Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
- Ran by User (administrator) on USER-PC on 11-07-2015 20:08:13
- Running from C:\Users\User\Desktop
- Loaded Profiles: User (Available Profiles: User)
- Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
- Internet Explorer Version 11 (Default browser: Chrome)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (AMD) C:\Windows\System32\atiesrxx.exe
- (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
- () C:\Windows\Installer\MSI5D22.tmp
- (AMD) C:\Windows\System32\atieclxx.exe
- (ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
- (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
- (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
- (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
- () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
- (iOSinstaller.com) C:\Program Files (x86)\iOSinstaller\Updater.exe
- (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
- () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
- (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
- (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
- (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
- (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
- (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
- (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
- (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
- (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
- () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
- (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
- () C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- () C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
- Failed to access process -> conhost.exe
- (Microsoft Corporation) C:\Windows\System32\msiexec.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
- (Microsoft Corporation) C:\Windows\System32\cmd.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
- (Microsoft Corporation) C:\Windows\System32\msiexec.exe
- (Microsoft Corporation) C:\Windows\System32\msiexec.exe
- ==================== Registry (Whitelisted) ==================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
- HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
- HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
- HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
- HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [] => [X]
- HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
- HKLM-x32\...\Run: [**0a645ebd<*>] => mshta javascript:SdJ3saJg0="RL9G6pREw7";l3o5=new%20ActiveXObject("WScript.Shell");MLf7fIKW6="yucoXkwmEf";WDO4e8=l3o5.RegRead("HKLM\\software\\Wow6432Node\\3a7e1f91\\9c64e118");j6qc5rpdDc="2xQJoo7";eva (the data entry has 26 more characters). <===== ATTENTION (Value Name with invalid characters)
- HKLM\...\Policies\Explorer\Run: [] =>
- HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
- HKLM\...\Policies\Explorer: [HideSCAHealth] 1
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-15] (Google Inc.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [8473064 2014-03-26] (Visicom Media Inc.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-14] (BitTorrent Inc.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Adrvworks] => C:\Users\User\AppData\Local\Adrvworks\tmp9C07.exe [172032 2015-05-05] (Layananda3)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [YrnsPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Adrvworks\sxbkovrb.dll
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [Etsltion] => regsvr32.exe C:\Users\User\AppData\Local\Etsltion\xqgdodvs.dll <===== ATTENTION
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [**0a645ebd<*>] => mshta javascript:wWYAmV4j7="oLW";Mb6=new%20ActiveXObject("WScript.Shell");ODXPJx1E4N="AWEp";r2pZg=Mb6.RegRead("HKCU\\software\\3a7e1f91\\9c64e118");eo9F5BcQw="BmEt7DIFSF";eval(r2pZg);QagpyC3Jl="Acr2kk (the data entry has 2 more characters). <===== ATTENTION (Value Name with invalid characters)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ProxyGate] => C:\Users\User\AppData\Roaming\ProxyGate\MainService.exe [1143248 2015-04-01] (Gold Click Ltd)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ntoskrnl] => C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] ()
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [MicrosoftUpdate] => C:\Users\User\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe [65024 2015-06-03] (Google Inc.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [ChromeUpdate] => C:\Users\User\AppData\Roaming\ChromeUpdate\GoogleUpdate.exe [65024 2015-06-03] (Google Inc.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [7af1e2] => C:\7af1e26\7af1e26.exe [258560 2015-06-03] ()
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Run: [7af1e26] => C:\Users\User\AppData\Roaming\7af1e26.exe [252928 2015-06-03] ()
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\mscovrb.exe <===== ATTENTION
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [Run] "C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe"
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Policies\Explorer: [HideSCAHealth] 1
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\Command Processor: C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] () <===== ATTENTION!
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [57344 2015-04-27] ()
- Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7af1e26.exe [2015-06-03] ()
- Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntoskrnl.lnk [2015-05-30]
- ShortcutTarget: ntoskrnl.lnk -> C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe ()
- ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
- ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
- ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
- ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2015-05-05] ()
- CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- ProxyServer: [S-1-5-21-2017399490-4096563441-3607321274-1000] => 178.63.68.84:8080
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=55&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&SSPV=
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
- SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
- SearchScopes: HKLM-x32 -> DefaultScope value is missing
- SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=58&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&q={searchTerms}&SSPV=
- SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=C6ED29B6-B2B4-438C-B215-2C602D80A2D0&SearchSource=58&CUI=&UM=6&UP=SPAD73446F-85FD-43C7-8412-9A807DB158B2&q={searchTerms}&SSPV=
- SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
- SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {9D65E64B-AA94-4CBB-80C7-9021F0009B5F} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_app_14_26_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Bzz0B0EtDzzyEyB0DyDtN0D0Tzu0SzytDyCtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0CtAtD0EyE0CyDtG0DtBtAyEtGyCyDyE0EtG0EyD0B0EtGtDyB0FtAzytA0BtA0F0BtCyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0EyD0C0EzyyCtGtAyDyByDtGyE0Ezy0FtGzy0CtAyBtGtB0EyC0DtA0A0FyEyByEyCtD2Q&cr=1738801789&ir=
- SearchScopes: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
- BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
- BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
- BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-20] (Oracle Corporation)
- BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
- BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-20] (Oracle Corporation)
- BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
- BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
- BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
- BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
- BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
- DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
- DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
- Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
- Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
- Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
- Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
- Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
- Tcpip\..\Interfaces\{252041B5-5314-4CE7-BEC7-2B76BE60F4FA}: [DhcpNameServer] 8.8.8.8
- Tcpip\..\Interfaces\{2FB483D0-CFDD-4DD9-A298-4E97FCB7922B}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
- Tcpip\..\Interfaces\{5E813BFC-21DD-4D80-A5A6-0EAC5E98C060}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
- Tcpip\..\Interfaces\{AB1A967D-1F4A-4917-AA03-458FA8475145}: [DhcpNameServer] 172.20.10.1
- Tcpip\..\Interfaces\{CF4E329F-303B-446F-B56A-F37BE6C71C43}: [DhcpNameServer] 8.8.8.8
- StartMenuInternet: IEXPLORE.EXE - iexplore.exe
- FireFox:
- ========
- FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default
- FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-20] (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-20] (Oracle Corporation)
- FF Plugin: @microsoft.com/GENUINE -> disabled No File
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
- FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
- FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
- FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
- FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
- FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-06] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-12-06] (Google Inc.)
- FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-18] (Unity Technologies ApS)
- FF Plugin-x32: @videolan.org/vlc,version=2.1.0-rc2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
- FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
- FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-03-05] (Google)
- FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-03-05] (Google)
- FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @talk.google.com/O3DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2014-03-05] ()
- FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-03-15] (Google Inc.)
- FF Plugin HKU\S-1-5-21-2017399490-4096563441-3607321274-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-03-15] (Google Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
- FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-03-05] (Google)
- FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2014-03-05] ()
- FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-03-05] (Google)
- FF Extension: Play Pickle TextLinks - C:\Users\User\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com [2011-04-27]
- FF Extension: Library Description - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default\Extensions\{FE5A3CED-D9E8-D65E-2399-BF95ABF2DEC6} [2015-05-05]
- FF Extension: Tamper Data - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hy7s5svb.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-02-02]
- FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-02-11]
- FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Chrome:
- =======
- CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Library Description) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-05-05]
- CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
- CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-07]
- CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-16]
- CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
- CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-24]
- CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
- CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
- CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
- ==================== Services (Whitelisted) =================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
- R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
- R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
- R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
- S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-10] (Creative Labs) [File not signed]
- R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
- R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
- R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
- R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
- R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
- S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
- R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
- R2 HyperDeskCustomThemeEnabler; C:\Windows\Installer\MSI5D22.tmp [102400 2013-12-12] () [File not signed]
- R2 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
- S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
- S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
- R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [216576 2008-05-30] (NVIDIA) [File not signed]
- R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
- S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
- R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
- R4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
- S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
- ==================== Drivers (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
- R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24] (Microsoft Corporation) [File not signed]
- S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
- R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
- R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
- R3 NVR0Dev; C:\Windows\nvoclk64.sys [40480 2008-05-30] (NVidia Corp.)
- R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-04] (Razer Inc)
- R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
- R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
- R0 SI3132; C:\Windows\System32\drivers\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc)
- R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc)
- R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc)
- R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
- S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-07-11 20:08 - 2015-07-11 20:16 - 00027977 _____ C:\Users\User\Desktop\FRST.txt
- 2015-07-11 20:07 - 2015-07-11 20:08 - 00000000 ____D C:\FRST
- 2015-07-11 20:07 - 2015-07-11 20:05 - 02130944 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
- 2015-07-11 20:04 - 2015-07-11 20:05 - 02130944 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
- 2015-07-11 19:51 - 2015-07-11 19:51 - 00006730 _____ C:\Windows\system32\PerfStringBackup.TMP
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-07-11 20:17 - 2015-05-30 10:48 - 00003590 _____ C:\Windows\System32\Tasks\ntoskrnl
- 2015-07-11 20:10 - 2015-05-25 18:05 - 00000000 ____D C:\Users\User\Desktop\Pitch Perfect (2012) [1080p]
- 2015-07-11 20:10 - 2015-01-23 19:02 - 00000000 ____D C:\Users\User\Desktop\V
- 2015-07-11 20:10 - 2014-07-17 18:44 - 00000000 ____D C:\Users\User\Desktop\Server files
- 2015-07-11 20:10 - 2013-12-09 23:41 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2015-07-11 20:10 - 2013-12-09 23:41 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2015-07-11 19:58 - 2011-02-20 10:35 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
- 2015-07-11 19:54 - 2014-08-24 18:44 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
- 2015-07-11 19:53 - 2013-09-15 00:18 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
- 2015-07-11 19:53 - 2013-09-05 17:36 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
- 2015-07-11 19:51 - 2015-03-25 22:28 - 00000000 ____D C:\Users\User\Desktop\Cracker
- 2015-07-11 19:51 - 2014-01-18 20:15 - 00000000 ___RD C:\Users\User\Desktop\Bukkit Server
- 2015-07-11 19:48 - 2015-06-03 13:04 - 00000352 ____H C:\ProgramData\@system3.att
- 2015-07-11 19:48 - 2015-06-03 13:03 - 00000616 ____H C:\ProgramData\@system.temp
- 2015-07-11 19:44 - 2011-05-19 00:05 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2015-07-11 19:44 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2015-07-11 19:44 - 2009-07-14 00:51 - 31883105 _____ C:\Windows\setupact.log
- 2015-07-10 12:47 - 2009-07-14 01:13 - 00877714 _____ C:\Windows\system32\PerfStringBackup.INI
- 2015-07-10 12:36 - 2014-03-15 22:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA.job
- 2015-07-10 12:33 - 2013-09-02 13:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2015-07-10 12:27 - 2011-05-19 00:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-07-10 03:15 - 2015-04-14 15:39 - 00000000 ____D C:\Users\User\Desktop\The.Wedding.Ringer.2015.1080p.BluRay.x264.anoXmous
- 2015-07-10 03:00 - 2013-12-09 23:43 - 01446340 _____ C:\Windows\WindowsUpdate.log
- 2015-07-10 02:52 - 2014-11-25 19:36 - 00000000 ____D C:\Users\User\Desktop\DF1.0
- 2015-07-10 02:52 - 2014-06-04 17:03 - 00000000 ____D C:\Users\User\Desktop\df
- 2015-07-10 02:51 - 2015-02-28 13:58 - 00000000 ____D C:\Users\User\Desktop\2015 iPhone
- 2015-07-10 02:37 - 2013-09-02 13:07 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
- 2015-07-10 02:36 - 2013-09-02 13:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2015-07-10 02:36 - 2013-09-02 13:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- ==================== Files in the root of some directories =======
- 2015-06-03 13:05 - 2015-06-03 13:05 - 0252928 _____ () C:\Users\User\AppData\Roaming\7af1e26.exe
- 2014-01-31 17:03 - 2014-02-01 01:54 - 0000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CC Prefs
- 2014-02-09 03:33 - 2014-02-09 03:33 - 0000052 _____ () C:\Users\User\AppData\Roaming\Camdata.ini
- 2014-02-09 03:33 - 2014-02-09 03:33 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamLayout.ini
- 2014-02-09 03:33 - 2014-02-09 03:33 - 0000408 _____ () C:\Users\User\AppData\Roaming\CamShapes.ini
- 2014-02-09 03:28 - 2014-02-09 03:33 - 0004534 _____ () C:\Users\User\AppData\Roaming\CamStudio.cfg
- 2015-06-03 17:17 - 2015-06-03 17:17 - 0008690 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.HTML
- 2015-06-03 17:17 - 2015-06-03 17:17 - 0045682 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.PNG
- 2015-06-03 17:17 - 2015-06-03 17:17 - 0004288 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.TXT
- 2015-06-03 17:17 - 2015-06-03 17:17 - 0000304 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.URL
- 2014-11-13 20:45 - 2014-11-13 20:45 - 0000036 _____ () C:\Users\User\AppData\Roaming\mbam.context.scan
- 2013-12-12 16:38 - 2013-12-12 16:38 - 0000089 _____ () C:\Users\User\AppData\Roaming\omnicoin.conf
- 2013-12-12 16:39 - 2014-03-11 16:20 - 0029184 ___SH () C:\Users\User\AppData\Roaming\Thumbs.db
- 2011-05-19 01:32 - 2011-05-19 01:32 - 0024226 _____ () C:\Users\User\AppData\Roaming\UserTile.png
- 2014-02-09 03:24 - 2014-02-09 03:24 - 0000096 _____ () C:\Users\User\AppData\Roaming\version2.xml
- 2014-06-24 23:41 - 2014-11-17 01:41 - 0000129 _____ () C:\Users\User\AppData\Roaming\WB.CFG
- 2015-06-03 13:03 - 2015-06-03 13:03 - 0000480 ____H () C:\Users\User\AppData\Roaming\麽鎒駓覜
- 2014-04-28 23:19 - 2014-04-28 23:19 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
- 2015-06-03 14:19 - 2015-06-03 14:19 - 0008690 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.HTML
- 2015-06-03 14:19 - 2015-06-03 14:19 - 0045682 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.PNG
- 2015-06-03 14:19 - 2015-06-03 14:19 - 0004288 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.TXT
- 2015-06-03 14:19 - 2015-06-03 14:19 - 0000304 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.URL
- 2013-12-19 16:53 - 2013-12-19 16:53 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
- 2015-06-03 13:03 - 2015-07-11 19:48 - 0000616 ____H () C:\ProgramData\@system.temp
- 2015-06-03 13:04 - 2015-07-11 19:48 - 0000352 ____H () C:\ProgramData\@system3.att
- 2015-06-03 13:37 - 2015-06-03 13:37 - 0008690 _____ () C:\ProgramData\HELP_DECRYPT.HTML
- 2015-06-03 13:37 - 2015-06-03 13:37 - 0045682 _____ () C:\ProgramData\HELP_DECRYPT.PNG
- 2015-06-03 13:37 - 2015-06-03 13:37 - 0004288 _____ () C:\ProgramData\HELP_DECRYPT.TXT
- 2015-06-03 13:37 - 2015-06-03 13:37 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
- 2010-11-20 23:24 - 2010-11-20 23:24 - 0072192 ___SH () C:\ProgramData\mscovrb.exe
- 2013-12-24 15:16 - 2013-12-24 15:16 - 0004967 _____ () C:\ProgramData\uxxadbmu.rlu
- Files to move or delete:
- ====================
- C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- C:\ProgramData\mscovrb.exe
- ==================== Bamital & volsnap Check =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\System32\winlogon.exe => File is digitally signed
- C:\Windows\System32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\System32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\System32\services.exe => File is digitally signed
- C:\Windows\System32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\System32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\System32\rpcss.dll => File is digitally signed
- C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-05-22 20:07
- ==================== End of log ============================
- Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
- Ran by User at 2015-07-11 20:20:53
- Running from C:\Users\User\Desktop
- Boot Mode: Normal
- ==========================================================
- ==================== Accounts: =============================
- Administrator (S-1-5-21-2017399490-4096563441-3607321274-500 - Administrator - Disabled)
- Guest (S-1-5-21-2017399490-4096563441-3607321274-501 - Limited - Disabled)
- HomeGroupUser$ (S-1-5-21-2017399490-4096563441-3607321274-1010 - Limited - Enabled)
- User (S-1-5-21-2017399490-4096563441-3607321274-1000 - Administrator - Enabled) => C:\Users\User
- ==================== Security Center ========================
- (If an entry is included in the fixlist, it will be removed.)
- AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- ==================== Installed Programs ======================
- (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
- µTorrent (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
- Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
- Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
- Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
- Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
- Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.2 - Adobe Systems Incorporated)
- Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
- Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
- AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
- Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
- Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
- Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
- Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
- ArcSoft ShowBiz (HKLM-x32\...\InstallShield_{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version: 5.0.1.480 - ArcSoft)
- ArcSoft ShowBiz (x32 Version: - ArcSoft) Hidden
- Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
- Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
- Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
- BlueStacks Packages (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\BlueStacks Packages) (Version: - ) <==== ATTENTION
- Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
- Camtasia Studio 8 (HKLM-x32\...\{A7727F03-5311-4A12-9A63-2ACD20BA0497}) (Version: 8.2.1.1423 - TechSmith Corporation)
- CINEMA 4D Demo 15.057 (HKLM\...\MAXONE03ECA7E) (Version: 15.057 - MAXON Computer GmbH) <==== ATTENTION
- Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
- Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
- Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
- D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
- eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
- FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
- Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
- Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
- Google Talk Plugin (HKLM-x32\...\{F8B67DF7-B543-3DE0-BCEF-F844F891FD48}) (Version: 5.1.7.17873 - Google)
- Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
- Gyazo 1.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc. & Toshiyuki Masui)
- Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
- Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
- iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
- iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
- Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
- join.me (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\JoinMe) (Version: 1.18.0.131 - LogMeIn, Inc.)
- Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
- ManyCam 4.0.77 (HKLM-x32\...\ManyCam) (Version: 4.0.77 - Visicom Media Inc.)
- Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
- Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
- Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
- Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
- Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
- Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
- Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
- Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
- Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
- Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
- Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
- Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
- Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
- Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
- Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
- Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
- Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
- Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
- Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
- Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
- Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
- Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
- Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
- Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
- Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
- Movavi Video Editor (HKLM-x32\...\Movavi Video Editor 9) (Version: 9.5.1 - Movavi)
- Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
- Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
- MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
- MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
- MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
- Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
- Nero 7 Essentials (HKLM-x32\...\{DB0BA61A-8295-4211-85F7-184FC2591033}) (Version: 7.03.1189 - Nero AG)
- Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
- NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
- NVIDIA System Monitor (HKLM-x32\...\InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}) (Version: 1.00.0000 - NVIDIA Corporation)
- Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
- Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
- Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
- PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
- ProxyGate version 2.1.0.1120 (HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\...\{F7AE15D1-9F31-4DBB-88F6-3853CEF6B998}_is1) (Version: 2.1.0.1120 - Gold Click Ltd)
- PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
- Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
- RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)
- Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
- Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
- Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
- Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
- Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
- Share YouTube Videos version 1 (HKLM-x32\...\{55DAC5D1-B178-42B2-86A3-94A3E0B4F3DD}_is1) (Version: 1 - )
- Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
- Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
- Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
- Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
- Sql Server Customer Experience Improvement Program (x32 Version: 10.0.1600.22 - Microsoft Corporation) Hidden
- Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
- Strongvault Online Backup (HKLM-x32\...\{4DC876FD-105A-431A-87B2-C1BE7C1CDD51}) (Version: 2.5.0.5 - Strongvault Online Storage LLC) <==== ATTENTION
- swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
- System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
- TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
- TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
- Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
- Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Team)
- Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.5b4_50 - Unity Technologies ApS)
- Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
- WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
- Windows Driver Package - Logitech HIDClass (10/30/2006 1.0) (HKLM\...\1C48352AD9D5F5F133C632DD9CCEE4BDC193D78F) (Version: 10/30/2006 1.0 - Logitech)
- Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
- WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
- ==================== Custom CLSID (Whitelisted): ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File path
- CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File path
- CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File path
- CustomCLSID: HKU\S-1-5-21-2017399490-4096563441-3607321274-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\cmcfg32.dll (Microsoft Corporation) <==== ATTENTION
- ==================== Restore Points =========================
- 26-02-2015 04:00:26 Windows Update
- 03-03-2015 05:34:09 Windows Update
- 08-03-2015 16:07:09 Windows Update
- 11-03-2015 03:00:55 Windows Update
- 17-03-2015 05:53:06 Windows Update
- 22-03-2015 19:25:11 Installed Mumble 1.2.8
- 24-03-2015 03:31:46 Windows Update
- 25-03-2015 03:00:12 Windows Update
- 31-03-2015 11:47:20 Windows Update
- 08-04-2015 00:00:00 Scheduled Checkpoint
- 11-04-2015 14:40:43 Windows Update
- 12-04-2015 03:00:11 Windows Update
- 12-04-2015 21:08:49 Removed LogMeIn Hamachi
- 15-04-2015 03:00:29 Windows Update
- 16-04-2015 03:00:28 Windows Update
- 21-04-2015 05:23:54 Windows Update
- 28-04-2015 05:24:28 Windows Update
- 05-05-2015 05:23:58 Windows Update
- 14-05-2015 06:53:00 Windows Update
- 15-05-2015 03:01:12 Windows Update
- 28-05-2015 03:22:05 Windows Modules Installer
- 11-07-2015 20:04:19 Removed Creative Software AutoUpdate
- ==================== Hosts content: ===============================
- (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
- 2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
- 127.0.0.1 localhost
- ::1 localhost
- ==================== Scheduled Tasks (Whitelisted) =============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- Task: {0ACC1975-C8DF-4511-ABD9-C9BF6D43816E} - System32\Tasks\{E7E85835-530B-46B5-BEB2-82159A3906D5} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
- Task: {14697598-1E69-4576-AB00-65E6570ABDF8} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\User\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
- Task: {1F899FAD-1EA6-40B5-873F-BDDA321509C0} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - User => C:\Program Files\Windows Calendar\WinCal.exe
- Task: {23846208-F461-4025-A346-729A1DC5FFAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
- Task: {2B20B974-3C7E-443A-A38D-ED64618666C0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
- Task: {2D271802-63F1-47C0-8705-2C62444C2255} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
- Task: {368EEEE1-A1BD-4D3A-8FA4-8891344FFA3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
- Task: {3D6C81F7-B10D-4648-BBE2-6A0F854CFA4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
- Task: {57E66F82-D593-45A5-8A05-C6EDA769239B} - System32\Tasks\ntoskrnl => C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe [2015-04-27] () <==== ATTENTION
- Task: {5C1BB5A7-832E-41B6-894A-37F4603B8078} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-10] (Adobe Systems Incorporated)
- Task: {712C6861-2B14-4E72-92BA-22B6921FE2B7} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
- Task: {7B235521-F577-4B09-87AA-434C28E32FA1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-19] (Google Inc.)
- Task: {7FB8F589-333A-4B33-8E49-61D9CDFDB0D8} - System32\Tasks\{88375CD5-7ECB-496E-BCBC-BDCDB957B74C} => Chrome.exe http://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsMain
- Task: {A3E934EB-B5E1-45A2-BDCE-BFA73C84291D} - System32\Tasks\{5471C7FB-2F5A-4B7A-8BF6-DFCB79E066CD} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5887D64D-2663-43FB-B4BD-7464C56AB425}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
- Task: {ABA76C06-C89D-4CFF-A1BD-262DB20EE902} - System32\Tasks\{0F643B0A-CA26-4BB2-BA29-2B54A3FA88A0} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
- Task: {D4A3B5F6-F62A-453D-AF09-8862DADBDB19} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
- Task: {E217E6AE-46D8-47CB-989A-F281C766CE18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc.)
- Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
- Task: {EEFF4A88-A750-4FF5-B602-737950CDB215} - System32\Tasks\{B51CE80F-F44C-45C4-81E2-DBBCDDA06B97} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2015-01-23] (Skype Technologies S.A.)
- Task: {FB29903F-D725-41DD-B4F7-A0D978B2C6C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
- Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
- Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
- Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2017399490-4096563441-3607321274-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
- ==================== Loaded Modules (Whitelisted) ==============
- 2013-12-12 21:19 - 2013-12-12 21:19 - 00102400 _____ () C:\Windows\Installer\MSI5D22.tmp
- 2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
- 2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
- 2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
- 2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
- 2015-05-05 22:29 - 2015-05-05 22:29 - 02466304 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
- 2015-05-05 22:29 - 2015-05-05 22:29 - 02109440 _____ () C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
- 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
- 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
- 2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
- 2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
- 2014-05-16 18:34 - 2014-05-16 18:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
- 2014-12-09 18:22 - 2014-12-09 18:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
- 2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
- 2015-05-14 17:08 - 2015-04-27 15:23 - 00057344 ____R () C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- 2014-05-16 20:11 - 2014-05-16 20:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
- 2014-05-16 20:37 - 2014-05-16 20:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
- 2015-05-05 22:30 - 2015-05-05 22:30 - 00930304 _____ () C:\Users\User\AppData\Local\Adrvworks\sxbkovrb.dll
- 2015-05-05 22:31 - 2015-05-05 22:31 - 00908800 _____ () C:\Users\User\AppData\Local\Etsltion\xqgdodvs.dll
- 2013-08-07 15:25 - 2013-08-07 15:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
- 2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
- 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
- 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
- 2013-12-05 05:23 - 2013-12-03 22:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
- 2013-12-05 05:23 - 2013-12-03 22:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
- 2013-12-05 05:23 - 2013-12-03 22:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
- 2013-12-05 05:23 - 2013-12-03 22:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
- 2013-12-05 05:23 - 2013-12-03 22:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
- ==================== Alternate Data Streams (Whitelisted) =========
- (If an entry is included in the fixlist, only the ADS will be removed.)
- ==================== Safe Mode (Whitelisted) ===================
- (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
- ==================== EXE Association (Whitelisted) ===============
- (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
- ==================== Internet Explorer trusted/restricted ===============
- (If an entry is included in the fixlist, it will be removed from the registry.)
- ==================== Other Areas ============================
- (Currently there is no automatic fix for this section.)
- HKU\S-1-5-21-2017399490-4096563441-3607321274-1000\Control Panel\Desktop\\Wallpaper -> %WINDIR%\Web\Wallpaper\Windows\img0.jpg
- DNS Servers: 75.75.75.75 - 75.75.76.76
- ==================== MSCONFIG/TASK MANAGER disabled items ==
- (Currently there is no automatic fix for this section.)
- ==================== FirewallRules (Whitelisted) ===============
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- FirewallRules: [{563AA22A-F222-4E82-8BD0-398E970E6E24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
- FirewallRules: [{E9994212-5173-4CFE-849E-8F2A9DA74A1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
- FirewallRules: [{062D0B04-C58F-4CEF-94D2-3C82619E9F52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
- FirewallRules: [{1696B5F4-A5DE-4023-B95F-45DB7BF2D6D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
- FirewallRules: [UDP Query User{296A1118-4C40-4018-9625-5B7279B04E73}C:\users\user\desktop\multiforce\multiforce.exe] => (Allow) C:\users\user\desktop\multiforce\multiforce.exe
- FirewallRules: [TCP Query User{FD369D65-451F-4FB7-A4C1-536CB3017556}C:\users\user\desktop\multiforce\multiforce.exe] => (Allow) C:\users\user\desktop\multiforce\multiforce.exe
- FirewallRules: [{611C7231-8063-43E9-BC1E-12846E91C9B3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
- FirewallRules: [{1371329D-7DD8-4001-8C14-29D98BAB1436}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
- FirewallRules: [{762DEA37-827F-484C-B5A3-7F4E94D3A6B2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
- FirewallRules: [{123604CF-0815-4D65-A654-6EB5E93FFF98}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
- FirewallRules: [{7087E43E-96FD-40EF-A106-EA8B5731375A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
- FirewallRules: [{0D73A65C-EB05-428C-BC0E-F1AF46DFDF02}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2293\Agent.exe
- FirewallRules: [{6B6DE39E-9A9B-406E-8067-1404165634AE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
- FirewallRules: [{82768F3F-F155-45A8-ACB1-28D6D382A2D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe
- FirewallRules: [{7909ABD4-CABC-4324-B17E-6F8B78A8F506}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
- FirewallRules: [{951F1DFA-1D00-4D65-A872-A378AF31A37D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe
- FirewallRules: [{477C131F-27DD-47C1-9F08-E1004943DC62}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
- FirewallRules: [{7FAA5420-DCB2-49F8-91A3-FF333ED88526}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
- FirewallRules: [{4ABA20E2-F362-4A4E-93D8-19AC7026B0B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
- FirewallRules: [{9CC41FEB-F36E-42ED-985F-8B92D8512CD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
- FirewallRules: [{0A895A29-DC18-4B9D-8EFB-2DCB1D16B3C3}] => (Allow) LPort=1900
- FirewallRules: [{3BBF3E63-91E0-41D7-AAAE-CBE6BE37FEAA}] => (Allow) LPort=2869
- FirewallRules: [{2FF68D34-A3B0-4060-A675-4CC499BD63F9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
- FirewallRules: [{0AAEF7D6-7F01-4E81-A915-A9B14DC1FB84}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
- FirewallRules: [{955DEFDE-2743-48DF-B88E-E1070FEBF741}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
- FirewallRules: [{A86524B1-FA38-42A0-B4AA-70B9AFAB459B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
- FirewallRules: [{C652AFFA-4CB9-4813-8000-36DF90849F99}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
- FirewallRules: [{C6232ADD-0B9A-4712-AD1C-4B44D7B70238}] => (Allow) LPort=8317
- FirewallRules: [TCP Query User{88B129A9-1526-4475-9CCA-385006FA3CA9}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
- FirewallRules: [UDP Query User{5B811586-6458-4579-B683-AC0F27CF6C73}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
- FirewallRules: [{F9005590-036A-470C-B022-7E1DD9455324}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
- FirewallRules: [{B341A104-BC1D-46F2-B77A-ACBB48252A5A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
- FirewallRules: [TCP Query User{5065ECB7-B3FE-444E-A266-D31EB482616B}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
- FirewallRules: [UDP Query User{858096C4-14BB-4EEB-8A9D-A73488DC0719}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
- FirewallRules: [TCP Query User{7BD03C9A-7ED1-49DB-8DE1-A2E2B5E87768}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
- FirewallRules: [UDP Query User{F9B40607-F29E-4957-B5DC-370B4ADB09CE}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
- FirewallRules: [TCP Query User{726C200A-A77E-43B7-8553-D072E5F949ED}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
- FirewallRules: [UDP Query User{A5396E97-415F-4EB7-8447-D3383C427F21}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
- FirewallRules: [{5E56E378-99EA-43F6-8011-31CD07DF3997}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
- FirewallRules: [{0BB6999C-7BD3-464D-A680-119CD1EEEC28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
- FirewallRules: [{A41A7A3E-9CE8-4C8B-ABBF-2B7838BBEF90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
- FirewallRules: [{81E9DEAC-6CDB-4801-A88E-013E1499D602}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
- FirewallRules: [{8EA69E71-7132-4B9A-B169-5F9CC16C3581}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
- FirewallRules: [{DA52D08F-869A-4316-89B3-886B6D2BA12F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
- FirewallRules: [TCP Query User{4ACD9301-BD15-4C6A-B0BE-89A65F12785B}C:\users\user\downloads\multiforce (1).exe] => (Allow) C:\users\user\downloads\multiforce (1).exe
- FirewallRules: [UDP Query User{0128BE4F-9475-402E-9AF7-0A251E51597F}C:\users\user\downloads\multiforce (1).exe] => (Allow) C:\users\user\downloads\multiforce (1).exe
- FirewallRules: [TCP Query User{8B3B4773-874B-41D1-BAFF-08E89181CC9F}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
- FirewallRules: [UDP Query User{E87B9432-6DE9-4D20-B65F-AD70FCE127AF}C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\user\appdata\local\popcorn time\node-webkit\popcorn time.exe
- FirewallRules: [{16E70619-1B96-4FC9-96B8-1BCA94481AF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
- FirewallRules: [{B8EC8564-8619-4980-8559-FB476ABB228F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
- FirewallRules: [{3CD121A7-B981-46B2-A3C2-82B0ED17EE33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- FirewallRules: [{1C34CE01-BAA5-4B62-9B2F-7BFFC7A2C581}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- FirewallRules: [{D4DA4474-B9A3-461F-82FC-FB31B2620F6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
- FirewallRules: [{45373446-D3B9-45C6-AFD8-65958FF42176}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
- FirewallRules: [{6A4D28B7-9088-42C1-8B62-6334F30E79D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
- FirewallRules: [{471B6319-A666-40EB-85E7-B4CD87168A8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
- FirewallRules: [{B0EC954C-069E-4044-8BCF-FE129E412A07}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
- FirewallRules: [{3DC2A9C3-4DEF-4239-B0C3-6B3EC8935B87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{5E2861F7-E350-4618-B7CF-A8AB3A0127FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- FirewallRules: [{6810900B-A5C1-4ED7-A52F-A99BE3C6C046}] => (Allow) C:\Program Files\iTunes\iTunes.exe
- FirewallRules: [{D6396D17-8EBB-4C04-A327-2D4E2FFD2298}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
- FirewallRules: [{C2752854-9D61-4306-96D1-3FB31FDCFEBE}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
- FirewallRules: [{99DF4BB1-DBAF-42A5-BCFB-4CE61F5A89D2}] => (Allow) C:\Windows\explorer.exe
- FirewallRules: [{9475BD75-B033-494A-B844-0134B057C2A9}] => (Allow) C:\Windows\system32\rundll32.exe
- FirewallRules: [{39FE2F75-9408-4E78-9E40-36171D2E70A6}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- FirewallRules: [{AB7BE6D2-C95A-4E31-99C2-AA1E6B4434B3}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- FirewallRules: [{CCD1922C-B048-48CD-9040-D0018127B39B}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- FirewallRules: [{984DDEBE-5148-4C32-9CAD-4AD1FD7B1060}] => (Allow) C:\Users\User\AppData\Roaming\Microsoft\Windows\IEUpdate\ntoskrnl.exe
- ==================== Faulty Device Manager Devices =============
- ==================== Event log errors: =========================
- Application errors:
- ==================
- Error: (07/11/2015 08:01:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
- Description: Subscription licensing service failed: -1073418231
- Error: (07/11/2015 07:51:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
- Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 11806. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
- Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
- Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
- Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
- Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 11806. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
- Error: (07/11/2015 07:48:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
- Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
- ]
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
- ]
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
- ]
- Error: (07/11/2015 07:44:56 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
- Description: An error occurred during recovery, preventing the database 'master' (database ID 1) from restarting. Diagnose the recovery errors and fix them, or restore from a known good backup. If errors are not corrected or expected, contact Technical Support.
- Error: (07/10/2015 12:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
- Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
- Process ID: 3d00
- Start Time: 01d0bb2f96ea4aa3
- Termination Time: 1
- Application Path: C:\Windows\system32\NOTEPAD.EXE
- Report Id: fb46b891-2722-11e5-8e24-001c26dd0d2e
- System errors:
- =============
- Error: (07/11/2015 07:48:18 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
- Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)
- Error: (07/11/2015 07:48:18 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
- Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)
- Error: (07/11/2015 07:48:17 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
- Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)
- Error: (07/11/2015 07:45:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
- Description: The Search Protect Service service failed to start due to the following error:
- %%2
- Error: (07/11/2015 07:44:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
- Description: The SQL Server (SQLEXPRESS) service terminated with service-specific error %%3417.
- Error: (07/11/2015 07:43:48 PM) (Source: EventLog) (EventID: 6008) (User: )
- Description: The previous system shutdown at 12:47:43 PM on 7/10/2015 was unexpected.
- Error: (07/10/2015 12:44:43 PM) (Source: Disk) (EventID: 11) (User: )
- Description: The driver detected a controller error on \Device\Harddisk6\DR6.
- Error: (07/10/2015 12:33:05 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
- Description: The Windows Update service hung on starting.
- Error: (07/10/2015 12:27:51 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
- Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)
- Error: (07/10/2015 12:27:50 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
- Description: application-specificLocalActivation{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}{56BE716B-2F76-4DFA-8702-67AE10044F0B}User-PCUserS-1-5-21-2017399490-4096563441-3607321274-1000LocalHost (Using LRPC)
- Microsoft Office:
- =========================
- Error: (07/11/2015 08:01:33 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
- Description: Subscription licensing service failed: -1073418231
- Error: (07/11/2015 07:51:59 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
- Description: 11806161E2E00001C2E00001D2E0000B8010000
- Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
- Description: WmiApRplWmiApRpl8F20300004D070000
- Error: (07/11/2015 07:51:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
- Description: 11806161E2E00001C2E00001D2E000068010000
- Error: (07/11/2015 07:48:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
- Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
- Error: (07/11/2015 07:48:18 PM) (Source: VSS) (EventID: 13) (User: )
- Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.
- Error: (07/11/2015 07:44:56 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 3414) (User: )
- Description: master1
- Error: (07/10/2015 12:45:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
- Description: NOTEPAD.EXE6.1.7600.163853d0001d0bb2f96ea4aa31C:\Windows\system32\NOTEPAD.EXEfb46b891-2722-11e5-8e24-001c26dd0d2e
- CodeIntegrity Errors:
- ===================================
- Date: 2013-11-07 18:55:46.144
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:46.052
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.937
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.823
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.722
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.631
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.506
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.415
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.310
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
- Date: 2013-11-07 18:55:45.214
- Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.
- ==================== Memory info ===========================
- Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
- Percentage of memory in use: 72%
- Total physical RAM: 6134.99 MB
- Available physical RAM: 1670.61 MB
- Total Virtual: 12268.18 MB
- Available Virtual: 6785.34 MB
- ==================== Drives ================================
- Drive c: () (Fixed) (Total:465.76 GB) (Free:39.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
- Drive d: (NEW_VOLUME) (CDROM) (Total:3.01 GB) (Free:0 GB) UDF
- Drive i: (DATAPART1) (Fixed) (Total:465.76 GB) (Free:389 GB) NTFS
- ==================== MBR & Partition Table ==================
- ========================================================
- Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1C34E0A3)
- Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
- ========================================================
- Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 295E10B3)
- Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
- ==================== End of log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement