Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01 Ran by phil at 2015-07-20 01:14:44 Running from C:\Users\phil\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3235485179-4199279436-697633865-500 - Administrator - Disabled) Guest (S-1-5-21-3235485179-4199279436-697633865-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3235485179-4199279436-697633865-1001 - Limited - Enabled) phil (S-1-5-21-3235485179-4199279436-697633865-1002 - Administrator - Enabled) => C:\Users\phil UpdatusUser (S-1-5-21-3235485179-4199279436-697633865-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.258 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4821 - AVG Technologies) AVG 2014 (Version: 14.0.4365 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4821 - AVG Technologies) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dropbox (HKU\S-1-5-21-3235485179-4199279436-697633865-1002\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.) eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated) eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3004 - Acer Incorporated) eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated) eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated) Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5672 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 9 Essentials (HKLM-x32\...\{1d0710c5-a324-4d6d-b7dd-35ff681f9b5f}) (Version: - Nero AG) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: - ) NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3006 - Acer Incorporated) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File CustomCLSID: HKU\S-1-5-21-3235485179-4199279436-697633865-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\phil\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File ==================== Restore Points ========================= 29-06-2015 00:00:01 Scheduled Checkpoint 04-07-2015 21:34:36 Removed Java 8 Update 45 09-07-2015 00:56:01 Windows Update 15-07-2015 03:03:23 Windows Update 16-07-2015 03:00:25 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-27 21:14 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2D759524-9B06-484C-99D7-74C8BAF6CB8B} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{1666836a-3284-7a77-1666-6836a3280da8}\hack_setup.exe <==== ATTENTION Task: {491BE1B3-113C-449B-8F98-D5D7D751DF30} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\RocketTab\uninstall.exe <==== ATTENTION Task: {571CFDAD-5806-4B2B-85E8-16DC86FB8F92} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\RocketTab\Client.exe" /Preferred=true <==== ATTENTION Task: {59ED9E10-DD08-4C35-9513-2DBCEC694424} - \Microsoft\Windows\Maintenance\Idle~Crawler Update No Task File <==== ATTENTION Task: {765CAC80-4CDD-4674-A53C-757DD61E6E19} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {76A817C6-E459-4146-9CF8-3144924ACC34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {87074BEB-063A-43B9-BE3A-BA2D058C54C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {9869486F-6A68-4B52-B549-EBD79F9715AB} - System32\Tasks\{DDBB59E0-D39F-4335-B6AF-96ED71DE038A} => pcalua.exe -a C:\Users\phil\Desktop\Downloads\jre-8u45-windows-i586-iftw(1).exe -d C:\Users\phil\Desktop\Downloads Task: {A75BF705-3600-499A-A7EC-6F289792499F} - \Idle~Crawler Runner No Task File <==== ATTENTION Task: {B4778C5C-9253-4D72-8E14-1C4EDD147F74} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3235485179-4199279436-697633865-1002Core => C:\Users\phil\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {C31B9108-3CF5-465E-B2D9-302853797AE3} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\eMachines\eMachines Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer) Task: {CFF8DC29-DB5B-4C1C-B40F-A04D8534537E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {E016A728-6DE9-42FB-8EF5-58D4B1A2DEBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {E28F00E5-E193-4814-AFBA-5BCB39AA3D8E} - System32\Tasks\{A1C03429-077F-43FC-8273-5C1F376805A3} => pcalua.exe -a C:\Users\phil\Desktop\Downloads\jre-8u45-windows-i586-iftw.exe -d C:\Users\phil\Desktop\Downloads Task: {F52E5D4E-816C-4013-87C1-77F001885EE3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3235485179-4199279436-697633865-1002UA => C:\Users\phil\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{1666836a-3284-7a77-1666-6836a3280da8}\hack_setup.exe <==== ATTENTION Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3235485179-4199279436-697633865-1002Core.job => C:\Users\phil\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3235485179-4199279436-697633865-1002UA.job => C:\Users\phil\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-10-05 19:49 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2009-04-19 11:34 - 2009-04-19 11:34 - 00625184 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 2009-04-19 11:34 - 2009-04-19 11:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll 2009-04-19 11:34 - 2009-04-19 11:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll 2009-04-19 11:34 - 2009-04-19 11:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-11-28 18:40 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-11-28 18:40 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7864 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3235485179-4199279436-697633865-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\phil\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Spotify => "C:\Users\phil\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{ADA8E4D2-EB38-44B7-9B4D-4875E03C58A9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{1BB2C1C4-72D9-41E2-81EA-E081D6A3C32D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CA3E6926-5A6A-4EC9-9166-8ABEEA025A86}] => (Allow) svchost.exe FirewallRules: [{73D739A2-3229-456F-BE6E-A18D20F37F06}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{ACBCC8B7-A28A-46C1-8203-93DB0FFC3E72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{D6DA6458-7753-4319-A9BC-FB9833253124}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{02893D0B-C647-454A-8A6C-90805B0600CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EFB26686-9B65-410E-94A8-4EE4B24C16E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5556E5F9-0B1C-4162-BA44-9CD408BABE32}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AD13CDDA-0908-4F02-8B65-BC2A6C0A0461}] => (Allow) C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{0992B891-22C9-4BFE-9EA5-F151C0231602}] => (Allow) C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{AD775CA8-84F0-49FF-8811-C7A5C1647D32}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{3C31E10B-F251-4C68-8DFC-F127C39D79AC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [TCP Query User{27D3DB54-F315-4149-8E57-3BA2C34CB40D}C:\program files (x86)\freestyle gunz\gunz.exe] => (Allow) C:\program files (x86)\freestyle gunz\gunz.exe FirewallRules: [UDP Query User{C022B880-03C6-4486-9FA8-0176A8A16493}C:\program files (x86)\freestyle gunz\gunz.exe] => (Allow) C:\program files (x86)\freestyle gunz\gunz.exe FirewallRules: [{56677B78-B112-4C99-89FB-86F0FCE810A5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{0546E229-656D-48D1-A844-32C9A4842ED2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C0D79F49-DA01-44A3-B530-0AF7F3297527}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{8D93C20B-F29E-439B-B476-EFC96B1E859C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F69D6B14-4254-40D2-B2B5-B99D8730C180}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{6F58174D-88F5-4C25-973A-A674F1DC1B7F}C:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{B878168D-8E18-4AAD-97A4-7AF594EEAA1C}C:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phil\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{40F88241-8EB2-47F6-A099-755940CFD2AC}D:\easysetupassistant\archer c7\easysetupassistant.exe] => (Allow) D:\easysetupassistant\archer c7\easysetupassistant.exe FirewallRules: [UDP Query User{E9F77718-38F5-461A-BFD6-D080766DEFB3}D:\easysetupassistant\archer c7\easysetupassistant.exe] => (Allow) D:\easysetupassistant\archer c7\easysetupassistant.exe FirewallRules: [{9B52B419-85A2-4E84-83D4-A1DD9BEB15C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{FFA85177-20A0-4A5C-920A-5B9FE1AB7834}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{F92C2742-05FE-4272-830B-B4ACF19C5637}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{24FF7292-84A6-4EDE-8702-CC9E339292CC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{C78E8885-0AFB-48A4-BDFC-89328042E0BC}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{134A60FF-FEBE-4130-BBFF-6D989F9DDD4D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{0550CF0E-5B8E-4E90-B498-58B43EDB3467}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2015 11:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 6ec Start Time: 01d0c048bebc1580 Termination Time: 3759 Application Path: C:\Windows\Explorer.EXE Report Id: Error: (07/16/2015 09:19:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eRaidMGT.exe, version: 1.2.3.0, time stamp: 0x5501e3a0 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd Exception code: 0xe0434352 Fault offset: 0x000000000000b3dd Faulting process id: 0x9230 Faulting application start time: 0xeRaidMGT.exe0 Faulting application path: eRaidMGT.exe1 Faulting module path: eRaidMGT.exe2 Report Id: eRaidMGT.exe3 Error: (07/16/2015 09:19:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: eRaidMGT.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ObjectDisposedException Stack: at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.Form.CreateHandle() at System.Windows.Forms.Control.get_Handle() at System.Windows.Forms.Control.SetVisibleCore(Boolean) at System.Windows.Forms.Form.SetVisibleCore(Boolean) at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext) at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext) at eRaidMGT.Program.Main() Error: (07/16/2015 01:43:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eRaidMGT.exe, version: 1.2.3.0, time stamp: 0x5501e3a0 Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348a1ef Exception code: 0xc00000fd Fault offset: 0x000000000009249f Faulting process id: 0x7d70 Faulting application start time: 0xeRaidMGT.exe0 Faulting application path: eRaidMGT.exe1 Faulting module path: eRaidMGT.exe2 Report Id: eRaidMGT.exe3 Error: (07/16/2015 12:57:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: eRaidMGT.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentOutOfRangeException Stack: at System.Windows.Forms.DataGridView.InvalidateCell(Int32, Int32) at System.Windows.Forms.DataGridView+DataGridViewDataConnection.ProcessListChanged(System.ComponentModel.ListChangedEventArgs) at System.Windows.Forms.DataGridView+DataGridViewDataConnection.currencyManager_ListChanged(System.Object, System.ComponentModel.ListChangedEventArgs) at System.Windows.Forms.CurrencyManager.List_ListChanged(System.Object, System.ComponentModel.ListChangedEventArgs) at System.ComponentModel.BindingList`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Child_PropertyChanged(System.Object, System.ComponentModel.PropertyChangedEventArgs) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Error: (07/13/2015 01:01:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 40.0.0.5668, time stamp: 0x559f49af Faulting module name: mozglue.dll, version: 40.0.0.5668, time stamp: 0x559f3617 Exception code: 0x80000003 Fault offset: 0x0000e60d Faulting process id: 0x4e0c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (07/10/2015 12:55:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: eRaidMGT.exe, version: 1.2.3.0, time stamp: 0x5501e3a0 Faulting module name: clr.dll, version: 4.0.30319.34209, time stamp: 0x5348a1ef Exception code: 0xc00000fd Fault offset: 0x0000000000008658 Faulting process id: 0x17c Faulting application start time: 0xeRaidMGT.exe0 Faulting application path: eRaidMGT.exe1 Faulting module path: eRaidMGT.exe2 Report Id: eRaidMGT.exe3 Error: (07/08/2015 09:18:50 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Users\phil\AppData\Local\Temp\514CFA97-88F5-46B0-A3D2-657BBB4765F4\dismhost.exe {78E7A401-352A-4B5D-98C0-DFFE47438C44}; Description = Removed service pack backup files; Error = 0x8007043c). Error: (07/07/2015 03:03:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 40.0.0.5661 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 19dd4 Start Time: 01d0b8e12cc79c80 Termination Time: 2368 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: Error: (07/07/2015 01:52:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 81c8 Start Time: 01d0b83f2acb37e0 Termination Time: 9173 Application Path: C:\Windows\explorer.exe Report Id: System errors: ============= Error: (07/20/2015 12:20:43 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:19:10 AM on ‎7/‎20/‎2015 was unexpected. Error: (07/15/2015 04:22:41 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control. Error: (07/15/2015 04:21:35 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. Error: (07/14/2015 03:09:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:59:30 PM on ‎7/‎14/‎2015 was unexpected. Error: (07/12/2015 01:05:44 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 1:03:42 AM on ‎7/‎12/‎2015 was unexpected. Error: (07/09/2015 01:14:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Composite Device. Error: (07/09/2015 01:09:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800705b4: nVidia - Graphics Adapter WDDM1.1, Other hardware - NVIDIA GeForce 6150SE nForce 430. Error: (07/08/2015 11:09:22 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (07/08/2015 11:00:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Search service hung on starting. Error: (07/08/2015 09:27:16 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084VSS{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} Microsoft Office: ========================= Error: (08/04/2014 11:23:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 114 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: AMD Athlon(tm) Processor 2850e Percentage of memory in use: 96% Total physical RAM: 2814.49 MB Available physical RAM: 104.43 MB Total Virtual: 5627.19 MB Available Virtual: 1700.86 MB ==================== Drives ================================ Drive c: (eMachines) (Fixed) (Total:283.99 GB) (Free:173.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 8C1AE2E3) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS) ==================== End of log ============================