Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2014 Ran by user at 2014-11-03 14:43:51 Running from C:\Users\user\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM\...\{AF82C1A9-56DC-4CCD-A36C-CAE56D541DFA}) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) ALTools Update (HKLM\...\ALUpdate_is1) (Version: v11.4 - ESTsoft Corp.) ALZip 8.51 (HKLM\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.) Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Maxis Broadband (HKLM\...\Maxis Broadband) (Version: 11.302.06.15.99 - Huawei Technologies Co.,Ltd) MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 34.0 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla) MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Sandboxie 4.14 (32-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC) Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version: - ) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Virtual Router Plus (HKLM\...\{0AEE4D51-3657-4F40-A689-533429CAEE0C}) (Version: 2.5.0 - Runxia Electronics) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-11-2014 06:08:41 Windows Update 03-11-2014 06:11:32 Revo Uninstaller's restore point - Microsoft Security Essentials ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2014-10-25 14:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {101DAC7F-B15E-4DAC-809E-ECCA6FB80948} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-29] (Adobe Systems Incorporated) Task: {20796A88-B146-468E-B7D4-001C6ED904F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {2B2C1E7C-36BF-4467-8EE2-07C555E1C03A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) Task: {355811C0-3ED1-4613-868D-E8584DEF8735} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.) Task: {3FE164C9-75EB-424E-9B76-DCB12C65CF1F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {6C2E9FA5-67BD-44DE-94A1-4990EF7FCBD3} - System32\Tasks\PandaUSBVaccine => C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-05-08 19:48 - 2010-05-08 19:48 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe 2014-10-29 14:45 - 2014-10-22 12:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-29 14:45 - 2014-10-22 12:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-29 14:45 - 2014-10-22 12:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-29 14:45 - 2014-10-22 12:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1333017357-1172204181-1478209277-500 - Administrator - Disabled) Guest (S-1-5-21-1333017357-1172204181-1478209277-501 - Limited - Disabled) user (S-1-5-21-1333017357-1172204181-1478209277-1000 - Administrator - Enabled) => C:\Users\user ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/02/2014 08:14:47 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (2100) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed. Error: (10/31/2014 00:12:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program VirtualRouterPlus.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ccc Start Time: 01cff4bec46dc3b0 Termination Time: 63 Application Path: C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe Report Id: 125fd964-60b4-11e4-a1d5-001f16bbfabd Error: (10/29/2014 11:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program VirtualRouterPlus.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a48 Start Time: 01cff3864e4257b8 Termination Time: 47 Application Path: C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe Report Id: fe98248a-5f82-11e4-af30-001f16bbfabd Error: (10/29/2014 05:40:46 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2a893ce2-4d65-4118-8548-cbe0a6da04e6} Error: (10/29/2014 05:39:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp: 0x52a1d50f Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf Exception code: 0xc0000005 Fault offset: 0x00052a01 Faulting process id: 0xe54 Faulting application start time: 0xPSIA.exe0 Faulting application path: PSIA.exe1 Faulting module path: PSIA.exe2 Report Id: PSIA.exe3 Error: (10/29/2014 05:19:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PSIA.exe, version: 3.0.0.9016, time stamp: 0x52a1d50f Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf Exception code: 0xc0000005 Fault offset: 0x00052a01 Faulting process id: 0xea8 Faulting application start time: 0xPSIA.exe0 Faulting application path: PSIA.exe1 Faulting module path: PSIA.exe2 Report Id: PSIA.exe3 Error: (10/29/2014 05:10:48 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9b6e76ac-3095-4a25-afc2-973cb7c1b58a} Error: (10/29/2014 04:31:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program VirtualRouterPlus.exe version 2.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bb4 Start Time: 01cff35281334b11 Termination Time: 57 Application Path: C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe Report Id: ed29d53c-5f45-11e4-af6a-001f16bbfabd Error: (10/27/2014 06:08:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3eb34f8a-4f8c-475d-bbf8-51bc49b2289f} Error: (10/27/2014 05:35:45 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {4c659cd0-33b3-44e1-9911-5c0caed09643} System errors: ============= Error: (11/03/2014 02:34:54 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR6. Error: (11/03/2014 02:34:54 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR6. Error: (11/03/2014 02:34:53 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR6. Error: (11/03/2014 02:34:53 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR6. Error: (11/03/2014 02:34:52 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR6. Error: (11/03/2014 02:04:44 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "USER-PC :0" could not be registered on the interface with IP address 10.0.142.88. The computer with the IP address 10.0.142.79 did not allow the name to be claimed by this computer. Error: (11/03/2014 03:11:18 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/02/2014 09:15:14 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "USER-PC :0" could not be registered on the interface with IP address 10.0.142.88. The computer with the IP address 10.0.142.91 did not allow the name to be claimed by this computer. Error: (11/02/2014 09:15:14 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "USER-PC :20" could not be registered on the interface with IP address 10.0.142.88. The computer with the IP address 10.0.142.91 did not allow the name to be claimed by this computer. Error: (11/02/2014 09:15:14 PM) (Source: Server) (EventID: 2505) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{ADFDFB3F-011A-4C53-A2FC-EBC014296632} because another computer on the network has the same name. The server could not start. Microsoft Office Sessions: ========================= Error: (11/02/2014 08:14:47 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail2100WindowsMail0: Error: (10/31/2014 00:12:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: VirtualRouterPlus.exe2.5.0.0ccc01cff4bec46dc3b063C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exe125fd964-60b4-11e4-a1d5-001f16bbfabd Error: (10/29/2014 11:48:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: VirtualRouterPlus.exe2.5.0.0a4801cff3864e4257b847C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exefe98248a-5f82-11e4-af30-001f16bbfabd Error: (10/29/2014 05:40:46 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2a893ce2-4d65-4118-8548-cbe0a6da04e6} Error: (10/29/2014 05:39:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.1.7600.169154ec49cafc000000500052a01e5401cff35bb9b2bdb4C:\Program Files\Secunia\PSI\PSIA.exeC:\Windows\SYSTEM32\ntdll.dll72964ed3-5f4f-11e4-a1a3-001f16bbfabd Error: (10/29/2014 05:19:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.1.7600.169154ec49cafc000000500052a01ea801cff3586ed69cd5C:\Program Files\Secunia\PSI\PSIA.exeC:\Windows\SYSTEM32\ntdll.dllc0e5fe04-5f4c-11e4-af6a-001f16bbfabd Error: (10/29/2014 05:10:48 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9b6e76ac-3095-4a25-afc2-973cb7c1b58a} Error: (10/29/2014 04:31:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: VirtualRouterPlus.exe2.5.0.0bb401cff35281334b1157C:\Program Files\Runxia Electronics\Virtual Router Plus\VirtualRouterPlus.exeed29d53c-5f45-11e4-af6a-001f16bbfabd Error: (10/27/2014 06:08:15 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3eb34f8a-4f8c-475d-bbf8-51bc49b2289f} Error: (10/27/2014 05:35:45 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {4c659cd0-33b3-44e1-9911-5c0caed09643} ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 39% Total physical RAM: 3000.84 MB Available physical RAM: 1809.84 MB Total Pagefile: 5999.96 MB Available Pagefile: 4709.8 MB Total Virtual: 2047.88 MB Available Virtual: 1905.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:38.97 GB) (Free:15.52 GB) NTFS Drive d: (DATA) (Fixed) (Total:193.82 GB) (Free:187.06 GB) NTFS Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 99E099E0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=193.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================