

Error: (07/12/2015 08:35:56 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (11880) Asapi: (20:35:56:9550)(11880) enumerator - Error -- 116 pcdrsysinfovideocapture: Module timed out after 148436 milliseconds and was terminated

Error: (07/12/2015 08:35:56 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (11880) Asapi: (20:35:56:9550)(11880) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.

System errors:
=============
Error: (07/13/2015 01:31:26 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0

Error: (07/13/2015 01:31:26 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/13/2015 01:31:26 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/13/2015 01:31:26 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/13/2015 12:30:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.

Error: (07/13/2015 11:06:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.

Error: (07/13/2015 04:59:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

Error: (07/12/2015 09:19:27 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/12/2015 08:15:45 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0

Error: (07/12/2015 08:15:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.

Microsoft Office:
=========================
Error: (04/22/2015 07:16:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/22/2015 07:16:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 992 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/22/2015 06:59:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (03/14/2015 09:47:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/28/2014 08:37:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2790 seconds with 2280 seconds of active time.  This session ended with a crash.

Error: (11/23/2014 08:21:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55736 seconds with 3600 seconds of active time.  This session ended with a crash.

Error: (09/17/2014 06:39:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 177 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-07-03 21:28:48.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-20 22:13:11.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-17 20:50:02.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-29 19:01:41.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-06 19:18:04.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 21:39:23.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-26 20:33:40.077
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 20:57:44.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 20:50:52.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 20:22:45.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 3766.36 MB
Available physical RAM: 2101.46 MB
Total Virtual: 8269.16 MB
Available Virtual: 5681.09 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.58 GB) (Free:314.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8641D9A5)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 960.7 MB) (Disk ID: 01365F91)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)

==================== End of log ============================

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 14 July 2015 - 03:33 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Ziftr Alerts - formerly FreePriceAlerts.com 3.2.0


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 04 August 2015 - 02:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users