Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

window defender wont run [Solved]

Started by izissuki , Jul 13 2015 08:46 AM
security

  • This topic is locked This topic is locked

#1
izissuki
Posted 13 July 2015 - 08:46 AM

izissuki

    New Member

  • Member
  • Pip
  • 6 posts

my windows defender wont run start. when i press start nothing happen and program quit itself. happen when i turn off protection and forgot to turn on it back for a long time. try to install other anti virus like avast. almost the same thing. help me figure this out

Attached Thumbnails

  • def.PNG

  • 0

Advertisements

#2
Essexboy
Posted 13 July 2015 - 09:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to take a look at the system

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
izissuki
Posted 13 July 2015 - 09:44 AM

izissuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by USER1 (administrator) on IZISSUKI on 13-07-2015 23:42:29
Running from C:\Users\USER1\Downloads\Programs
Loaded Profiles: USER1 (Available Profiles: USER1)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(SSHPOWER V3.4 Update4) C:\Program Files (x86)\SSH Power\SSHPOWER.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Bitvise) C:\Program Files (x86)\SSH Power\Apps\Tunnel.exe
(Initex) C:\Program Files (x86)\SSH Power\Apps\Proxifier\Proxifier.exe
(Initex) C:\Program Files (x86)\SSH Power\Apps\Proxifier\Helper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-08] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Run: [Akamai NetSession Interface] => C:\Users\USER1\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe [771584 2013-11-25] (Oracle Corporation)
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3541008 2012-12-12] (Tonec Inc.)
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-05] (Valve Corporation)
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {7d78b92e-b224-11e3-8272-00a0c6000000} - "E:\Startme.exe" 
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {8785b10c-19e4-11e4-82ce-0c8bfdea352f} - "E:\CMADownloader.exe" 
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {8c30e9de-c14e-11e3-8289-00a0c6000000} - "E:\AutoRun.exe" 
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {a80db4e8-0403-11e5-8373-0c8bfdea352f} - "E:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {b04ad502-abcb-11e3-826f-3e100dcef4f3} - "E:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\MountPoints2: {eccba3ed-5916-11e4-8313-00a0c6000000} - "E:\HTC_Sync_Manager_PC.exe" 
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [176904 2015-06-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [155280 2015-06-17] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk [2014-08-02]
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a.lnk [2015-05-28]
ShortcutTarget: a.lnk -> C:\Users\USER1\AppData\Roaming\obglspdnyk.exe ()
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_FileProtect.lnk [2014-10-17]
ShortcutTarget: LCL_FileProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_FileProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SecureBrowsing.lnk [2014-10-17]
ShortcutTarget: LCL_SecureBrowsing.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SecureBrowsing.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SysProtect.lnk [2014-10-17]
ShortcutTarget: LCL_SysProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SysProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_WebProtect.lnk [2014-10-17]
ShortcutTarget: LCL_WebProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_WebProtect.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-11-16] (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-01-09] (Internet Download Manager, Tonec Inc.)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-31] (Qualcomm®Atheros®)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-21] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{387F2E1D-4980-46A4-B9B0-0FEF5EB31594}: [DhcpNameServer] 172.16.30.7 172.16.30.21
Tcpip\..\Interfaces\{91156249-2CB2-4540-A824-4F1DE3CDC0B8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{9312E35E-4395-497C-8E20-1783B0B67583}: [DhcpNameServer] 172.16.30.7 172.16.30.21
 
FireFox:
========
FF ProfilePath: C:\Users\USER1\AppData\Roaming\Mozilla\Firefox\Profiles\wr8xoyrp.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1025023637-3457176879-1876305215-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1025023637-3457176879-1876305215-1004: ubisoft.com/uplaypc -> G:\Games\Tom.Clancys.H.A.W.X. 2-KaOs\orbit\npuplaypc.dll [2012-12-17] (Ubisoft)
FF HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Firefox\Extensions: [[email protected]] - C:\Users\USER1\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\USER1\AppData\Roaming\IDM\idmmzcc5 [2014-10-12]
FF HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\USER1\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (IDM Extension) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmmmoofpkikfcgaojedjpgbgnkgmkeb [2014-10-18]
CHR Extension: (YouTube) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (IDM Integration Module) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaciohclcnjjgchghjmleikcilomkif [2014-10-16]
CHR Extension: (Google Search) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Ultimate Pokemon Theme) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhlaedgolndbhjghgcapieenmgiengap [2014-10-19]
CHR Extension: (Mute Inactive Tabs) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnndlfanhilikkpoginfilaodnnekhhe [2015-04-03]
CHR Extension: (AdBlock) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-22]
CHR Extension: (IDM Integration) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [2014-10-18]
CHR Extension: (Little Joy Rider) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfdccoepjlaopkkgaaiaojopafjmajd [2014-10-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (MuteTab) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2015-04-03]
CHR Extension: (Google Wallet) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (365Scores - Live Scores,Sports News & Alerts) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpppefjehmjbiplimkfjeamnohldmko [2014-03-22]
CHR Extension: (Gmail) - C:\Users\USER1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-01-09]
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2013-01-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-05-03] (Microsoft Corporation)
R3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-03-20] (Connectify) [File not signed]
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-27] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-27] (Dell Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-04] (NVIDIA Corporation)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2013-01-01] (Microsoft Corporation)
S4 iumsvc; c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S4 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14252 2014-05-08] () [File not signed]
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-04] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-04] (NVIDIA Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 VSSS; C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [96747584 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2013-02-12] (Advanced Micro Devices, Inc.)
S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-09] (Qualcomm Atheros Communications, Inc.) [File not signed]
S3 atmeltpm; C:\Windows\System32\drivers\atmeltpm64.sys [19456 2012-05-26] (Atmel, Inc.)
S3 BCMTPM; C:\Windows\System32\drivers\btpmwx64.sys [32096 2013-02-12] (Broadcom Corp.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2015-04-08] (Connectify)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-27] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-27] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-04-26] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-10-19] ()
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2013-03-27] (Atheros)
S3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [72704 2013-02-12] (Ericsson AB)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
S3 MkBusFilter; C:\Windows\System32\drivers\MbmDeviceFilter.sys [25600 2013-02-12] (Ericsson AB)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3446240 2014-07-08] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
S3 O2MDFW8x64; C:\Windows\System32\drivers\O2MDFw8x64.sys [74368 2013-04-26] (O2Micro )
S3 O2MDRW8x64; C:\Windows\System32\drivers\O2MDRw8x64.sys [91008 2013-04-26] (O2Micro )
S3 qca_shb; C:\Windows\System32\drivers\qca_shb.sys [99328 2013-03-27] (Qualcomm Atheros Communications Inc.)
S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\system32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\system32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\system32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\system32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\system32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S0 stmtpm; C:\Windows\System32\drivers\stm_tpm.sys [29184 2012-05-26] (STMicroelectronics, INC)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R3 zttap200; C:\Windows\system32\DRIVERS\zttap200.sys [31896 2014-03-06] ()
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 23:41 - 2015-07-13 23:42 - 00000000 ____D C:\FRST
2015-07-13 18:41 - 2015-07-13 18:41 - 00000000 ___RD C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-13 17:50 - 2015-07-13 17:50 - 00305968 _____ C:\windows\Minidump\071315-68656-01.dmp
2015-07-13 17:45 - 2015-07-13 17:50 - 769622901 ____N C:\windows\MEMORY.DMP
2015-07-13 17:45 - 2015-07-13 17:45 - 00306592 _____ C:\windows\Minidump\071315-33500-01.dmp
2015-07-13 17:36 - 2015-07-13 17:47 - 00035064 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-07-13 17:36 - 2015-07-13 17:36 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-13 17:34 - 2015-07-13 17:35 - 18070088 _____ C:\Users\USER1\Downloads\RogueKiller.exe
2015-07-13 17:13 - 2015-07-13 18:40 - 00000464 _____ C:\windows\setupact.log
2015-07-13 17:13 - 2015-07-13 17:13 - 00000000 _____ C:\windows\setuperr.log
2015-07-13 17:12 - 2015-07-13 18:39 - 00492082 _____ C:\windows\PFRO.log
2015-07-13 17:02 - 2015-07-13 17:02 - 00000000 ____D C:\windows\SysWOW64\vbox
2015-07-13 17:02 - 2015-07-13 17:02 - 00000000 ____D C:\windows\system32\vbox
2015-07-13 16:53 - 2015-07-13 16:53 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-13 16:48 - 2015-07-13 16:48 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-12 18:33 - 2015-07-13 23:09 - 01062376 _____ C:\windows\WindowsUpdate.log
2015-07-11 19:33 - 2015-07-11 19:33 - 01415680 _____ (wj32) C:\Program Files\JZT7DVRV.exe
2015-07-09 16:56 - 2015-07-09 16:56 - 00000949 _____ C:\Users\USER1\Desktop\Phantasy Star Online 2.lnk
2015-07-09 16:56 - 2015-07-09 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online 2
2015-07-08 09:44 - 2015-07-08 09:44 - 01415680 _____ (wj32) C:\Program Files\2KT2TBTT.exe
2015-07-08 09:33 - 2015-07-08 09:33 - 00106875 _____ C:\ProgramData\1436319079.bdinstall.bin
2015-07-08 09:28 - 2015-07-08 09:28 - 01415680 _____ (wj32) C:\Program Files\8KHKHZZZ.exe
2015-07-08 08:56 - 2015-07-08 08:56 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-07-08 08:56 - 2015-07-08 08:56 - 00000796 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-08 08:56 - 2015-07-08 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-08 08:56 - 2015-07-08 08:56 - 00000000 ____D C:\Program Files\CCleaner
2015-07-08 08:54 - 2015-07-08 08:54 - 00120455 _____ C:\ProgramData\1436316660.bdinstall.bin
2015-07-08 08:52 - 2015-07-08 08:52 - 00033123 _____ C:\ProgramData\1436316763.bdinstall.bin
2015-07-08 08:50 - 2015-07-08 08:50 - 00000000 ____D C:\Users\USER1\AppData\Roaming\QuickScan
2015-07-08 08:05 - 2015-07-08 08:05 - 01415680 _____ (wj32) C:\Program Files\111SSA11.exe
2015-07-08 07:21 - 2015-07-08 07:21 - 01415680 _____ (wj32) C:\Program Files\E55WN5NE.exe
2015-07-08 00:06 - 2015-05-10 06:23 - 00098671 ____N C:\Users\USER1\Desktop\Furious.7.2015.srt
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\SO4S4IOW.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\EG4OCKI0.exe
2015-07-03 14:32 - 2015-07-03 08:32 - 00124391 _____ C:\Users\USER1\Desktop\Kingsman.The.Secret.Service.2014.720p.BluRay.x264-SPARKS.srt
2015-07-02 07:08 - 2015-07-02 07:08 - 01415680 _____ (wj32) C:\Program Files\AY0K8UYI.exe
2015-07-02 06:22 - 2015-07-02 06:22 - 01415680 _____ (wj32) C:\Program Files\B58W8EK5.exe
2015-07-01 06:43 - 2015-07-01 06:43 - 01415680 _____ (wj32) C:\Program Files\5P75NBFL.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\H55RF7DT.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\79VFXZHJ.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\MKWIWMK4.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\KO2GEA84.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\G0SI8SGY.exe
2015-06-28 18:09 - 2015-06-28 18:09 - 01415680 _____ (wj32) C:\Program Files\UEG4KK86.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\UG4UYIAK.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\IM0KM6E0.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\80E0A2E8.exe
2015-06-25 02:05 - 2015-06-25 02:05 - 01415680 _____ (wj32) C:\Program Files\JHHHJJPX.exe
2015-06-23 18:41 - 2015-06-23 18:41 - 00000000 ____D C:\windows\SysWOW64\NV
2015-06-23 18:41 - 2015-06-23 18:41 - 00000000 ____D C:\windows\system32\NV
2015-06-23 18:38 - 2015-06-17 17:10 - 42729104 _____ C:\windows\system32\nvcompiler.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 37748880 _____ C:\windows\SysWOW64\nvcompiler.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 30481552 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 22947144 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 17724600 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 16145200 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 15866992 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 15224784 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 14497520 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 13263056 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 11831856 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 11011216 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-06-23 18:38 - 2015-06-17 17:10 - 02997544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 02932368 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 02599752 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 01898128 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6435330.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 01557832 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6435330.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 01060168 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 01050768 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00982672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00975176 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00503408 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00408392 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00407296 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00364176 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00150832 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00128696 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2015-06-23 18:38 - 2015-06-17 17:10 - 00031376 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2015-06-23 12:16 - 2015-06-23 12:16 - 00004030 _____ C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-23 12:16 - 2015-06-23 12:16 - 00003484 _____ C:\windows\System32\Tasks\PCDEventLauncherTask
2015-06-23 12:16 - 2015-06-23 12:16 - 00003218 _____ C:\windows\System32\Tasks\SystemToolsDailyTest
2015-06-23 12:16 - 2015-06-23 12:16 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-23 12:16 - 2015-06-23 12:16 - 00000000 ____D C:\Program Files\Dell Support Center
2015-06-15 16:56 - 2015-06-15 16:56 - 00000019 _____ C:\Users\USER1\Desktop\ip.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 23:00 - 2013-08-22 23:36 - 00000000 ____D C:\windows\system32\sru
2015-07-13 22:59 - 2014-03-22 16:54 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 22:41 - 2014-03-22 22:17 - 03956736 ___SH C:\Users\USER1\Desktop\Thumbs.db
2015-07-13 22:35 - 2014-03-26 15:29 - 00000000 ____D C:\Users\USER1\AppData\Local\CrashDumps
2015-07-13 20:58 - 2014-03-22 16:54 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 18:54 - 2014-03-12 11:40 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1025023637-3457176879-1876305215-1004
2015-07-13 18:41 - 2015-03-13 18:03 - 00000516 _____ C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-07-13 18:40 - 2014-10-19 15:13 - 00000000 ____D C:\ProgramData\VMware
2015-07-13 18:40 - 2013-08-22 22:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 18:39 - 2014-03-23 06:34 - 00000000 ____D C:\Users\USER1\AppData\Roaming\DMCache
2015-07-13 18:39 - 2014-03-12 11:35 - 00000000 ____D C:\Users\USER1
2015-07-13 18:39 - 2013-08-22 21:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-13 18:20 - 2014-03-23 06:34 - 00000000 ____D C:\Users\USER1\Downloads\Compressed
2015-07-13 18:19 - 2013-10-15 08:25 - 00000000 ____D C:\ProgramData\PCDr
2015-07-13 17:50 - 2014-07-09 13:28 - 00000000 ____D C:\windows\Minidump
2015-07-13 17:27 - 2014-03-22 18:07 - 00000000 ____D C:\Users\USER1\AppData\Local\Razer
2015-07-13 17:27 - 2014-03-22 18:07 - 00000000 ____D C:\ProgramData\Razer
2015-07-13 17:27 - 2014-03-22 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-07-13 17:27 - 2014-03-22 18:07 - 00000000 ____D C:\Program Files (x86)\Razer
2015-07-13 16:47 - 2014-10-12 22:20 - 00000000 ____D C:\Users\USER1\AppData\Roaming\IDM
2015-07-13 16:07 - 2015-02-03 01:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 06:11 - 2013-10-15 08:10 - 00920482 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-12 15:09 - 2015-05-30 23:05 - 00001081 _____ C:\Users\Public\Desktop\SSH Power Gaming.lnk
2015-07-12 15:09 - 2015-05-30 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSH Power Gaming
2015-07-12 15:09 - 2015-05-30 23:05 - 00000000 ____D C:\Program Files (x86)\SSH Power Gaming
2015-07-11 20:24 - 2014-03-23 22:11 - 00000000 ____D C:\Users\USER1\AppData\Roaming\vlc
2015-07-09 16:25 - 2014-05-27 06:53 - 00000000 ____D C:\Users\USER1\Documents\SEGA
2015-07-09 16:11 - 2015-05-21 23:34 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-07-09 16:10 - 2013-10-15 08:26 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-07-09 12:03 - 2013-08-22 23:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-08 09:00 - 2015-05-10 21:43 - 00000000 ____D C:\Users\USER1\AppData\Roaming\Sony
2015-07-08 09:00 - 2015-04-08 13:18 - 00000000 ____D C:\Program Files (x86)\Connectify
2015-07-08 09:00 - 2015-03-22 22:26 - 00000000 ____D C:\Users\USER1\AppData\Local\LogMeIn Hamachi
2015-07-08 08:59 - 2013-10-15 08:15 - 00000000 ____D C:\windows\Panther
2015-07-07 05:24 - 2015-05-20 23:36 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-07 05:24 - 2015-05-20 23:36 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 13:09 - 2013-08-22 23:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-05 18:08 - 2014-10-12 22:31 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-04 09:37 - 2015-04-10 12:20 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-07-03 23:21 - 2015-06-10 22:01 - 00001032 _____ C:\Users\Public\Desktop\SSH Power.lnk
2015-07-03 23:21 - 2015-06-10 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSH Power
2015-07-03 23:21 - 2015-06-10 22:01 - 00000000 ____D C:\Program Files (x86)\SSH Power
2015-07-02 19:56 - 2015-05-29 07:17 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-27 18:57 - 2015-05-30 23:06 - 00000000 ____D C:\Users\USER1\Documents\The Witcher 3
2015-06-27 15:28 - 2015-03-25 08:30 - 00000000 ____D C:\Users\USER1\Desktop\OS
2015-06-26 20:18 - 2014-10-25 09:51 - 00001013 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-06-25 09:31 - 2015-03-13 22:46 - 00000000 ____D C:\Users\USER1\Desktop\ip
2015-06-23 18:41 - 2014-01-29 14:42 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 18:41 - 2014-01-29 14:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 18:19 - 2014-12-08 21:36 - 00001399 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-23 18:18 - 2015-06-02 11:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 12:16 - 2013-10-15 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 02:10 - 2014-06-02 06:43 - 00000000 ____D C:\Users\USER1\www.apowersoft.com
2015-06-21 22:08 - 2015-03-31 00:57 - 00000000 ____D C:\Users\USER1\Desktop\doc
2015-06-17 17:10 - 2015-03-04 19:09 - 03395648 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2015-06-17 17:10 - 2014-12-08 21:34 - 12855416 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2015-06-17 17:10 - 2014-01-22 16:31 - 01099992 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2015-06-17 17:10 - 2014-01-22 16:31 - 00938752 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2015-06-17 17:10 - 2014-01-22 16:30 - 00176904 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2015-06-17 17:10 - 2014-01-22 16:30 - 00155280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2015-06-17 17:10 - 2014-01-22 16:30 - 00030966 _____ C:\windows\system32\nvinfo.pb
2015-06-17 14:48 - 2014-01-29 14:42 - 06873232 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 03492168 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 02558792 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 01059472 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 00937616 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2015-06-17 14:48 - 2014-01-29 14:42 - 00385168 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 00074896 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2015-06-17 14:48 - 2014-01-29 14:42 - 00062792 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2015-06-17 08:21 - 2015-03-26 13:20 - 00000000 ____D C:\Users\USER1\Desktop\CGP
 
==================== Files in the root of some directories =======
 
2015-07-08 08:05 - 2015-07-08 08:05 - 1415680 _____ (wj32) C:\Program Files\111SSA11.exe
2015-07-08 09:44 - 2015-07-08 09:44 - 1415680 _____ (wj32) C:\Program Files\2KT2TBTT.exe
2015-07-01 06:43 - 2015-07-01 06:43 - 1415680 _____ (wj32) C:\Program Files\5P75NBFL.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 1415680 _____ (wj32) C:\Program Files\79VFXZHJ.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 1415680 _____ (wj32) C:\Program Files\80E0A2E8.exe
2015-07-08 09:28 - 2015-07-08 09:28 - 1415680 _____ (wj32) C:\Program Files\8KHKHZZZ.exe
2015-07-02 07:08 - 2015-07-02 07:08 - 1415680 _____ (wj32) C:\Program Files\AY0K8UYI.exe
2015-07-02 06:22 - 2015-07-02 06:22 - 1415680 _____ (wj32) C:\Program Files\B58W8EK5.exe
2015-07-08 07:21 - 2015-07-08 07:21 - 1415680 _____ (wj32) C:\Program Files\E55WN5NE.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 1415680 _____ (wj32) C:\Program Files\EG4OCKI0.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 1415680 _____ (wj32) C:\Program Files\G0SI8SGY.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 1415680 _____ (wj32) C:\Program Files\H55RF7DT.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 1415680 _____ (wj32) C:\Program Files\IM0KM6E0.exe
2015-06-25 02:05 - 2015-06-25 02:05 - 1415680 _____ (wj32) C:\Program Files\JHHHJJPX.exe
2015-07-11 19:33 - 2015-07-11 19:33 - 1415680 _____ (wj32) C:\Program Files\JZT7DVRV.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 1415680 _____ (wj32) C:\Program Files\KO2GEA84.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 1415680 _____ (wj32) C:\Program Files\MKWIWMK4.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 1415680 _____ (wj32) C:\Program Files\SO4S4IOW.exe
2015-06-28 18:09 - 2015-06-28 18:09 - 1415680 _____ (wj32) C:\Program Files\UEG4KK86.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 1415680 _____ (wj32) C:\Program Files\UG4UYIAK.exe
2015-05-28 12:22 - 2015-05-28 12:22 - 69718016 __RSH () C:\Users\USER1\AppData\Roaming\obglspdnyk.exe
2014-08-03 12:17 - 2014-08-03 12:17 - 0007597 _____ () C:\Users\USER1\AppData\Local\Resmon.ResmonCfg
2015-07-08 08:54 - 2015-07-08 08:54 - 0120455 _____ () C:\ProgramData\1436316660.bdinstall.bin
2015-07-08 08:52 - 2015-07-08 08:52 - 0033123 _____ () C:\ProgramData\1436316763.bdinstall.bin
2015-07-08 09:33 - 2015-07-08 09:33 - 0106875 _____ () C:\ProgramData\1436319079.bdinstall.bin
2013-10-15 08:00 - 2013-10-15 08:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-15 08:23 - 2013-10-15 08:24 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-15 08:20 - 2013-10-15 08:21 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-15 08:21 - 2013-10-15 08:22 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-10-15 08:22 - 2013-10-15 08:23 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2013-10-15 08:20 - 2013-10-15 08:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\USER1\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-06 18:08
 
==================== End of log ============================

  • 0

#4
izissuki
Posted 13 July 2015 - 09:45 AM

izissuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by USER1 at 2015-07-13 23:43:29
Running from C:\Users\USER1\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1025023637-3457176879-1876305215-500 - Administrator - Disabled)
Guest (S-1-5-21-1025023637-3457176879-1876305215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1025023637-3457176879-1876305215-1003 - Limited - Enabled)
USER1 (S-1-5-21-1025023637-3457176879-1876305215-1004 - Administrator - Enabled) => C:\Users\USER1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien Isolation / RePack by Baracuda (HKLM-x32\...\Alien Isolation_is1) (Version: 1.0 - )
Arma 3 Complete (HKLM-x32\...\QXJtYTM=_is1) (Version: 1 - )
Autodesk Backburner 2014 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 14.0.0.0 - Autodesk, Inc.)
Autodesk Composite 2014 (HKLM\...\Autodesk Composite 2014) (Version: 9.0.0.0 - Autodesk)
Autodesk Composite 2014 (Version: 9.0.0.0 - Autodesk) Hidden
Autodesk DirectConnect 2014 64-bit (HKLM\...\Autodesk DirectConnect 2014 64-bit) (Version: 8.0.56.1 - Autodesk)
Autodesk DirectConnect 2014 64-bit (Version: 8.0.56.1 - Autodesk) Hidden
Autodesk MatchMover 2014 (HKLM\...\{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 (Version: 16.0.0.0 - Autodesk) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Juarez Gunslinger © Ubisoft version 1 (HKLM-x32\...\Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1) (Version: 1 - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon MP230 series On-screen Manual (HKLM-x32\...\Canon MP230 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CodeBlocks (HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.4.34734 - Connectify)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
Counter-Strike Global Offensive WaRzOnE (HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\CSGO) (Version:  - CS WaRzOnE)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 11.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadpool (HKLM-x32\...\Deadpool_is1) (Version:  - )
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
Dogfight 1942 Limited Edition (HKLM-x32\...\Dogfight 1942 Limited Edition_is1) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragonball Xenoverse (HKLM-x32\...\Dragonball Xenoverse_is1) (Version:  - )
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
FIFA 15 Ultimate Team Edition (HKLM-x32\...\FIFA 15 Ultimate Team Edition_is1) (Version: 1.4.0.0 - )
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a427cd1c-b97d-4142-87c1-15b3ea68a34c}) (Version: 17.0.6 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
MadCap Help Viewer V6.3 (HKLM-x32\...\{248D8B6E-2BB9-4BBE-B717-A27F0DC16B39}) (Version: 6.3.0 - MadCap Software)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Max Payne 3 (HKLM-x32\...\Max Payne 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{8057481C-0CFC-43BB-8EEC-C6A0E1C82E19}) (Version: 13.0.1.0 - mental ray)
METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\TUVUQUxHRUFSUklTSU5HUkVWRU5HRUFOQ0U=_is1) (Version: 1 - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visio Standard 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9B0DB369-396B-4A81-94FE-5631916D6C6F}) (Version: 5.1.30 - Oracle Corporation)
MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{BDD417A0-EBEC-46E4-8879-426B9C617C53}) (Version: 6.1.3 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{A0E83565-E770-466D-BD7F-2DB3D55EDE25}) (Version: 5.6.17 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{234616A4-659D-48F6-B204-ACCA217F896B}) (Version: 5.6.17 - Oracle Corporation)
MySQL For Excel 1.2.1 (HKLM-x32\...\{EC5F887C-FCEE-45D7-BF7B-C0EA767CC45B}) (Version: 1.2.1 - Oracle)
MySQL for Visual Studio 1.1.3 (HKLM-x32\...\{517F202F-E713-4CBE-9419-D10B8A6AC8C7}) (Version: 1.1.3 - Oracle)
MySQL Installer (HKLM-x32\...\{437AC169-780B-47A9-86F6-14D43C8F596B}) (Version: 1.3.6.0 - Oracle Corporation)
MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle)
MySQL Server 5.6 (HKLM\...\{319E6998-5D33-44F0-926F-671C8773B0BE}) (Version: 5.6.17 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{E967FF67-DE28-4BB0-857C-87A825CCF003}) (Version: 1.3.6 - Oracle)
MySQL Workbench 6.1 CE (HKLM-x32\...\{625991FA-1A48-4AD8-95D5-84A0C9896C9A}) (Version: 6.1.4 - Oracle Corporation)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PAYDAY 2. GOTY Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\PAYDAY 2. GOTY Edition_is1) (Version: 1.0.0.0 - )
Phantasy Star Online 2 (HKLM-x32\...\http://pso2.jp/appid...siasoft_sg_is1)(Version:  - Asiasoft)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications)
QuranReciter 4.0 beta 3 (HKLM-x32\...\QuranReciter) (Version: 4.0 beta 3 - ShaPlus Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7024 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.1074 - RStudio)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
SSH Power Gaming version v3.4 (HKLM-x32\...\{C74B65FE-F531-4338-8D55-99B1B7DC01BA}_is1) (Version: v3.4 - SSH Power Gaming)
SSH Power version v3.4 Update4 (HKLM-x32\...\{719363F9-0E39-4E76-908B-2CF432552654}_is1) (Version: v3.4 Update4 - SSH Power)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPRO_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
Vs2012 Verification SDK (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-09-25 14:38 - 2015-04-08 13:20 - 00001228 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1    tonec.com
127.0.0.1    www.tonec.com
127.0.0.1    registeridm.com
127.0.0.1    www.registeridm.com
127.0.0.1    secure.registeridm.com
127.0.0.1    internetdownloadmanager.com
127.0.0.1    www.internetdownloadmanager.com
127.0.0.1    secure.internetdownloadmanager.com
127.0.0.1    mirror.internetdownloadmanager.com
127.0.0.1    mirror2.internetdownloadmanager.com
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F63777-83B9-4F33-9174-C540EE9EA82B} - System32\Tasks\{6BFA87B7-F5AD-4E24-AB7B-8EDB889BAFA5} => pcalua.exe -a "C:\Program Files (x86)\QuranReciter\mp3\QR-MP3-02to04.exe" -d "C:\Program Files (x86)\QuranReciter\mp3"
Task: {0D2A79CB-8F4A-455A-A5F9-A6DC7B29CC91} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {23693A78-55BA-4C4E-9A99-B47C49BFDE0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => c:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {24B208E0-7F79-4E80-945C-699AA8E92FCA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {271D5A7C-D03C-4F9E-979F-AB5873807FD2} - System32\Tasks\{B32AD24C-9EA2-48C4-BB13-3131901E7D64} => pcalua.exe -a "E:\Utility\StoreJet ToolBox\Windows\StoreJet.ToolBox.exe" -d "E:\Utility\StoreJet ToolBox\Windows"
Task: {2AD0210B-00F3-46E3-AAA3-B4B92213B66C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22] (Google Inc.)
Task: {2D3588BB-6DB0-426D-83A0-AA121E09D20B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3F032CA1-8B74-4FC3-95E9-1D88E3A14E08} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {4301CEC1-06B0-493C-8912-B535A25991BA} - \WPD\SqmUpload_S-1-5-21-1025023637-3457176879-1876305215-1001 No Task File <==== ATTENTION
Task: {433D612E-B653-49E2-9DBD-56483E07E11A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {4B7D5A32-0891-4117-94F5-EEFCDD657F9F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {65AFA320-3641-41CF-955C-F6DD443E0C79} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {75DE4C22-89CC-435D-85FC-EF1E66A53049} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-02] (Piriform Ltd)
Task: {85829CD6-9152-46D6-B503-A739429B8B2B} - System32\Tasks\{B952D36B-F386-4E98-8D44-6FA79DFDDF1D} => pcalua.exe -a "C:\Program Files (x86)\NadiSSH\unins000.exe"
Task: {935DD63C-20CF-4959-9D47-9B3FBD53983E} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation)
Task: {937B2D53-CBF5-4D8B-BC60-CAE4977A03D7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {A6159FB6-5508-47CE-9DE2-93753E8476A5} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {A671F408-A298-442F-A3F2-0D5339BD86F7} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {B799B87A-2845-44BE-B138-AD2C5440A7C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B8AB9297-165A-436C-9551-4C7C746395CC} - System32\Tasks\MATLAB R2012b Startup Accelerator => G:\Software\Matlab\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {D446FBB4-9A55-44FC-B1B2-B3DDC30C0564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-22] (Google Inc.)
Task: {D4898C49-8B60-40FA-8086-8B158FA8FDFD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)
Task: {E10B6339-841B-4F90-9F35-F0990B7998B9} - System32\Tasks\{7AE25956-3A2F-4D65-B54B-716DB26CC314} => pcalua.exe -a G:\vpn\t2s\tap-driver\x86\tapinstall.exe -d G:\vpn\t2s\tap-driver\x86
Task: {F2F2DFDA-46AB-434B-B0AC-F3DDE65F699E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FFF128F4-9321-4393-B01D-F67C0DFFA89C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2012b Startup Accelerator.job => G:\Software\Matlab\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-22 16:30 - 2015-06-17 17:10 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-31 12:59 - 2013-07-31 12:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-07-31 12:55 - 2013-07-31 12:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-07-31 13:04 - 2013-07-31 13:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-01-01 19:01 - 2013-01-01 19:01 - 00228264 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbPc.DLL
2014-04-10 22:34 - 2013-03-05 11:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-08 13:18 - 2015-03-20 03:08 - 00715000 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2015-07-09 11:00 - 2015-07-07 11:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-09 11:00 - 2015-07-07 11:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2014-01-22 16:30 - 2015-06-17 17:10 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-07-09 11:00 - 2015-07-07 11:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:8061242F
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\USER1\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Connectify => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: IJPLMSVC => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MySQL56 => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\StartupFolder: => "Content Manager Assistant for PlayStation®.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Virtual Router Manager.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "LCL_FileProtect.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "LCL_SecureBrowsing.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "LCL_SysProtect.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "LCL_WebProtect.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "p)m.rar.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "Tun2SocksGUI-v2.2.2-New-Actions.rar.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\StartupFolder: => "a.lnk"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "MySQL Notifier"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9ABC0FECA92163B0DBAEC8B7F7F1FA34"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{270D006B-0159-4A23-A4F2-421631CF6997}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{EC938E2F-996C-47A1-B417-A0AFC3FF334B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{977EC763-63B2-4605-A856-39F9C9E5D8D0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F622E924-1B45-4201-A356-921A285A17EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4607E966-D754-4BEE-B0F5-6A24C99A2D2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F0B6B8F9-D433-421E-ADE5-896F738FE59D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0978152F-F544-4D03-A57F-6050685256ED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EDE34075-598A-4687-9D57-18D29CEBAFEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E96AC611-93B6-4264-9C2D-4C646B539F4A}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{14CF13C3-D04D-4D6C-8C60-B434954804D5}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{D0444C0B-9F04-4D63-B0AD-471FCA4BE1B8}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{2E16507E-53E2-4CB5-AE1C-AFA0ABB2D022}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{F7A8972F-8BFC-49D3-9BEF-6077D3B7F6E6}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{7F24202A-24FB-45D1-A74C-68AA8977A103}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{824F6E9C-AFBB-44C6-AFB9-AF4605CDA411}] => (Allow) LPort=3306
FirewallRules: [{2750A6D8-41E0-4D04-8F39-59A646C9501D}] => (Allow) G:\Software\vs\Visual Studio 2013 Professional 32-bit (English)\Common7\IDE\devenv.exe
FirewallRules: [{CE70F2E3-5F72-4E58-B84F-C75216AEB584}] => (Allow) LPort=12292
FirewallRules: [{22B8C497-F310-4F64-95EF-29602B3CD5A2}] => (Allow) LPort=3306
FirewallRules: [TCP Query User{098ABD6F-C702-4C89-8085-DD4D86019566}G:\games\arma 3\arma3.exe] => (Block) G:\games\arma 3\arma3.exe
FirewallRules: [UDP Query User{3A5314A1-4C70-4471-925C-02FFF02F273B}G:\games\arma 3\arma3.exe] => (Block) G:\games\arma 3\arma3.exe
FirewallRules: [{E514D18B-19CC-409D-AE4A-64897AE93D5B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{15480C19-1937-48AA-B4E3-58FC9B15A718}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{F47F6C4C-5B4D-4974-8499-CA7B4358766B}G:\software\maya\maya2014\bin\maya.exe] => (Block) G:\software\maya\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{0821F392-6DED-4371-BE05-51909EBC038A}G:\software\maya\maya2014\bin\maya.exe] => (Block) G:\software\maya\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{563D261C-0051-439F-B973-43FE817D4023}G:\games\csgo\csgo.exe] => (Allow) G:\games\csgo\csgo.exe
FirewallRules: [UDP Query User{5912ABEB-6068-4D2E-A86B-D42EA5606C92}G:\games\csgo\csgo.exe] => (Allow) G:\games\csgo\csgo.exe
FirewallRules: [TCP Query User{D39020C2-78AA-46BB-8B03-6F0A152D8B73}G:\games\tom clancys rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) G:\games\tom clancys rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{281D479E-3608-4524-9A5C-EC269379CE6C}G:\games\tom clancys rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) G:\games\tom clancys rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [TCP Query User{B89499C5-F4A4-4AE3-BBAE-884FD4F2D2B0}G:\games\farcry 3\bin\farcry3.exe] => (Block) G:\games\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{E130B9F5-D69F-4C44-A200-5EC654179295}G:\games\farcry 3\bin\farcry3.exe] => (Block) G:\games\farcry 3\bin\farcry3.exe
FirewallRules: [{BA2CA141-B13A-4770-9E5B-30723C67BCB4}] => (Allow) C:\ProgramData\PAYDAY 2\crime.exe
FirewallRules: [{A717E29F-79C7-4746-A45C-099AEAD0C07C}] => (Allow) C:\ProgramData\PAYDAY 2\crime.exe
FirewallRules: [{CDE36A46-A4E3-4319-B1DB-BB4400DF403D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{20F98121-D761-4E45-97E8-5AE9085A1672}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5E9C0E48-C41B-4703-A390-7335430EAB43}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BB9B69FB-D46A-4988-BBDA-174F2B129022}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{A7B4590C-78B5-44BE-871D-90424DDB6913}G:\games\alien\alien isolation\ai.exe] => (Block) G:\games\alien\alien isolation\ai.exe
FirewallRules: [UDP Query User{47BDA875-F550-421B-98A4-278F3149F73A}G:\games\alien\alien isolation\ai.exe] => (Block) G:\games\alien\alien isolation\ai.exe
FirewallRules: [TCP Query User{725E4A56-B521-40E7-B663-C6520C42DEC2}G:\games\max payne 3\maxpayne3.exe] => (Block) G:\games\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{6752A080-48BA-4AA5-B5DF-B81E35FBC40C}G:\games\max payne 3\maxpayne3.exe] => (Block) G:\games\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{6C850883-D527-42AC-98D7-F47DCEF9A1D0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{5CD73DD2-2060-4513-83E0-2D866A1CEF2A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{1790CE0B-7781-43EE-B714-647C1712A787}G:\software\unity\editor\unity.exe] => (Allow) G:\software\unity\editor\unity.exe
FirewallRules: [UDP Query User{0A4F3DEF-18A8-47E7-8CF2-5D18A8C476EF}G:\software\unity\editor\unity.exe] => (Allow) G:\software\unity\editor\unity.exe
FirewallRules: [{29FF0263-48F9-4A10-BA16-80653FBECB2C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{E5929337-6D0A-456A-B8F4-2C9C587CEA88}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{6F02BADC-09C0-46CF-AEC7-20528ED19B8B}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{9732C29C-B6B7-4906-A621-DE526B8AB897}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{78681820-90FE-4DFC-AA38-D7764C0D06DF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{D097A6E7-7217-4651-B088-6DD8AFEBAD81}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{0A289130-36E4-4AC2-AC3C-2E1E014DB817}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5F356E64-5772-4F0A-9E8A-9D6C61B27C19}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5CBA9C09-3B27-48D3-BC1F-FFC53ED4E3A1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{F530CF6C-2633-406A-9F92-ED0C4DD7A06C}] => (Allow) G:\Games\FIFA 15 Ultimate Team Edition\fifasetup\fifaconfig.exe
FirewallRules: [{1EA075C0-DC3E-4C68-8793-7D85B6A1520C}] => (Allow) G:\Games\FIFA 15 Ultimate Team Edition\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{DEFB9383-D8BB-49CA-9DF1-6BCBCA160018}G:\games\csgo2\counter-strike global offensive\csgo.exe] => (Allow) G:\games\csgo2\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{B96120F7-0EE8-4C5B-B60B-589CEEC15190}G:\games\csgo2\counter-strike global offensive\csgo.exe] => (Allow) G:\games\csgo2\counter-strike global offensive\csgo.exe
FirewallRules: [{791710DD-2F48-4877-8FF6-593E1B4FFA90}] => (Allow) \crime.exe
FirewallRules: [{12DF7F82-33B8-4121-871F-893F3AE2831C}] => (Allow) \crime.exe
FirewallRules: [{692BDDEE-7BBB-4F85-AF46-C9376A028E82}] => (Allow) G:\Games\PAYDAY 2. GOTY Edition\payday2_win32_release.exe
FirewallRules: [{35BCCFB1-C10E-4A14-B065-C3FF40A80367}] => (Allow) G:\Games\PAYDAY 2. GOTY Edition\payday2_win32_release.exe
FirewallRules: [TCP Query User{A7BDBE4B-A09B-49B6-9D13-327458E65453}G:\games\fifa 15 ultimate team edition\fifa15.exe] => (Allow) G:\games\fifa 15 ultimate team edition\fifa15.exe
FirewallRules: [UDP Query User{F1AD5603-5FD2-457B-9020-C8576A3E1D6F}G:\games\fifa 15 ultimate team edition\fifa15.exe] => (Allow) G:\games\fifa 15 ultimate team edition\fifa15.exe
FirewallRules: [TCP Query User{F9756973-C037-4C60-9D41-B8AF62CFC12D}G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe] => (Allow) G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A9CC66C0-DCB1-4F22-ACF0-11967C56D5DB}G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe] => (Allow) G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe
FirewallRules: [{8E9B5D63-584B-45B7-B474-D695BE79FA46}] => (Block) G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe
FirewallRules: [{2BF3D8E7-81DA-495F-9FB7-3A04BCBA44A4}] => (Block) G:\games\grand theft auto v - unlocked - multi 11-rldgames\grand theft auto v\gta5.exe
FirewallRules: [{FF129B59-72B2-4278-A99B-175FA418825A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0F0D3B2D-548F-46E7-B081-EC4B28FA8181}] => (Allow) LPort=2869
FirewallRules: [{B2D3CEE9-BE0F-4BB2-84FB-F922176170AE}] => (Allow) LPort=1900
FirewallRules: [{3F1F8444-B24B-4241-85A0-3738692230BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{E7B549AA-8C5E-49DF-867A-62EFDC1701D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{1EFDDF86-ABCE-4E6D-91B9-A641C8617EEC}C:\program files (x86)\ssh power gaming\sshpower.exe] => (Allow) C:\program files (x86)\ssh power gaming\sshpower.exe
FirewallRules: [UDP Query User{0B94712B-CE77-4BF9-AF57-4AE494B91849}C:\program files (x86)\ssh power gaming\sshpower.exe] => (Allow) C:\program files (x86)\ssh power gaming\sshpower.exe
FirewallRules: [TCP Query User{3ACCA04D-8BC4-4C27-9EC0-E95F9FEA47A1}C:\program files (x86)\ssh power\sshpower.exe] => (Allow) C:\program files (x86)\ssh power\sshpower.exe
FirewallRules: [UDP Query User{951D816A-CC53-4EDF-B118-9703C830380D}C:\program files (x86)\ssh power\sshpower.exe] => (Allow) C:\program files (x86)\ssh power\sshpower.exe
FirewallRules: [{5A61CD48-A754-4565-8786-C3EA6580207E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 10:44:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 10:44:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/13/2015 10:43:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 10:41:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 10:41:00 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/13/2015 10:40:59 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 10:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SSHPOWER.exe, version: 3.4.0.4, time stamp: 0x559649c8
Faulting module name: PrxDrvPE.dll, version: 3.21.1.0, time stamp: 0x50ac204b
Exception code: 0xc0000409
Fault offset: 0x000040c7
Faulting process id: 0xfb0
Faulting application start time: 0xSSHPOWER.exe0
Faulting application path: SSHPOWER.exe1
Faulting module path: SSHPOWER.exe2
Report Id: SSHPOWER.exe3
Faulting package full name: SSHPOWER.exe4
Faulting package-relative application ID: SSHPOWER.exe5
 
Error: (07/13/2015 08:22:38 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 06:47:13 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/13/2015 06:45:38 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')
 
 
System errors:
=============
Error: (07/13/2015 07:52:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.201.1615.0).
 
Error: (07/13/2015 07:46:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.201.1615.0).
 
Error: (07/13/2015 07:45:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.201.1615.0).
 
Error: (07/13/2015 07:15:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.201.1615.0).
 
Error: (07/13/2015 06:40:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.
 
Error: (07/13/2015 06:40:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
 
Error: (07/13/2015 06:39:07 PM) (Source: DCOM) (EventID: 10010) (User: IZISSUKI)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (07/13/2015 06:24:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 7 time(s).
 
Error: (07/13/2015 06:23:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Service service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (07/13/2015 06:23:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Defender Network Inspection Service service terminated unexpectedly.  It has done this 3 time(s).
 
 
Microsoft Office:
=========================
Error: (07/13/2015 10:44:39 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 10:44:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (07/13/2015 10:43:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 10:41:30 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 10:41:00 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (07/13/2015 10:40:59 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 10:35:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SSHPOWER.exe3.4.0.4559649c8PrxDrvPE.dll3.21.1.050ac204bc0000409000040c7fb001d0bd5948d483f7C:\Program Files (x86)\SSH Power\SSHPOWER.exeC:\Program Files (x86)\SSH Power\Apps\Proxifier\PrxDrvPE.dll66718c35-296c-11e5-8389-0c8bfdea352f
 
Error: (07/13/2015 08:22:38 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 06:47:13 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: -2143485946
 
Error: (07/13/2015 06:45:38 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-06-22 06:48:38.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:38.714
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:38.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:38.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:38.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:37.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:37.745
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:37.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:37.386
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-22 06:48:37.214
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 30%
Total physical RAM: 8096.39 MB
Available physical RAM: 5603.73 MB
Total Virtual: 16288.39 MB
Available Virtual: 13538.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:164.48 GB) (Free:24.5 GB) NTFS
Drive g: (izissuki) (Fixed) (Total:766.33 GB) (Free:73.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2DDB140C)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

  • 0

#5
Essexboy
Posted 13 July 2015 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Windows defender should restart after the reboot from this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

ATTENTION: System Restore is disabled
CreateRestorePoint:
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a.lnk [2015-05-28]
ShortcutTarget: a.lnk -> C:\Users\USER1\AppData\Roaming\obglspdnyk.exe ()
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_FileProtect.lnk [2014-10-17]
ShortcutTarget: LCL_FileProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_FileProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SecureBrowsing.lnk [2014-10-17]
ShortcutTarget: LCL_SecureBrowsing.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SecureBrowsing.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SysProtect.lnk [2014-10-17]
ShortcutTarget: LCL_SysProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SysProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_WebProtect.lnk [2014-10-17]
ShortcutTarget: LCL_WebProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_WebProtect.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
R2 VSSS; C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [96747584 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-07-08 09:44 - 2015-07-08 09:44 - 01415680 _____ (wj32) C:\Program Files\2KT2TBTT.exe
2015-07-08 09:33 - 2015-07-08 09:33 - 00106875 _____ C:\ProgramData\1436319079.bdinstall.bin
2015-07-08 09:28 - 2015-07-08 09:28 - 01415680 _____ (wj32) C:\Program Files\8KHKHZZZ.exe
2015-07-11 19:33 - 2015-07-11 19:33 - 01415680 _____ (wj32) C:\Program Files\JZT7DVRV.exe
2015-07-08 08:54 - 2015-07-08 08:54 - 00120455 _____ C:\ProgramData\1436316660.bdinstall.bin
2015-07-08 08:52 - 2015-07-08 08:52 - 00033123 _____ C:\ProgramData\1436316763.bdinstall.bin
2015-07-08 08:50 - 2015-07-08 08:50 - 00000000 ____D C:\Users\USER1\AppData\Roaming\QuickScan
2015-07-08 08:05 - 2015-07-08 08:05 - 01415680 _____ (wj32) C:\Program Files\111SSA11.exe
2015-07-08 07:21 - 2015-07-08 07:21 - 01415680 _____ (wj32) C:\Program Files\E55WN5NE.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\SO4S4IOW.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\EG4OCKI0.exe
2015-07-02 07:08 - 2015-07-02 07:08 - 01415680 _____ (wj32) C:\Program Files\AY0K8UYI.exe
2015-07-02 06:22 - 2015-07-02 06:22 - 01415680 _____ (wj32) C:\Program Files\B58W8EK5.exe
2015-07-01 06:43 - 2015-07-01 06:43 - 01415680 _____ (wj32) C:\Program Files\5P75NBFL.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\H55RF7DT.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\79VFXZHJ.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\MKWIWMK4.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\KO2GEA84.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\G0SI8SGY.exe
2015-06-28 18:09 - 2015-06-28 18:09 - 01415680 _____ (wj32) C:\Program Files\UEG4KK86.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\UG4UYIAK.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\IM0KM6E0.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\80E0A2E8.exe
2015-06-25 02:05 - 2015-06-25 02:05 - 01415680 _____ (wj32) C:\Program Files\JHHHJJPX.exe
Task: {4301CEC1-06B0-493C-8912-B535A25991BA} - \WPD\SqmUpload_S-1-5-21-1025023637-3457176879-1876305215-1001 No Task File <==== ATTENTION
C:\Users\USER1\AppData\Roaming\SecureBrowsing
C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
2015-05-28 12:22 - 2015-05-28 12:22 - 69718016 __RSH () C:\Users\USER1\AppData\Roaming\obglspdnyk.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#6
izissuki
Posted 13 July 2015 - 11:39 PM

izissuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015

Ran by USER1 at 2015-07-14 12:16:59 Run:2
Running from C:\Users\USER1\Desktop
Loaded Profiles: USER1 (Available Profiles: USER1)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ATTENTION: System Restore is disabled
CreateRestorePoint:
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a.lnk [2015-05-28]
ShortcutTarget: a.lnk -> C:\Users\USER1\AppData\Roaming\obglspdnyk.exe ()
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_FileProtect.lnk [2014-10-17]
ShortcutTarget: LCL_FileProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_FileProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SecureBrowsing.lnk [2014-10-17]
ShortcutTarget: LCL_SecureBrowsing.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SecureBrowsing.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SysProtect.lnk [2014-10-17]
ShortcutTarget: LCL_SysProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SysProtect.exe (No File)
Startup: C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_WebProtect.lnk [2014-10-17]
ShortcutTarget: LCL_WebProtect.lnk -> C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_WebProtect.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
R2 VSSS; C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [96747584 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
2015-07-08 09:44 - 2015-07-08 09:44 - 01415680 _____ (wj32) C:\Program Files\2KT2TBTT.exe
2015-07-08 09:33 - 2015-07-08 09:33 - 00106875 _____ C:\ProgramData\1436319079.bdinstall.bin
2015-07-08 09:28 - 2015-07-08 09:28 - 01415680 _____ (wj32) C:\Program Files\8KHKHZZZ.exe
2015-07-11 19:33 - 2015-07-11 19:33 - 01415680 _____ (wj32) C:\Program Files\JZT7DVRV.exe
2015-07-08 08:54 - 2015-07-08 08:54 - 00120455 _____ C:\ProgramData\1436316660.bdinstall.bin
2015-07-08 08:52 - 2015-07-08 08:52 - 00033123 _____ C:\ProgramData\1436316763.bdinstall.bin
2015-07-08 08:50 - 2015-07-08 08:50 - 00000000 ____D C:\Users\USER1\AppData\Roaming\QuickScan
2015-07-08 08:05 - 2015-07-08 08:05 - 01415680 _____ (wj32) C:\Program Files\111SSA11.exe
2015-07-08 07:21 - 2015-07-08 07:21 - 01415680 _____ (wj32) C:\Program Files\E55WN5NE.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\SO4S4IOW.exe
2015-07-05 05:44 - 2015-07-05 05:44 - 01415680 _____ (wj32) C:\Program Files\EG4OCKI0.exe
2015-07-02 07:08 - 2015-07-02 07:08 - 01415680 _____ (wj32) C:\Program Files\AY0K8UYI.exe
2015-07-02 06:22 - 2015-07-02 06:22 - 01415680 _____ (wj32) C:\Program Files\B58W8EK5.exe
2015-07-01 06:43 - 2015-07-01 06:43 - 01415680 _____ (wj32) C:\Program Files\5P75NBFL.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\H55RF7DT.exe
2015-06-30 05:49 - 2015-06-30 05:49 - 01415680 _____ (wj32) C:\Program Files\79VFXZHJ.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\MKWIWMK4.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\KO2GEA84.exe
2015-06-29 21:49 - 2015-06-29 21:49 - 01415680 _____ (wj32) C:\Program Files\G0SI8SGY.exe
2015-06-28 18:09 - 2015-06-28 18:09 - 01415680 _____ (wj32) C:\Program Files\UEG4KK86.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\UG4UYIAK.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\IM0KM6E0.exe
2015-06-26 09:46 - 2015-06-26 09:46 - 01415680 _____ (wj32) C:\Program Files\80E0A2E8.exe
2015-06-25 02:05 - 2015-06-25 02:05 - 01415680 _____ (wj32) C:\Program Files\JHHHJJPX.exe
Task: {4301CEC1-06B0-493C-8912-B535A25991BA} - \WPD\SqmUpload_S-1-5-21-1025023637-3457176879-1876305215-1001 No Task File <==== ATTENTION
C:\Users\USER1\AppData\Roaming\SecureBrowsing
C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
C:\Program Files\kprocesshacker.sys
2015-05-28 12:22 - 2015-05-28 12:22 - 69718016 __RSH () C:\Users\USER1\AppData\Roaming\obglspdnyk.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
ATTENTION: System Restore is disabled => Error: No automatic fix found for this entry.
Error: (0) Failed to create a restore point.
C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a.lnk not found.
C:\Users\USER1\AppData\Roaming\obglspdnyk.exe not found.
C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_FileProtect.lnk not found.
C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_FileProtect.exe not found.
C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SecureBrowsing.lnk not found.
C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SecureBrowsing.exe not found.
C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_SysProtect.lnk not found.
C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_SysProtect.exe not found.
C:\Users\USER1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LCL_WebProtect.lnk not found.
C:\Users\USER1\AppData\Roaming\SecureBrowsing\LCL_WebProtect.exe not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
VSSS => Service not found.
KProcessHacker2 => Service not found.
"C:\Program Files\2KT2TBTT.exe" => File/Folder not found.
"C:\ProgramData\1436319079.bdinstall.bin" => File/Folder not found.
"C:\Program Files\8KHKHZZZ.exe" => File/Folder not found.
"C:\Program Files\JZT7DVRV.exe" => File/Folder not found.
"C:\ProgramData\1436316660.bdinstall.bin" => File/Folder not found.
"C:\ProgramData\1436316763.bdinstall.bin" => File/Folder not found.
"C:\Users\USER1\AppData\Roaming\QuickScan" => File/Folder not found.
"C:\Program Files\111SSA11.exe" => File/Folder not found.
"C:\Program Files\E55WN5NE.exe" => File/Folder not found.
"C:\Program Files\SO4S4IOW.exe" => File/Folder not found.
"C:\Program Files\EG4OCKI0.exe" => File/Folder not found.
"C:\Program Files\AY0K8UYI.exe" => File/Folder not found.
"C:\Program Files\B58W8EK5.exe" => File/Folder not found.
"C:\Program Files\5P75NBFL.exe" => File/Folder not found.
"C:\Program Files\H55RF7DT.exe" => File/Folder not found.
"C:\Program Files\79VFXZHJ.exe" => File/Folder not found.
"C:\Program Files\MKWIWMK4.exe" => File/Folder not found.
"C:\Program Files\KO2GEA84.exe" => File/Folder not found.
"C:\Program Files\G0SI8SGY.exe" => File/Folder not found.
"C:\Program Files\UEG4KK86.exe" => File/Folder not found.
"C:\Program Files\UG4UYIAK.exe" => File/Folder not found.
"C:\Program Files\IM0KM6E0.exe" => File/Folder not found.
"C:\Program Files\80E0A2E8.exe" => File/Folder not found.
"C:\Program Files\JHHHJJPX.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4301CEC1-06B0-493C-8912-B535A25991BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1025023637-3457176879-1876305215-1001" => key removed successfully
"C:\Users\USER1\AppData\Roaming\SecureBrowsing" => File/Folder not found.
C:\Users\USER1\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe => moved successfully.
"C:\Program Files\kprocesshacker.sys" => File/Folder not found.
"C:\Users\USER1\AppData\Roaming\obglspdnyk.exe" => File/Folder not found.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1025023637-3457176879-1876305215-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {3E5E8902-B0F9-4FE7-9ABC-13C0C5F42B49}.
Unable to cancel {AA1AC1AF-002A-472D-897F-0894CD029569}.
Unable to cancel {0236A0D3-5E5F-422C-B1EC-952DD19EECC4}.
Unable to cancel {FDF9F79C-F34B-4667-B117-BD2AD2661F45}.
0 out of 4 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 323.9 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 12:17:09 ====

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software

Run date: 2015-07-14 13:14:33
-----------------------------
13:14:33.284    OS Version: Windows x64 6.2.9200 
13:14:33.284    Number of processors: 4 586 0x4501
13:14:33.284    ComputerName: IZISSUKI  UserName: USER1
13:14:35.910    Initialize success
13:14:35.910    VM: initialized successfully
13:14:35.910    VM: Intel CPU supported 
13:14:42.046    VM: disk I/O iaStorA.sys
13:15:12.612    AVAST engine defs: 15071301
13:15:17.315    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
13:15:17.315    Disk 0 Vendor: WDC_WD10JPVX-75JC3T0 01.01A01 Size: 953869MB BusType: 11
13:15:17.471    Disk 0 MBR read successfully
13:15:17.471    Disk 0 MBR scan
13:15:17.471    Disk 0 unknown MBR code
13:15:17.471    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
13:15:17.502    Disk 0 scanning C:\windows\system32\drivers
13:15:31.706    Service scanning
13:16:08.222    Modules scanning
13:16:08.222    Disk 0 trace - called modules:
13:16:08.238    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
13:16:08.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001e78ba060]
13:16:08.238    3 CLASSPNP.SYS[fffff801e0b8b170] -> nt!IofCallDriver -> [0xffffe001e5bd09d0]
13:16:08.238    5 ACPI.sys[fffff801dfe26c21] -> nt!IofCallDriver -> [0xffffe001e5bd29f0]
13:16:08.238    7 ACPI.sys[fffff801dfe26c21] -> nt!IofCallDriver -> \Device\00000038[0xffffe001e5bd2060]
13:16:08.925    AVAST engine scan C:\windows
13:16:10.394    AVAST engine scan C:\windows\system32
13:20:57.189    AVAST engine scan C:\windows\system32\drivers
13:21:30.317    AVAST engine scan C:\Users\USER1
13:24:15.489    File: C:\Users\USER1\AppData\Local\Unity\WebPlayer\Uninstall.exe  **INFECTED** Win32:Malware-gen
13:27:02.701    AVAST engine scan C:\ProgramData
13:31:05.530    Disk 0 statistics 5697785/0/0 @ 3.77 MB/s
13:31:05.530    Scan finished successfully
13:32:54.449    Disk 0 MBR has been saved successfully to "C:\Users\USER1\Desktop\MBR.dat"
13:32:54.465    The log file has been saved successfully to "C:\Users\USER1\Desktop\aswMBR.txt"
 
 

  • 0

#7
Essexboy
Posted 14 July 2015 - 07:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK can you confirm that defender is now running... Lets check out your services now

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#8
izissuki
Posted 14 July 2015 - 10:14 AM

izissuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

defender is now running

 

Farbar Service Scanner Version: 17-01-2015

Ran by USER1 (administrator) on 15-07-2015 at 00:04:47
Running from "C:\Users\USER1\Downloads\Programs"
Microsoft Windows 8.1 Single Language  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\windows\system32\wuaueng.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#9
Essexboy
Posted 14 July 2015 - 10:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK looks good, any further problems ?
  • 0

#10
izissuki
Posted 14 July 2015 - 11:21 AM

izissuki

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

nope.. problem solved.. thanks

btw if the same thing happen i can follow the same step or not?


  • 0

#11
Essexboy
Posted 14 July 2015 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It would be rare for the same circumstances to occur again, each infection is different

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#12
Essexboy
Posted 16 July 2015 - 01:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: security

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP