Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my room mate has installed some spy software on my computer


  • Please log in to reply

#1
kimboley

kimboley

    New Member

  • Member
  • Pip
  • 1 posts

And I believe I have some other stuff going on.  There are several processes running (56 right now, many svchost) , my computer is very slow.  Based on what I gathered from your "click here link" Here are my FARBAR logs.  

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015

Ran by Cass (administrator) on NONYA15 (31-10-2015 23:24:35)
Running from C:\Users\Cass\Desktop
Loaded Profiles: Cass & Administrator (Available Profiles: Cass & Administrator)
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MountPoints2: {25fc4f4c-4451-11e5-b5e5-806e6f6e6963} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MountPoints2: {68dd1225-75d1-11e3-8cc0-001e68079f8d} - E:\X-Player.exe
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MountPoints2: {ced82e53-3d32-11e3-8c3a-001e68079f8d} - E:\WinInit.exe -c
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MountPoints2: {d1eaed85-8172-11e3-8b26-001e68079f8d} - E:\start.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-05-30]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-04-04] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-08-13]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-10-13]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2014-02-03]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920 2013-10-07] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920 2013-10-07] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920 2013-10-07] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920 2013-10-07] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920 2013-10-07] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{32CF492C-E4DA-46C0-85B6-A5A76C906C46}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{32CF492C-E4DA-46C0-85B6-A5A76C906C46}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{5BD63134-E56E-4A19-9038-BF4E707BC4F2}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D90E2F71-2FA1-4398-A16F-E6559360F699}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_42&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDyCtC0FtA0AtCtAyCtA0FyD0Czz0E0FtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtA0D0A0EtDtCtBtGtDtC0CzytGyBtDyEyCtGtCtBzz0FtG0DtByEtBtB0FyDtC0AyByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyD0E0DtC0ByEtG0CtByEzytGyE0C0DtAtGzz0FyDyBtG0F0FtCyBtBzy0AtD0D0E0B0D2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtDyB%26cr%3D820350760%26a%3Dwncy_rsprck_15_42%26os%3DWindows%2B7%2BProfessional
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://validator.w3.org/check?verbose=1&uri=https%3a%2f%2fapps.facebook.com%2fplayroyalstory%2f%3ffb_source%3dbookmark&ref=bookmarks&count=1&fb_bmpos=_1#result
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.us.com/?guid={0A59099B-DEFC-4016-A1E2-E8AC6B791459}
URLSearchHook: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {B9D9229B-DB13-4D7C-A528-EAEABAAFC275} URL = 
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> DefaultScope {B9D9229B-DB13-4D7C-A528-EAEABAAFC275} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDyCtC0FtA0AtCtAyCtA0FyD0Czz0E0FtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtA0D0A0EtDtCtBtGtDtC0CzytGyBtDyEyCtGtCtBzz0FtG0DtByEtBtB0FyDtC0AyByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyD0E0DtC0ByEtG0CtByEzytGyE0C0DtAtGzz0FyDyBtG0F0FtCyBtBzy0AtD0D0E0B0D2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtDyB%26cr%3D820350760%26a%3Dwncy_rsprck_15_42%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3313053&CUI=UN34530333082868518&UM=2
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> {9A11EA5D-ED11-4C7F-AEAA-B4968864762F} URL = hxxp://search.us.com/serp?guid={0A59099B-DEFC-4016-A1E2-E8AC6B791459}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> {B9D9229B-DB13-4D7C-A528-EAEABAAFC275} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_42&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDyCtC0FtA0AtCtAyCtA0FyD0Czz0E0FtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtA0D0A0EtDtCtBtGtDtC0CzytGyBtDyEyCtGtCtBzz0FtG0DtByEtBtB0FyDtC0AyByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyD0E0DtC0ByEtG0CtByEzytGyE0C0DtAtGzz0FyDyBtG0F0FtCyBtBzy0AtD0D0E0B0D2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtDyB%26cr%3D820350760%26a%3Dwncy_rsprck_15_42%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> {BD5EDF0A-FB97-408B-A52B-40C8B697379B} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10741
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: MyWordTool -> {45470599-8237-486D-87B5-E89CD6AED154} -> C:\Users\Cass\AppData\Roaming\MyWordTool\temp.dat [2013-11-13] ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-11] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-11] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000 -> No Name - {4A160CE5-221E-4BB8-A888-A01F527BB6E9} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2009-11-25] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3367200531-2821374276-1671337202-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cass\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3367200531-2821374276-1671337202-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_42&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDyCtC0FtA0AtCtAyCtA0FyD0Czz0E0FtN0D0Tzu0StCtAzzyDtN1L2XzutAtFtCtAtFyBtFtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtA0D0A0EtDtCtBtGtDtC0CzytGyBtDyEyCtGtCtBzz0FtG0DtByEtBtB0FyDtC0AyByE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FyD0E0DtC0ByEtG0CtByEzytGyE0C0DtAtGzz0FyDyBtG0F0FtCyBtBzy0AtD0D0E0B0D2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtDyB%26cr%3D820350760%26a%3Dwncy_rsprck_15_42%26os%3DWindows%2B7%2BProfessional
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-12]
CHR Extension: (Google Drive) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Entanglement) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmnpffgfpcohhpoddjankjanolcekbni [2015-08-01]
CHR Extension: (BetterCareerSearch) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\fddgbombopilgefffbcgcfneiejeclia [2015-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Fairway Solitaire) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpbdfapchjogkmfpcmnfjdimgijhdho [2014-03-25]
CHR Extension: (Prelude Character Analysis) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifoiecdlhmhgedaadljjciglhaokmaio [2014-03-20]
CHR Extension: (Best Games Collection) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjbggabcnolbjngfelaodkfoabjmjicc [2015-01-23]
CHR Extension: (AudioSauna) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2014-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (AR BookFinder) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\okollfmdmibjjajebandggobmhcjppej [2014-03-25]
CHR Extension: (0h h1) - C:\Users\Cass\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfbpnkceanpmmgpdahebjkenffkahfb [2015-09-24]
CHR HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Cass\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-19]
CHR HKLM-x32\...\Chrome\Extension: [bicnnkjibmphdeigoodpjlcklcnaobdj] - C:\Program Files (x86)\TornTV.com\torntv10.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2015-05-30] () [File not signed]
S4 Adpiltopit1ati; C:\Windows\system32\bthudtask.exe [36864 2009-07-13] (Microsoft Corporation)
S4 Adpiltopit1ati; C:\Windows\SysWOW64\bthudtask.exe [35328 2009-07-13] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 ptsysexec; C:\Windows\ptsysexec.exe [436320 2015-06-30] (Pismo Technic Inc.)
R2 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2013-12-27] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X] <==== ATTENTION
S4 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [X]
S4 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION
S4 Update albrechto; "C:\Program Files (x86)\albrechto\updatealbrechto.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
S3 cpuz135; C:\Users\Cass\AppData\Local\Temp\HBCD\PCWizard\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2015-01-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S3 pfmfs_178; C:\Windows\System32\Drivers\pfmfs_178.sys [320904 2015-06-30] (Pismo Technic Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2015-01-15] (Duplex Secure Ltd.)
S3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [95232 2011-11-30] (u-blox AG)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [34512 2015-02-21] ()
S2 zyUSBDrv; C:\Windows\System32\Drivers\zyUSBDrv.sys [23376 2011-01-07] (Guang Zhou ZLG_MCU Development Co. LTD.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-31 23:24 - 2015-10-31 23:25 - 00020905 _____ C:\Users\Cass\Desktop\FRST.txt
2015-10-31 23:24 - 2015-10-31 23:24 - 00000000 ____D C:\FRST
2015-10-31 23:23 - 2015-10-31 23:23 - 02198016 _____ (Farbar) C:\Users\Cass\Desktop\FRST64.exe
2015-10-31 15:14 - 2015-10-31 15:14 - 00012313 _____ C:\Users\Cass\Documents\thermoscientificcl.odt
2015-10-31 12:43 - 2015-10-31 12:43 - 00015010 _____ C:\Users\Cass\Documents\kvresume.odt
2015-10-31 03:50 - 2015-10-31 03:50 - 00274144 _____ C:\Windows\Minidump\103115-23150-01.dmp
2015-10-31 00:05 - 2015-10-31 00:43 - 00013805 _____ C:\Users\Cass\Documents\newresume11.odt
2015-10-30 22:40 - 2015-10-30 22:40 - 00009838 _____ C:\Users\Cass\Documents\uuu.bas
2015-10-29 19:10 - 2015-10-30 21:27 - 00015824 _____ C:\Users\Cass\Documents\newresume1.odt
2015-10-28 20:09 - 2015-10-28 20:09 - 00010735 _____ C:\Users\Cass\Documents\Untitled 1.odt
2015-10-28 02:02 - 2015-10-28 20:08 - 00016922 _____ C:\Users\Cass\Documents\newresume.odt
2015-10-28 00:55 - 2015-10-28 00:55 - 00274144 _____ C:\Windows\Minidump\102815-26067-01.dmp
2015-10-27 22:15 - 2015-10-27 22:15 - 00000000 ____D C:\Users\Cass\Downloads\216-Hard-Worker
2015-10-25 00:34 - 2015-10-25 00:35 - 06191245 _____ C:\Users\Cass\Downloads\textArt_Eval_Setup.exe
2015-10-23 23:37 - 2015-10-23 23:37 - 00000000 ____D C:\Users\Cass\Documents\openyemp
2015-10-23 15:22 - 2015-10-25 12:51 - 00013829 _____ C:\Users\Cass\Documents\coverletter.odt
2015-10-23 14:38 - 2015-10-31 13:37 - 00012753 _____ C:\Users\Cass\Documents\internet.odt
2015-10-23 12:37 - 2015-10-23 12:37 - 00274088 _____ C:\Windows\Minidump\102315-26208-01.dmp
2015-10-22 02:22 - 2015-10-22 02:22 - 00013038 _____ C:\Users\Cass\Documents\trswedfrggtt.ods
2015-10-21 12:10 - 2015-10-21 12:10 - 00274144 _____ C:\Windows\Minidump\102115-38189-01.dmp
2015-10-20 18:53 - 2015-10-20 20:46 - 00013725 _____ C:\Users\Cass\Downloads\Tiffany  client ledger.ods
2015-10-20 00:58 - 2015-10-20 00:58 - 00000000 ____D C:\Users\Cass\Documents\kimb
2015-10-20 00:58 - 2015-10-20 00:58 - 00000000 ____D C:\Users\Cass\Documents\band1
2015-10-20 00:56 - 2015-10-20 00:56 - 00000000 ____D C:\Users\Cass\Documents\banner1
2015-10-19 16:26 - 2015-10-19 16:26 - 00044744 _____ C:\Users\Cass\Downloads\exhibitpages.zip
2015-10-19 15:43 - 2015-10-19 15:43 - 00008827 _____ C:\Users\Cass\Documents\e.odt
2015-10-19 15:42 - 2015-10-19 15:42 - 00008831 _____ C:\Users\Cass\Documents\d.odt
2015-10-19 15:42 - 2015-10-19 15:42 - 00008831 _____ C:\Users\Cass\Documents\b.odt
2015-10-19 15:42 - 2015-10-19 15:42 - 00008828 _____ C:\Users\Cass\Documents\c.odt
2015-10-19 15:11 - 2015-10-19 15:11 - 00262144 ____N C:\Windows\Minidump\101915-35427-01.dmp
2015-10-19 15:10 - 2015-10-19 15:10 - 00262144 ____N C:\Windows\Minidump\101915-33337-01.dmp
2015-10-19 05:44 - 2015-10-19 05:44 - 00000000 ____D C:\Users\Cass\Documents\Corel User Files
2015-10-19 05:22 - 2015-10-19 05:26 - 00000000 ____D C:\Users\Cass\Documents\kimbanner
2015-10-18 12:56 - 2015-10-18 12:57 - 00000000 ____D C:\Users\Cass\Downloads\QuickBooks Premier  2010
2015-10-17 14:12 - 2015-10-19 15:17 - 00012525 _____ C:\Users\Cass\Documents\exhibitindex.odt
2015-10-16 20:40 - 2015-10-16 20:41 - 00009992 _____ C:\Users\Cass\Documents\billnotes.odt
2015-10-16 15:45 - 2015-10-16 15:45 - 00011283 _____ C:\Users\Cass\Documents\softwarelist.ods
2015-10-16 11:13 - 2015-10-16 11:38 - 00014336 _____ C:\Users\Cass\Downloads\360 Degree Reference Sheet.xls
2015-10-16 02:24 - 2015-10-16 02:24 - 00000000 ____D C:\Users\Cass\Documents\kim
2015-10-15 16:09 - 2015-10-19 18:30 - 00019961 _____ C:\Users\Cass\Documents\WILLIAM.odt
2015-10-15 15:05 - 2015-10-15 15:05 - 00016587 _____ C:\Users\Cass\Downloads\gen_pleading_paper_format_no_lines_013_multiple_pages.stw
2015-10-15 14:48 - 2015-10-15 14:48 - 00002138 _____ C:\Users\Public\Desktop\Google Web Designer.lnk
2015-10-15 14:48 - 2015-10-15 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Web Designer
2015-10-15 14:45 - 2015-10-15 14:46 - 00929872 _____ (Google Inc.) C:\Users\Cass\Downloads\googlewebdesigner_win.exe
2015-10-14 12:18 - 2015-10-14 12:18 - 00018404 _____ C:\Users\Cass\Downloads\professional-elegant-combination-resume.ott
2015-10-14 12:13 - 2015-10-14 12:14 - 06070418 _____ C:\Users\Cass\Downloads\dict-en.oxt
2015-10-13 16:34 - 2015-10-13 16:34 - 00000000 ____D C:\Users\Cass\Downloads\time-matters-setup-12-sp2
2015-10-13 11:22 - 2015-10-13 11:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TP-LINK
2015-10-13 11:12 - 2015-10-13 11:12 - 00003206 _____ C:\Windows\System32\Tasks\{19B98796-2074-4987-9390-F3D15E833604}
2015-10-13 10:48 - 2015-10-13 10:48 - 00002271 _____ C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk
2015-10-13 10:46 - 2014-04-08 09:42 - 00926824 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTL8192cu.sys
2015-10-13 10:46 - 2014-04-08 09:42 - 00882792 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\rtl8192cu.sys
2015-10-13 10:46 - 2014-04-08 09:42 - 00007534 _____ C:\Windows\system32\net8192cu.cat
2015-10-11 12:49 - 2015-10-11 12:49 - 00011522 _____ C:\Users\Cass\Documents\samplecoverletter.odt
2015-10-11 11:41 - 2015-10-11 11:41 - 00011238 _____ C:\Users\Cass\Documents\constructionbookkeepercover.odt
2015-10-11 03:20 - 2015-10-14 15:39 - 00014251 _____ C:\Users\Cass\Documents\resume1.odt
2015-10-09 12:26 - 2015-10-11 14:32 - 00011245 _____ C:\Users\Cass\Documents\coverpetsitter.odt
2015-10-09 11:16 - 2015-10-12 16:15 - 00013494 _____ C:\Users\Cass\Documents\animal resume.odt
2015-10-05 16:27 - 2015-10-05 16:27 - 00012621 _____ C:\Users\Cass\Documents\suffer.odt
2015-10-03 18:19 - 2015-10-03 18:19 - 00013308 _____ C:\Users\Cass\Documents\alkathy.odt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-31 23:19 - 2013-10-18 23:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 23:01 - 2013-10-18 20:25 - 00001266 _____ C:\Windows\Tasks\Torntv 2-updater.job
2015-10-31 23:01 - 2013-10-18 20:25 - 00001158 _____ C:\Windows\Tasks\Torntv 2-codedownloader.job
2015-10-31 23:01 - 2013-10-18 20:25 - 00001068 _____ C:\Windows\Tasks\Torntv 2-enabler.job
2015-10-31 22:39 - 2009-07-13 21:45 - 00023136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 22:39 - 2009-07-13 21:45 - 00023136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 22:32 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 22:31 - 2009-07-13 21:51 - 01545582 _____ C:\Windows\setupact.log
2015-10-31 15:32 - 2015-08-02 18:07 - 00000000 ____D C:\al
2015-10-31 03:50 - 2013-10-19 23:40 - 00000000 ____D C:\Windows\Minidump
2015-10-31 02:36 - 2009-07-13 22:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-31 01:10 - 2013-11-29 23:21 - 00000000 ____D C:\ProgramData\Adobe
2015-10-31 01:10 - 2013-10-18 19:02 - 00000000 ____D C:\Users\Cass\AppData\Roaming\Adobe
2015-10-30 10:40 - 2015-07-26 09:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 02:46 - 2013-10-18 18:11 - 00000000 ____D C:\Users\Cass
2015-10-29 21:52 - 2014-04-22 20:09 - 00002828 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2015-10-28 02:02 - 2015-09-28 21:11 - 00014087 _____ C:\Users\Cass\Documents\resumestuff.ods
2015-10-28 01:10 - 2013-10-18 17:57 - 00712925 _____ C:\Windows\WindowsUpdate.log
2015-10-27 23:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-27 22:27 - 2014-01-04 07:24 - 00007628 _____ C:\Users\Cass\AppData\Local\Resmon.ResmonCfg
2015-10-27 22:21 - 2015-02-21 20:15 - 00000000 ____D C:\Users\Cass\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2015-10-27 04:33 - 2013-11-16 14:24 - 00000000 ____D C:\Users\Cass\AppData\Roaming\vlc
2015-10-27 04:21 - 2015-04-08 23:06 - 00000000 ____D C:\Users\Cass\Desktop\ccc
2015-10-23 14:22 - 2013-10-18 23:48 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 23:03 - 2014-10-24 01:14 - 00010618 _____ C:\Users\Cass\Documents\lifetimeline.ods
2015-10-22 14:23 - 2015-09-17 22:06 - 00017102 _____ C:\Users\Cass\Documents\suffering.odt
2015-10-22 12:53 - 2015-06-06 04:55 - 00021122 _____ C:\Users\Cass\Documents\rob.odt
2015-10-21 12:24 - 2014-01-19 16:13 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-10-21 12:24 - 2014-01-19 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-19 15:01 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-19 12:10 - 2015-01-12 22:00 - 00000000 ____D C:\frome
2015-10-18 00:05 - 2013-10-18 22:42 - 00053074 _____ C:\Windows\PFRO.log
2015-10-17 18:25 - 2014-12-25 15:39 - 00000000 ____D C:\Users\Cass\AppData\Roaming\Audacity
2015-10-15 14:48 - 2013-10-18 23:46 - 00000000 ____D C:\Users\Cass\AppData\Local\Google
2015-10-15 14:48 - 2013-10-18 23:46 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-15 11:29 - 2013-11-29 23:21 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-13 16:35 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-13 11:13 - 2014-01-28 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-10-13 11:13 - 2014-01-28 01:35 - 00000000 ____D C:\ProgramData\TP-LINK
2015-10-13 10:56 - 2015-08-01 21:09 - 00000000 ____D C:\Users\Cass\AppData\Roaming\BitTorrent
2015-10-13 10:46 - 2013-10-18 22:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-12 02:45 - 2015-08-24 17:59 - 00000000 ____D C:\Users\Cass\Desktop\cerberus
2015-10-02 10:02 - 2015-08-04 09:53 - 00000000 ____D C:\Users\Cass\Documents\arenatest
2015-10-02 07:56 - 2015-09-24 19:30 - 00015909 _____ C:\Users\Cass\Documents\arena.odt
2015-10-02 06:14 - 2013-10-18 18:49 - 00081344 _____ C:\Users\Cass\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-01 12:31 - 2009-07-13 21:45 - 00337376 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-01 05:20 - 2014-05-29 19:14 - 00000000 ____D C:\Users\Cass\AppData\Local\Apps\2.0
 
==================== Files in the root of some directories =======
 
2015-02-21 20:18 - 2015-02-21 20:18 - 0001167 _____ () C:\Users\Cass\AppData\Roaming\trace_FilterInstaller.txt
2015-02-21 20:18 - 2015-02-21 20:18 - 0000000 _____ () C:\Users\Cass\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-01-04 07:24 - 2015-10-27 22:27 - 0007628 _____ () C:\Users\Cass\AppData\Local\Resmon.ResmonCfg
2013-12-20 21:24 - 2015-04-01 10:48 - 0002135 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Cass\edb_psqlodbc.exe
 
 
Some files in TEMP:
====================
C:\Users\Cass\AppData\Local\Temp\AlternateStreamView.exe
C:\Users\Cass\AppData\Local\Temp\dateinj01.dll
C:\Users\Cass\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Cass\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Cass\AppData\Local\Temp\drm_dyndata_7320012.dll
C:\Users\Cass\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Cass\AppData\Local\Temp\HSS9443.exe
C:\Users\Cass\AppData\Local\Temp\IMsetup.exe
C:\Users\Cass\AppData\Local\Temp\INST01.dll
C:\Users\Cass\AppData\Local\Temp\InstallIMVU_522.0.exe
C:\Users\Cass\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Cass\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Cass\AppData\Local\Temp\KUIU.EXE
C:\Users\Cass\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Cass\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Cass\AppData\Local\Temp\nsb6483.exe
C:\Users\Cass\AppData\Local\Temp\nsg5B2F.exe
C:\Users\Cass\AppData\Local\Temp\nsg6935.exe
C:\Users\Cass\AppData\Local\Temp\nsj7F15.exe
C:\Users\Cass\AppData\Local\Temp\nsl566D.exe
C:\Users\Cass\AppData\Local\Temp\nso97FE.exe
C:\Users\Cass\AppData\Local\Temp\nsu593B.exe
C:\Users\Cass\AppData\Local\Temp\NTFSAccess.exe
C:\Users\Cass\AppData\Local\Temp\OutfoxTV_bg_silent_175.exe
C:\Users\Cass\AppData\Local\Temp\QVEHNTPJEW.exe
C:\Users\Cass\AppData\Local\Temp\SPStub.exe
C:\Users\Cass\AppData\Local\Temp\supoptsetup.exe
C:\Users\Cass\AppData\Local\Temp\T.exe
C:\Users\Cass\AppData\Local\Temp\tbKey0.dll
C:\Users\Cass\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Cass\AppData\Local\Temp\vxlsetup.exe
C:\Users\Cass\AppData\Local\Temp\{37BE7AAD-6429-4836-A1D1-F900CF4ACD8D}-39.0.2171.71_chrome_installer.exe
C:\Users\Cass\AppData\Local\Temp\{8A2541C6-BBD7-48D5-9C24-C259252273CD}-38.0.2125.111_chrome_installer.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-21 21:04
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Cass (2015-10-31 23:25:50)
Running from C:\Users\Cass\Desktop
Windows 7 Professional (X64) (2013-10-19 01:11:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3367200531-2821374276-1671337202-500 - Administrator - Enabled) => C:\Users\Administrator
Cass (S-1-5-21-3367200531-2821374276-1671337202-1000 - Administrator - Enabled) => C:\Users\Cass
Guest (S-1-5-21-3367200531-2821374276-1671337202-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3367200531-2821374276-1671337202-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3D Shadow 1.2 (HKLM-x32\...\3D Shadow) (Version: 1.2 - Lokas Software)
3DP Chip v13.11 (HKLM-x32\...\3DP Chip) (Version: v13.11 - )
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
CDRoller version 8.00 (HKLM-x32\...\CDRoller_is1) (Version: 8.00 - Digital Atlantic Corp.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.60 - Conexant)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\_{63218538-4A69-497F-8455-904261B0E9E4}) (Version:  - Corel Corporation)
CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden
DiskInternals CD-DVD Recovery (HKLM-x32\...\DiskInternals CD-DVD Recovery) (Version: 4.1 - DiskInternals Research)
DR Systems Web Ambassador (HKLM-x32\...\{98BCB68E-274F-11D4-B2FA-00105AA9021A}) (Version:  - )
EN (x32 Version: 13.1 - Corel Corporation) Hidden
Extensis Intellihance Pro 4.0 (HKLM-x32\...\Extensis Intellihance Pro 4.0) (Version:  - )
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version:  - )
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.7.0 - Google Inc.)
HP Photosmart C309a All-In-One Driver 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Lightscreen (HKLM-x32\...\Lightscreen) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31119 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWordTool (HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\MyWordTool) (Version: 1 - hxxp://www.mywordtool.com)
Neat Image v6.0 Pro+ (HKLM-x32\...\Neat Image_is1) (Version:  - Neat Image team, ABSoft)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8AAB4176-A747-493A-A42C-B63CFADFD8E3}) (Version: 9.09.0010 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
pluginCreativity textArt (HKLM-x32\...\pluginCreativity textArt) (Version:  - )
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Premier: Professional Services Edition 2010 (HKLM-x32\...\{0700E22B-A434-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
RICOH Media Driver ver.2.07.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.02 - RICOH)
Sandlot Games Client Services (HKLM-x32\...\Sandlot Games Client Services_is1) (Version:  - Sandlot Games)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
u-center v8.11 (HKLM-x32\...\u-center v8.11) (Version: 8.11 - u-blox)
Unity Web Player (HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
Vertus Fluid Mask 3 2.100.2-RC2 (HKLM-x32\...\VertusFluidMask3) (Version: 2.100.2-RC2 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.05 - NCH Software)
Windows Driver Package - u-blox AG (ubloxusb) Ports  (07/03/2013 1.2.0.8) (HKLM\...\FD26D50F08971338088D01BEDED393EC9F9C4FA7) (Version: 07/03/2013 1.2.0.8 - u-blox AG)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3367200531-2821374276-1671337202-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll => No File
 
==================== Restore Points =========================
 
17-10-2015 18:34:25 Installed amrtomp3_setup
19-10-2015 12:12:51 Removed Logitech Harmony Remote Software 7
26-10-2015 15:04:06 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03532F57-C8A1-473A-AAE8-6EDFE2EEC99E} - System32\Tasks\{19B98796-2074-4987-9390-F3D15E833604} => pcalua.exe -a D:\TL-WN821N_V4.0_TL-WN822N_V3.0_TL-WN823N_V1.0\Setup.exe -d D:\TL-WN821N_V4.0_TL-WN822N_V3.0_TL-WN823N_V1.0
Task: {081CF75F-0B6F-4A24-88F9-32CBEFCA2286} - System32\Tasks\{29190F2B-17CA-4AF1-A6E4-A3479FE675BA} => pcalua.exe -a "D:\Photoshop PlugIn - Blade Pro\BLADEPRO.EXE" -d "D:\Photoshop PlugIn - Blade Pro"
Task: {0944DDC8-865B-4A98-9C64-7F4CDAA6C6FE} - System32\Tasks\{907A42E5-F1BB-4526-B4DE-52AB0DAB9476} => C:\Users\Cass\Downloads\kais\kai's power tools 3 photoshop plugins\SETUP.EXE
Task: {0FBCFD8B-7276-43C1-8F9F-884B5D3A66DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {13508DAA-9B81-44B3-A086-895A7253F907} - System32\Tasks\{6BE71386-D8D5-4690-B68F-365CE234DF0C} => C:\Users\Cass\Desktop\New folder\Alcohol 120% v1.9.2.1705 Multilanguage + serial (OK)\Alcohol 120% 1.4.8.122+crack working(suto)\Alcohol 120% 1.4.8.122+crack working\Setup\trial_setup.exe [2003-12-23] ()
Task: {1B0B5C48-A866-4FAD-ADD6-D8059AE75F28} - System32\Tasks\{96235861-D79B-4F54-928F-6A44ECA01876} => C:\Users\Cass\Desktop\New folder\Alcohol 120% v1.9.2.1705 Multilanguage + serial (OK)\Alcohol 120% 1.4.8.122+crack working(suto)\Alcohol 120% 1.4.8.122+crack working\Setup\trial_setup.exe [2003-12-23] ()
Task: {1DACD758-CBD4-43CC-8C55-7A8095C963D7} - System32\Tasks\Torntv 2-updater => C:\Program Files (x86)\Torntv 2\Torntv 2-updater.exe <==== ATTENTION
Task: {2052F3A7-1FBC-45B9-B67A-3EF3DDF10E85} - System32\Tasks\{B317182A-B5DB-4222-BBCA-35765C97E3EA} => pcalua.exe -a "C:\Program Files (x86)\LAUNCH\ET99 Tool\driver\zyUSBDrv(x86).exe" -d "C:\Program Files (x86)\LAUNCH\ET99 Tool\driver"
Task: {25F69E97-B43E-4A19-8279-C5C190CA0B27} - System32\Tasks\{A2491993-3E89-4BDD-8BDE-56E123BE4149} => C:\Users\Cass\Downloads\kais\kai's power tools 3 photoshop plugins\SETUP.EXE
Task: {2977A1AD-B214-4696-852C-A868AAB6AA8D} - System32\Tasks\{F9D6D061-B645-4694-8C28-85C559F483E7} => pcalua.exe -a "C:\Users\Cass\Downloads\MAC_ET99_2_0_1 (1).exe" -d C:\Users\Cass\Downloads
Task: {33F1E82E-2A27-4D35-8352-5207D67506C4} - System32\Tasks\Torntv 2-enabler => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe <==== ATTENTION
Task: {34C36C30-F66F-47E8-919B-65B6FD00CD96} - System32\Tasks\{A4A52522-3B61-4A16-843F-3C4CA237E3AF} => pcalua.exe -a "D:\7 Best Adobe Photoshop Plugins\OnOne\OnOne.PhotoTools_103\onone_phototools103ps_win1\PhotoTools 1.0.3 Professional Edition.exe" -d "D:\7 Best Adobe Photoshop Plugins\OnOne\OnOne.PhotoTools_103\onone_phototools103ps_win1"
Task: {3F9149BD-97DB-4E1F-AD65-F9FBEA4BE963} - System32\Tasks\{85D778F3-642B-4368-8136-145B4363A643} => pcalua.exe -a "C:\Users\Cass\Downloads\Shockwave_Installer_Slim (1).exe" -d C:\Users\Cass\Downloads
Task: {43A2B381-E8CA-4B94-9C61-5E4C719E7A35} - System32\Tasks\{44A17E8F-9BF6-41CA-97C6-810B4595FCC3} => pcalua.exe -a C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International\setup.exe -d C:\NVIDIA\HDAudioWHQLDriver\1.00.00.59\International
Task: {4EEFD616-5A9A-464B-A4D2-89EE89B63732} - System32\Tasks\{5D48BD52-78E3-4E84-BE1C-7A3A05D635B7} => pcalua.exe -a C:\SWSetup\SP40170\Setup.exe -d C:\SWSetup\SP40170
Task: {4FCB5923-BAF5-42FA-B230-AEC239013FED} - System32\Tasks\{1CEA428D-1030-4B46-97DB-ED534DEC648C} => D:\Photoshop Plugin - Visual Plugins\PLUGINS.EXE
Task: {55B0E717-34D0-4F33-A3F0-CCB8D114D0AB} - System32\Tasks\{2F817C8E-6FA8-4828-BD85-455C802A9950} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Sandlot Shared\unins000.exe"
Task: {702431E0-0A5E-4859-B72C-271869512D4B} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe <==== ATTENTION
Task: {79E74627-49FE-4F5C-8B34-3C36740228A2} - System32\Tasks\{CF0380E2-DD98-42BE-ABF1-E233BDFEAEF4} => C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
Task: {7B7FEA01-DF51-40D3-A8EE-6028D4DE275C} - System32\Tasks\{21BF453F-1E25-4D14-8465-55352242281D} => C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4.exe
Task: {7D979382-84CB-4FF8-82A5-19E248D7DB9C} - System32\Tasks\{E1B8E527-A630-4EFC-B38D-413B2ED25557} => pcalua.exe -a "D:\Extensis Photo Graphics V1.01\PhotoGraphics101US.exe" -d "D:\Extensis Photo Graphics V1.01"
Task: {822E38F0-41F4-44B0-A23F-42C77C90AC36} - System32\Tasks\{28DD4C2E-D976-4A00-9FF4-975C15DCAE2C} => D:\Photoshop PlugIn - PhotoSpray v1.0\Install_PhotoSpray1US.EXE
Task: {8B7F2E19-EB41-4FB6-9C78-4114ACA82355} - System32\Tasks\{17F4E91C-3362-4D50-AFB6-B4EF79B42DFB} => pcalua.exe -a C:\Users\Cass\Downloads\install_reader11_en_mssd_aaa_aih.exe -d C:\Users\Cass\Downloads
Task: {8EB40F8C-121E-48A3-AD65-4FD16D7D4391} - System32\Tasks\{4D4A21B7-4911-405F-A1D8-AF08EBA3FD10} => pcalua.exe -a "C:\Users\Cass\Downloads\kais\Adobe Photoshop Plugins - Kais Power Tools 7 With Serial\Setup.exe" -d "C:\Users\Cass\Downloads\kais\Adobe Photoshop Plugins - Kais Power Tools 7 With Serial"
Task: {9FAFE0DF-7007-48DD-BB5F-26D0D78D9894} - System32\Tasks\{D69FFDD9-7762-45EF-92BB-6AC1CBB0FAE2} => pcalua.exe -a "C:\Program Files\CONEXANT\SMARTAUDIO\SETUP.EXE" -d "C:\Program Files\CONEXANT\SMARTAUDIO"
Task: {A70B5F66-4915-4F03-BAEE-5D9773036A1B} - System32\Tasks\{72057B12-D54D-486C-B503-D948CF5C81A4} => pcalua.exe -a C:\Users\Cass\Downloads\sp40170.exe -d C:\Users\Cass\Downloads
Task: {ADB7A4DC-EE44-43C0-A552-E720158D944D} - System32\Tasks\{F86741FA-B25A-40BB-B839-E1EA4EEF24B6} => D:\Photoshop PlugIn - PhotoSpray v1.0\Install_PhotoSpray1US.EXE
Task: {FC71EA7C-BB55-44FE-8D1E-AEEE7277AB6B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {FEC4AEBF-C722-462E-933B-0DFB1D049B1E} - System32\Tasks\{3F90BBC8-CA2B-4A38-94CB-EA9FC287E655} => pcalua.exe -a C:\Users\Cass\Downloads\CreaderV_driver_Win2K_XP.exe -d C:\Users\Cass\Downloads
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8a506784d8d0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff46f562c2aa0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffec048f407d0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0438076699450.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09e4fdb48f120.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c5c9b12022a0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e13879b8ff0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1b890bcd7e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Torntv 2-codedownloader.job => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exeƣ/reinstallapp /agentregpath='Torntv 2' /appid=35578 /srcid='0' /subid='0' /zdata='0' /bic=C4A4C4C3A09E4060BBB2814263717973IE /verifier=56f07f0eec5fda1b03c70d18315898d6 /installerversion=1_29_153 /installerfullversion=1.29.153.0 /installationtime=1382153133 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/cr.install-daddy.com <==== ATTENTION
Task: C:\Windows\Tasks\Torntv 2-enabler.job => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exeŽ/enablebho /agentregpath='Torntv 2' /appid=35578 /srcid='0' /subid='0' /zdata='0' /bic=C4A4C4C3A09E4060BBB2814263717973IE /verifier=56f07f0eec5fda1b03c70d18315898d6 /installerversion=1_29_153 /installationtime=1382153133 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com <==== ATTENTION
Task: C:\Windows\Tasks\Torntv 2-updater.job => C:\Program Files (x86)\Torntv 2\Torntv 2-updater.exeǠ/runupdater /agentregpath='Torntv 2' /appid=35578 /srcid='0' /subid='0' /zdata='0' /bic=C4A4C4C3A09E4060BBB2814263717973IE /verifier=56f07f0eec5fda1b03c70d18315898d6 /installerversion=1_29_153 /installationtime=1382153133 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /monetizationdomain=hxxp:/stats.syncstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Program Files (x86)\Common Files\Protexis\License Service\PSIService.exe
2014-01-28 01:38 - 2014-04-08 09:43 - 00847360 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2014-01-28 01:38 - 2014-04-08 09:42 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2014-01-28 01:38 - 2014-04-08 09:42 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-10-23 14:21 - 2015-10-20 07:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-23 14:21 - 2015-10-20 07:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3367200531-2821374276-1671337202-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3367200531-2821374276-1671337202-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KeyScrambler => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B27BA8ED-1F7C-4E8A-B0CE-E90FE683BCFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/28/2015 03:12:57 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{7384FFE2-3239-46A1-A301-8B8AA131AB9B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer
 
Error: (10/25/2015 01:47:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CorelPP.exe version 13.0.0.739 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cec
 
Start Time: 01d10f0161e497d0
 
Termination Time: 25
 
Application Path: C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\CorelPP.exe
 
Report Id: 117cdcc1-7af5-11e5-9249-001e68079f8d
 
Error: (10/25/2015 01:44:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CorelPP.exe version 13.0.0.739 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 408
 
Start Time: 01d10f00d5ba0650
 
Termination Time: 25
 
Application Path: C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\CorelPP.exe
 
Report Id: 90b6b4d1-7af4-11e5-9249-001e68079f8d
 
Error: (10/17/2015 09:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 46.0.2490.71 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1344
 
Start Time: 01d10945b13c0870
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 6dd6ad81-754f-11e5-b456-001e68079f8d
 
Error: (10/17/2015 01:26:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program soffice.bin version 4.0.9774.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: bd8
 
Start Time: 01d108fd54a40b00
 
Termination Time: 21
 
Application Path: C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
 
Report Id: 6311e551-750d-11e5-9d91-001e68079f8d
 
Error: (10/15/2015 11:29:15 AM) (Source: MsiInstaller) (EventID: 1024) (User: NONYA15)
Description: Product: Adobe Reader XI (11.0.12) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011013}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (10/14/2015 06:10:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/14/2015 06:09:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/14/2015 06:04:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (10/14/2015 06:04:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (10/31/2015 10:32:13 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 1
 
The details view of this entry contains further information.
 
Error: (10/31/2015 10:32:13 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 1
 
The details view of this entry contains further information.
 
Error: (10/31/2015 10:31:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZhiYuan USB Device Driver service failed to start due to the following error: 
%%1058
 
Error: (10/31/2015 12:09:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 1
 
The details view of this entry contains further information.
 
Error: (10/31/2015 12:09:29 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 1
 
The details view of this entry contains further information.
 
Error: (10/31/2015 12:09:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZhiYuan USB Device Driver service failed to start due to the following error: 
%%1058
 
Error: (10/31/2015 03:51:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Power service terminated with service-specific error %%0.
 
Error: (10/31/2015 03:51:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%1069
 
Error: (10/31/2015 03:51:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Peer Name Resolution Protocol service failed to start due to the following error: 
%%1069
 
Error: (10/31/2015 03:51:05 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PNRPsvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%1352
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 68%
Total physical RAM: 1918.93 MB
Available physical RAM: 597.38 MB
Total Virtual: 3837.85 MB
Available Virtual: 2141.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.43 GB) (Free:22.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: F9D10E91)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Thank you
 

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP