Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I remove Lnk:Jenxcus-p[Trj]


  • Please log in to reply

#1
Yanogera

Yanogera

    New Member

  • Member
  • Pip
  • 1 posts

It seems that my computer was infected by Lnk:Jenxcus-p[Trj]. A bunch of pop-ups from my anti-virus about the virus/malware/spyware appears everytime I boot my PC. So far that's the only thing new I noticed since the infection.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by hp (administrator) on YANOGERA (02-01-2016 17:01:02)
Running from C:\Users\hp\Downloads
Loaded Profiles: hp &  (Available Profiles: hp)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AutoIt Team) C:\GoogleChrome\GoogleChrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Slackerhome Productions) C:\Games\Emulators\BetterDS3_1.5.3\Better DS3.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zbshareware Lab) C:\Program Files (x86)\USB Disk Security\USBGuard.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Airytec) C:\Program Files\Airytec\Switch Off\swoff.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-15] (AVAST Software)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-14] (Google Inc.)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [750320 2015-02-19] (AutoIt Team)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-14] (Google Inc.)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [750320 2015-02-19] (AutoIt Team)
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-16] (EasyBits Software Corp.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-15] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-04] (Autodesk, Inc.)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3 - Shortcut.lnk [2014-12-19]
ShortcutTarget: Better DS3 - Shortcut.lnk -> C:\Games\Emulators\BetterDS3_1.5.3\Better DS3.exe (Slackerhome Productions)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2014-11-05]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2BC8F13F-DB52-4403-AAF2-1C097682A0D3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42BFCDBD-2D7F-42F9-8CE2-CA7018579A2E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/33
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/33
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL/33
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/33
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ph.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ph.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ph.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://ph.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-16] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-16] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
 
FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\wko678ir.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-02] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-421991981-3641920527-2651105451-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Extension: DownThemAll! - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\wko678ir.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-05-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-06-09] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.artstation.com/artwork?sorting=trending&medium=digital2d&category=concept_art
CHR StartupUrls: Default -> "hxxps://www.facebook.com/","hxxp://www.youtube.com/","hxxps://www.artstation.com/artwork?sorting=trending&medium=digital2d&category=concept_art"
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-07-01]
CHR Extension: (Google Docs) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Slinky Elegant) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2014-11-05]
CHR Extension: (Adblock Plus) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-28]
CHR Extension: (OneTab) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-05-05]
CHR Extension: (Google Search) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Torrent Turbo Search App) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2015-07-28]
CHR Extension: (Avast Online Security) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-13]
CHR Extension: (Pin It Button) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-28]
CHR Extension: (Arcane Legends) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2014-11-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-23]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-11-05]
CHR Extension: (Anatronica - 3D Interactive Anatomy) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalpooddpdnhjicpjgnhaihnnfnmbpee [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-13]
CHR Extension: (Click&Clean App) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-05-06]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-01-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-15] (AVAST Software)
S3 DAUpdaterSvc; C:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-24] (EasyBits Software AS) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2016-01-02] (Enigma Software Group USA, LLC.)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2014-09-23] (Airytec) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-02] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-04] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-02] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2016-01-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-02 16:53 - 2016-01-02 16:53 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-02 16:53 - 2016-01-02 16:53 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-02 16:52 - 2016-01-02 16:52 - 00000000 _____ C:\autoexec.bat
2016-01-02 16:52 - 2015-07-15 20:52 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\asw898D.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA156.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA1C4.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA464.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8CD8.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\asw938E.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswA145.tmp
2016-01-02 16:52 - 2015-07-15 20:52 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8EEC.tmp
2016-01-02 16:51 - 2016-01-02 17:00 - 00061237 _____ C:\Users\hp\Downloads\Addition.txt
2016-01-02 16:51 - 2016-01-02 16:51 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-02 16:51 - 2016-01-02 16:51 - 00000000 ____D C:\Users\hp\AppData\Roaming\Enigma Software Group
2016-01-02 16:50 - 2016-01-02 16:50 - 00003314 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-02 16:50 - 2016-01-02 16:50 - 00001087 _____ C:\Users\hp\Desktop\SpyHunter.lnk
2016-01-02 16:50 - 2016-01-02 16:50 - 00000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-01-02 16:49 - 2016-01-02 16:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-02 16:48 - 2016-01-02 16:50 - 00000000 ____D C:\sh4ldr
2016-01-02 16:47 - 2016-01-02 17:01 - 00030704 _____ C:\Users\hp\Downloads\FRST.txt
2016-01-02 16:45 - 2016-01-02 17:01 - 00000000 ____D C:\FRST
2016-01-02 16:43 - 2016-01-02 16:45 - 02370560 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2016-01-02 16:37 - 2016-01-02 16:37 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-02 16:33 - 2016-01-02 16:33 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-01-02 16:27 - 2016-01-02 16:31 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\hp\Downloads\SpyHunter-Installer.exe
2016-01-02 16:01 - 2016-01-02 16:07 - 00000000 ____D C:\Users\hp\AppData\Local\NPE
2016-01-02 15:58 - 2016-01-02 16:00 - 03088296 _____ (Symantec Corporation) C:\Users\hp\Downloads\NPE.exe
2016-01-02 15:41 - 2016-01-02 15:41 - 00003168 _____ C:\Windows\System32\Tasks\HPCeeScheduleForhp
2016-01-02 15:41 - 2016-01-02 15:41 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForhp.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-03 07:11 - 2014-11-05 01:59 - 00000000 ____D C:\Games
2016-01-03 07:11 - 2014-11-05 00:29 - 00000000 ____D C:\Users\hp\AppData\Roaming\Rainmeter
2016-01-03 07:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-01-02 16:57 - 2009-07-14 11:20 - 00000000 ____D C:\Windows
2016-01-02 16:52 - 2014-11-04 16:44 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-02 16:51 - 2014-11-04 16:43 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-02 16:51 - 2014-11-04 16:43 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-02 16:48 - 2015-05-30 21:52 - 00000000 ____D C:\Users\hp\AppData\Roaming\Spotydl
2016-01-02 16:48 - 2014-11-04 16:43 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-02 16:48 - 2009-07-14 12:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-02 16:48 - 2009-07-14 12:45 - 00022624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-02 16:44 - 2014-11-05 00:20 - 00000000 ____D C:\Users\hp\AppData\Local\Razer
2016-01-02 16:44 - 2014-11-05 00:19 - 00000000 ____D C:\ProgramData\Razer
2016-01-02 16:44 - 2014-11-05 00:19 - 00000000 ____D C:\Program Files (x86)\Razer
2016-01-02 16:44 - 2012-02-06 03:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-02 16:18 - 2014-11-05 00:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-02 16:18 - 2014-11-05 00:28 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-02 16:13 - 2014-11-05 00:28 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-02 16:13 - 2014-11-05 00:28 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-02 16:08 - 2015-06-17 16:18 - 00000000 _RSHD C:\GoogleChrome
2016-01-02 16:03 - 2014-11-04 23:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-02 16:01 - 2012-03-16 17:57 - 00000000 ____D C:\ProgramData\Norton
2016-01-02 15:40 - 2015-06-17 16:18 - 00000000 _RSHD C:\MozillaFirefox
2016-01-02 15:40 - 2014-11-05 00:41 - 00000000 ____D C:\Yan
2016-01-02 15:40 - 2012-03-16 17:41 - 00000000 ____D C:\Intel
2016-01-02 15:40 - 2011-11-30 10:23 - 00000000 ___HD C:\HP
2016-01-02 15:40 - 2011-02-11 03:23 - 00000000 ___HD C:\SYSTEM.SAV
2016-01-02 15:40 - 2011-02-11 03:23 - 00000000 ____D C:\SWSetup
2016-01-02 15:36 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-02 15:17 - 2009-07-14 13:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-02 15:17 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-01-02 15:12 - 2014-11-04 16:05 - 00000000 ____D C:\Users\hp
 
==================== Files in the root of some directories =======
 
2015-03-17 23:30 - 2015-03-17 23:30 - 0000093 _____ () C:\Users\hp\AppData\Roaming\settings.xml
2015-01-03 08:30 - 2015-01-11 14:10 - 0007617 _____ () C:\Users\hp\AppData\Local\Resmon.ResmonCfg
2010-11-21 11:24 - 2010-11-21 11:24 - 93564928 ___SH () C:\ProgramData\msqyhtlki.exe
 
Files to move or delete:
====================
C:\ProgramData\msqyhtlki.exe
 
 
Some files in TEMP:
====================
C:\Users\hp\AppData\Local\Temp\cdo1724212897.dll
C:\Users\hp\AppData\Local\Temp\cdo2880782530.dll
C:\Users\hp\AppData\Local\Temp\cdo3401076057.dll
C:\Users\hp\AppData\Local\Temp\Extract.exe
C:\Users\hp\AppData\Local\Temp\SP57965.exe
C:\Users\hp\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\hp\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-29 23:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by hp (2016-01-02 17:02:30)
Running from C:\Users\hp\Downloads
Windows 7 Home Basic Service Pack 1 (X64) (2014-11-04 08:05:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-421991981-3641920527-2651105451-500 - Administrator - Disabled)
Guest (S-1-5-21-421991981-3641920527-2651105451-501 - Limited - Disabled)
hp (S-1-5-21-421991981-3641920527-2651105451-1000 - Administrator - Enabled) => C:\Users\hp
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
"XCOM - Enemy Within" (HKLM-x32\...\{EE377223-72A9-4995-B3B6-8A056CA4CE5D}_is1) (Version: 1.0.0.926 - )
µTorrent (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.5 - Airytec)
AMD Catalyst Install Manager (HKLM\...\{A8405EC5-A483-AA4E-6CBA-E2B163409128}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2247 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}) (Version: 7.0.831.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3300 - Broadcom Corporation)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crusader Kings II ver. 2.3.2.0 (HKLM-x32\...\{03202377-34HG-56DR-11F5-43DD6F7886AC}_is1) (Version: 2.3.2.0 - Paradox Interactive)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4.3516 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.2.4725 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon Age Awakening Redesigned (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Awakening Redesigned) (Version:  - )
Dragon Age Awakening Redesigned (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Awakening Redesigned) (Version:  - )
Dragon Age Awakening Velanna Redesigned© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Awakening Velanna Redesigned©) (Version:  - )
Dragon Age Awakening Velanna Redesigned© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Awakening Velanna Redesigned©) (Version:  - )
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned©  Zevran (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned©  Zevran) (Version:  - )
Dragon Age Redesigned©  Zevran (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned©  Zevran) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Sten (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned© Sten) (Version:  - )
Dragon Age Redesigned© Sten (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned© Sten) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-421991981-3641920527-2651105451-1000\...\Dragon Age Redesigned© Wynne) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dragon Age Redesigned© Wynne) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Endless Legend (HKLM-x32\...\Endless Legend_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube Downloader 4.0.305 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{EDA2B6DE-C67C-4FD7-AF6A-9D79E002707C}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.0.199 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kingo ROOT version 1.3.6.2289 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.6.2289 - Kingosoft Technology Ltd.)
L.A.Noire (HKLM-x32\...\L.A.Noire_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, spider91)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Potplayer (HKLM-x32\...\PotPlayer) (Version:  - Daum Kakao Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{9A88E179-4984-4A60-85FA-985E4AAE92C5}) (Version: 6.1.4.0 - Husdawg, LLC)
The Banner Saga (HKLM-x32\...\GOGPACKTHEBANNERSAGA_is1) (Version: 2.0.0.2 - GOG.com)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Witcher (HKLM-x32\...\The Witcher_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
The Witcher 2 - Assassins of Kings (HKLM-x32\...\The Witcher 2 - Assassins of Kings_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
This War of Mine ver. 1.2.2 (HKLM-x32\...\{31324144-51SX-12KI-92J0-91DD6F2186AC}_is1) (Version: 1.2.2 - 11 bit studios)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XCom Long War EW Mod version Beta 13 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 13 - JohnnyLump)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-421991981-3641920527-2651105451-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0897FFCF-0EBD-4BAF-8F67-417774707EB8} - System32\Tasks\{10D3078E-E816-4129-9FCB-CFDE012837EB} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\19. ME2 DLC Recon Hood (DLC_PRO_Pepper02).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {0B7DB245-158E-4539-817D-90A51D730033} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.)
Task: {0CC7394B-00E6-4312-A38E-38B438AB22FE} - System32\Tasks\{E960E20C-6AE8-4A56-9D13-50F776BEBEFD} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age DLC- Awakening\Companions\Dragon Age Awakening- Velanna.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age DLC- Awakening\Companions"
Task: {187613B5-52F2-4179-A961-1F79A6ED75A0} - System32\Tasks\{43755496-3A60-4FC6-8C4B-64FEA75AF75C} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Oghren\Dragon Age Redesigned- Oghren.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Oghren"
Task: {1AAD96D7-0E55-432D-9171-A161DFB2F208} - System32\Tasks\{B1467A88-9D01-4ED8-8F0E-5A48653B9DCB} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/go/help.faq.installer?LastError=1618
Task: {1BAADF23-B0B8-4D9C-9315-A499AB44E1C4} - System32\Tasks\{6ED30C1E-0245-4D7E-A5C5-E92D9D825FF3} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\08. ME2 DLC Zaeed - The Price of Revenge (DLC_HEN_VT).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {217275BC-748B-476C-9D2C-2BF7D59ACC6F} - System32\Tasks\{E9A2C62C-C231-49D4-BAF7-29310C4923A4} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\17. ME2 DLC Sentry Interface (DLC_PRO_Gulp01).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {24FF7304-72BB-4B10-82FF-F40960872999} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {27D62E5D-F24E-405D-93AD-F3C0C80A9561} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2A2852AC-5CEA-4978-ADDC-22C8FE8CE288} - System32\Tasks\{62E8452D-CFFA-4ED7-B5A7-D4243040B8D3} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Morrigan\Dragon Age- Morrigan.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Morrigan"
Task: {2A9A59C5-58AA-49BC-808D-7CE44B8D186B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {4B5294EB-749A-497C-B592-77CB7D0CC501} - System32\Tasks\{8CAE80E6-371E-4DB7-A3BB-EBF6AAE9D944} => pcalua.exe -a "C:\Games\Sid Meiers Civilization Beyond Earth\VCRedist\vcredist_x86.exe" -d "C:\Games\Sid Meiers Civilization Beyond Earth\VCRedist"
Task: {51844FC2-CDFD-4233-8089-9D962C0CBBE0} - System32\Tasks\{2876FFD4-65C8-46E2-9A37-8D23D935F502} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\20. ME2 DLC Firewalker Pack (DLC_UNC_Hammer01).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {56243A27-F322-4C48-8609-074524FC2F0B} - System32\Tasks\{FD5A153E-716A-422C-A9FD-29CBCFAA0960} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\13. ME2 DLC Blood Dragon Armor (DLC_PRE_DA).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {5A08D21F-8F5E-48D5-A8EB-54CA5DF8A867} - System32\Tasks\{CFF383D6-8454-4DAB-BF06-7CD876449904} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\22. ME2 DLC Overlord (DLC_UNC_Pack01).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5BE56E44-AAD3-42D6-AD90-72ACBF7D81AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-02] (AVAST Software)
Task: {6475454D-DFC9-42A1-ABC7-187F996A6312} - System32\Tasks\{1E3A2AAE-6778-4BB1-AB89-F0C589536234} => pcalua.exe -a C:\Users\hp\Downloads\chromeinstall-8u25.exe -d C:\Users\hp\Downloads
Task: {71833EE0-C89C-4361-9427-CE3963C84CCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {84216A94-C19C-4D52-8B9A-BBBF3BB6AEB4} - System32\Tasks\{5BAF9F57-3A82-4496-9F50-DC572CC990CC} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\18. ME2 DLC Umbra Visor (DLC_PRO_Pepper01).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {848F5FBC-AF54-44B8-A78C-3FD6850210B0} - System32\Tasks\{983B2341-4C2C-4B48-8477-DF12654E76CA} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran\Dragon Age Redesigned- Zevran.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Zevran"
Task: {8676C361-D938-4712-847A-03C42AD1B17C} - System32\Tasks\{5F808C42-58CE-4135-AD88-09B0DBE4ACEC} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\21. ME2 DLC Normandy Crash (DLC_UNC_Moment01).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {88C034CC-F30C-4B90-A001-3DDF6066209A} - System32\Tasks\{E80ECD35-BD4D-4D56-871E-A2DE7B7995D5} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\10. ME2 DLC Equalizer Pack (DLC_MCR_03).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {8BC38BD2-61B0-4CD5-9D97-4BC07CEFD3BC} - System32\Tasks\{A9104783-EEF0-44EF-9B62-B0DB2B85DD19} => pcalua.exe -a "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Aesthetic settings.exe" -d "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override"
Task: {8D20AFDE-D233-4814-B89D-A2429B9AEEFC} - System32\Tasks\{CE1EDF6F-BD35-477D-94F4-5DE9DC07074A} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\12. ME2 DLC Collectors Weapon & Armor (DLC_PRE_Collectors).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {8E230F16-B31A-4C21-B01F-C1AD19DB0265} - System32\Tasks\{E712F623-AA6F-476C-AE69-547F9DB549BE} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Wynne\Dragon Age Redesigned- Wynne.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Wynne"
Task: {8EEB4655-01BF-4A50-A245-B35E8A812F98} - System32\Tasks\{8FAD6FE5-B6FE-4A98-85F2-3B0F761797AF} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\16. ME2 DLC Incisor Sniper Rifle (DLC_PRE_Incisor).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {999D1CCC-6689-4237-9E4F-E9069C0A5480} - System32\Tasks\{3FBDDD20-A21A-4D53-AAA4-757F7A200E07} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9AC6DBB0-8FAF-4DC2-BF7F-84DD41254F85} - System32\Tasks\{1549BAC2-C3A8-4B70-842C-7C802F907DF1} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\11. ME2 DLC Cerberus Weapon & Armor (DLC_PRE_Cerberus).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {A27E9F5D-F8A8-4316-874C-C3762B174C38} - System32\Tasks\HPCeeScheduleForhp => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A3C7FF8E-97C1-4A49-B0A8-A78D0EC05F6A} - System32\Tasks\{203F180E-867A-41D5-AD3E-F8B39C5BF38E} => pcalua.exe -a "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Dracomies True Textures VI.exe" -d "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override"
Task: {B3FC3891-DE86-455D-9334-5AFFD83C80E9} - System32\Tasks\{8594E750-1C1F-41EF-9255-596BE8E558D1} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Leliana\Dragon Age Redesigned- Leliana.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Leliana"
Task: {B4D71A34-0BED-4E53-A16B-9E42B68AB6DD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-01-02] (Enigma Software Group USA, LLC.)
Task: {B51320F2-72E1-4398-9919-08650A52AE4B} - System32\Tasks\{F69F5077-B271-4F5F-BD4D-BCB6ADAD71E4} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age DLC- Leliana's Song\Leliana's Song Redesigned.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age DLC- Leliana's Song"
Task: {BBF41706-CA47-4569-9960-D774C1281200} - System32\Tasks\{C161FD1D-C353-4392-81FA-2869000E1DEA} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\14. ME2 DLC Terminus Weapon & Armor (DLC_PRE_Gamestop).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
Task: {BF4F3862-419D-48A8-94B4-C50A82993786} - System32\Tasks\{BDD1565F-78DD-4A9B-B2F3-AE531D3507F2} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Non-companion NPCs (contains Dracomies True Textures)\Dragon Age Redesigned Version 7.3c.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Non-companion NPCs (contains Dracomies True Textures)"
Task: {C97C0973-6AB1-4CDC-B9EB-5387DA5DAE48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-02] (Google Inc.)
Task: {D9AD73B6-5583-4CB6-B7B6-1109DEBC6CA8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-29] (CyberLink)
Task: {DA73F541-AC2D-43F1-A845-4E4A976C9A00} - System32\Tasks\{36111F21-195C-4559-9DC4-1AC4D28EAE51} => pcalua.exe -a "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Sten\Dragon Age Redesigned- Sten.exe" -d "C:\Yan\Install\Dragon Age Origins Ultimate Edition\Mods\Dragon Age Redesigned -686\Dragon Age Redesigned Version 7.3d\Dragon Age Origins\Companion NPCs for Origins\Sten"
Task: {DD399762-1B2E-4975-80DB-7B28CFC0A7DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {ECC7E97F-C554-4F0D-A413-1E6361F138DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EE165E3B-A976-41B1-80D5-A2BCBFCBF266} - System32\Tasks\{5995F67B-0155-4D8D-B66E-5045DD5B1784} => pcalua.exe -a "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe" -d "C:\Users\hp\Documents\BioWare\Dragon Age\packages\core\override"
Task: {F3434F95-5F87-49A9-BD8F-903942E53481} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {F5835300-BEF8-44F5-8F2E-0FBFD4A24A93} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-02] (AVAST Software)
Task: {FC67018A-EF61-4BCD-8EA9-1F088386D5E6} - System32\Tasks\{A49278EE-AEBD-4714-9818-C3D1886BFB9B} => pcalua.exe -a "C:\Yan\Install\Mass Effect Trilogy\DLC's\15. ME2 DLC Inferno Armor (DLC_PRE_General).exe" -d "C:\Yan\Install\Mass Effect Trilogy\DLC's"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForhp.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-02 19:08 - 2011-02-02 19:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2012-03-16 17:46 - 2011-12-17 04:37 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2010-01-10 01:17 - 2010-01-10 01:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 06:40 - 2010-01-21 06:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-25 22:18 - 2014-05-25 22:18 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-05-25 22:18 - 2014-05-25 22:18 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-05-25 22:17 - 2014-05-25 22:17 - 00408064 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2014-05-25 22:17 - 2014-05-25 22:17 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2014-05-25 22:17 - 2014-05-25 22:17 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2014-05-25 22:17 - 2014-05-25 22:17 - 00019968 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2014-05-25 22:17 - 2014-05-25 22:17 - 00056832 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2014-05-25 22:17 - 2014-05-25 22:17 - 00010752 _____ () C:\Program Files\Rainmeter\Plugins\Process.DLL
2014-05-25 22:18 - 2014-05-25 22:18 - 00022528 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2015-06-03 08:31 - 2013-06-06 10:09 - 01185048 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-03-05 09:43 - 2012-03-05 09:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-03 18:33 - 2012-02-03 18:33 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-07-15 20:52 - 2015-07-15 20:52 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-15 20:52 - 2015-07-15 20:52 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-15 20:46 - 2015-07-15 20:46 - 02956800 _____ () C:\Program Files\AVAST Software\Avast\defs\15071500\algo.dll
2016-01-02 16:03 - 2016-01-02 16:03 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010101\algo.dll
2010-01-10 01:18 - 2010-01-10 01:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 06:34 - 2010-01-21 06:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-15 22:13 - 2015-07-14 05:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-15 22:13 - 2015-07-14 05:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-05-21 18:42 - 2015-05-21 18:42 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-14 06:47 - 2014-11-14 06:47 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-03-16 17:46 - 2011-11-30 11:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-03-16 17:45 - 2011-12-17 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-05 00:20 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2015-07-15 22:13 - 2015-07-14 05:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-421991981-3641920527-2651105451-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-421991981-3641920527-2651105451-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BC2181BA6FEFC094049535C747D5BFD8 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: NetLimiter => C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\hp\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\hp\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SymSilent => "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9D3D95F0-DF61-4600-9C08-CB3C31087AFF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47127491-2411-4B9B-8D06-DE3337DAA3ED}] => (Allow) LPort=2869
FirewallRules: [{52507F43-31C8-471C-9E86-3F52ED6C6F54}] => (Allow) LPort=1900
FirewallRules: [{B6F14749-B620-428E-B5B0-5400AC600477}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6DF652BC-6071-45C5-B7FA-541B7C35D17E}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AEE7589F-81C8-4298-92F4-3282EF2C10A7}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{230E2E99-1D4D-4D66-96AD-547786782D9A}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{CBDCBF3B-F686-40E2-879D-4EC9FD582BE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{D326386E-376F-4132-863D-F20445AA1D1F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{EBA8A25E-3979-4A62-A9DB-713CE2271919}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{32B460D2-8E51-4E53-BFD6-C4CE41C84BDF}] => (Allow) C:\Games\XCOM - Enemy Within\Binaries\Win32\XComEW.exe
FirewallRules: [{8AB27E53-990F-45D4-BE39-E0211D917E4B}] => (Allow) C:\Games\XCOM - Enemy Within\Binaries\Win32\XComEW.exe
FirewallRules: [TCP Query User{F9815A5E-A4BE-4818-BD8F-3B21B3286DFA}C:\games\xew\binaries\win32\xcomew.exe] => (Allow) C:\games\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{8215C9E9-F750-44C2-90EF-ECBE1A5EC4D2}C:\games\xew\binaries\win32\xcomew.exe] => (Allow) C:\games\xew\binaries\win32\xcomew.exe
FirewallRules: [{AC44247E-85E8-486F-9BA5-8ED0CD1676C4}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{15F32726-D2A4-4832-A71B-31548BE77BB7}] => (Allow) C:\Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{1D3D5FEC-19F6-4627-9960-14DF279056B3}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{D4FCC537-48CE-4F0F-B708-E8469B046E4E}] => (Allow) C:\Games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [TCP Query User{15C070AA-4B5E-4797-868C-2EE0D7A7FBBF}C:\games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{6B52EB81-ABC6-4D0B-9E4B-BCBC724D9212}C:\games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{34ADD5C1-66B2-4CD7-ADA4-E039CFA93DA7}C:\games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{40BFAC70-2050-4E0E-B95D-CCEFCEAD2A07}C:\games\dragon age\bin_ship\daorigins.exe] => (Allow) C:\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [{802FFB56-AF60-4A3C-A8ED-1D11CDD50AC8}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4D9592F-D47F-4B9E-82F4-62055BC6F690}] => (Allow) C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C836BC9D-2497-4907-882C-F051EDAF3D2C}] => (Allow) C:\Users\hp\AppData\Local\Temp\nspFAD.tmp\CnetInstaller-75764187.exe
FirewallRules: [{9D3D4ABC-6C9D-40FA-9A73-141A8DDB5DE4}] => (Allow) C:\Users\hp\AppData\Local\Temp\nspFAD.tmp\CnetInstaller-75764187.exe
FirewallRules: [{129AA920-FEAB-446F-9CD4-13D45CB50D66}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{6EC4B85F-18D0-415F-B829-242CD7D4573B}] => (Allow) C:\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{1AE6820B-B782-4DF4-8E91-28F0CF06965D}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{C5501D42-C3D5-4A95-8845-BDE2327ACBC3}] => (Allow) C:\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{C5F889FA-2514-4060-98F1-4B32E883070A}] => (Allow) C:\Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{8AAB187F-F43C-49FD-94B0-5CD3B5BB5DC2}] => (Allow) C:\Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{A3C9FAD8-EA2B-4D18-9BAC-9EBADBC75187}] => (Allow) C:\Games\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{951FF437-31D6-4477-B0B3-4845A9189222}] => (Allow) C:\Games\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{5E6CB1D3-95F4-4247-ADEF-62033C71FEE1}] => (Allow) C:\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{EAD4119B-288C-4BC5-A7EA-5BEB362CFD10}] => (Allow) C:\Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{B54B3F9E-0275-4805-9D7F-C825F135EEE5}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{E95894C5-EDFC-43D8-9255-56B970CD8DC0}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{A252EB53-8DE7-4768-9F47-D210553C8FDB}C:\games\need for speed hot pursuit\nfs11.exe] => (Block) C:\games\need for speed hot pursuit\nfs11.exe
FirewallRules: [UDP Query User{64E74EE5-F5DF-4303-B2DA-8D6BDA7B5E46}C:\games\need for speed hot pursuit\nfs11.exe] => (Block) C:\games\need for speed hot pursuit\nfs11.exe
FirewallRules: [TCP Query User{A9805719-5BB4-4D19-B300-A42118B55E86}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{5ABC0377-8990-49F3-AFA5-8A7C6F4DE1FF}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{0689D989-F20D-4618-B9F3-0EA1208FCCAA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6FD86954-76A0-4D31-98B8-D57B392452F5}C:\games\divinity - original sin\shipping\eocapp.exe] => (Block) C:\games\divinity - original sin\shipping\eocapp.exe
FirewallRules: [UDP Query User{127B0F4A-FADA-49DD-8EA2-06FB68888A3E}C:\games\divinity - original sin\shipping\eocapp.exe] => (Block) C:\games\divinity - original sin\shipping\eocapp.exe
FirewallRules: [{00186332-1728-469C-AD84-0D3102FA412C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91917B93-8467-42C6-9DF0-1FFBCAECEC3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{32B979E2-DD33-4117-9677-33BADF475EC9}C:\games\the witcher 2 - assassins of kings\bin\witcher2.exe] => (Allow) C:\games\the witcher 2 - assassins of kings\bin\witcher2.exe
FirewallRules: [UDP Query User{502D0390-59F1-4943-BC20-575EB7A9DB53}C:\games\the witcher 2 - assassins of kings\bin\witcher2.exe] => (Allow) C:\games\the witcher 2 - assassins of kings\bin\witcher2.exe
FirewallRules: [TCP Query User{7686A3F1-A03C-4D87-9329-8263BB5FFD93}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{048938F8-0475-44E9-AA9D-F25196C0248D}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{45C4CC71-C507-40CA-8FEC-9BF0D394E942}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1D8A6C43-BC2B-4A06-8E97-BA4A5965EA78}C:\users\hp\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hp\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1A116F35-E6E0-45F9-A937-C3835711A1A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-07-2015 21:27:57 Scheduled Checkpoint
15-07-2015 20:49:47 avast! antivirus system restore point
15-07-2015 21:17:51 Windows Update
15-07-2015 22:00:12 Windows Update
15-07-2015 23:58:37 Windows Update
30-07-2015 00:00:11 Scheduled Checkpoint
21-09-2015 07:56:35 Restore Operation
02-01-2016 15:29:43 Removed Apple Software Update
02-01-2016 16:16:31 Removed QuickTime 7
02-01-2016 16:23:13 Removed Apple Application Support
02-01-2016 16:27:04 Removed ComicConverter.
02-01-2016 16:48:51 Removed Youtube Playlist Downloader.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2016 04:08:25 PM) (Source: MsiInstaller) (EventID: 1021) (User: YANOGERA)
Description: Product: Google Update Helper - Update '{E0D0D2C9-5836-4023-AB1D-54EC3B90AD03}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (01/02/2016 04:08:25 PM) (Source: MsiInstaller) (EventID: 1021) (User: YANOGERA)
Description: Product: Google Update Helper - Update '{1CAD0644-2CF1-4EA6-B512-0F59D9EAB13C}' could not be removed. Error code 1647. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (01/02/2016 03:37:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/02/2016 03:21:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WicaInventory.exe, version: 6.3.9600.17204, time stamp: 0x545480c0
Faulting module name: aticfx64.dll, version: 8.17.10.1114, time stamp: 0x4f548366
Exception code: 0xc0000005
Fault offset: 0x000000000004eb54
Faulting process id: 0x19a8
Faulting application start time: 0xWicaInventory.exe0
Faulting application path: WicaInventory.exe1
Faulting module path: WicaInventory.exe2
Report Id: WicaInventory.exe3
 
Error: (01/02/2016 03:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WicaInventory.exe, version: 6.3.9600.17204, time stamp: 0x545480c0
Faulting module name: aticfx64.dll, version: 8.17.10.1114, time stamp: 0x4f548366
Exception code: 0xc0000005
Fault offset: 0x000000000004eb54
Faulting process id: 0x1ea8
Faulting application start time: 0xWicaInventory.exe0
Faulting application path: WicaInventory.exe1
Faulting module path: WicaInventory.exe2
Report Id: WicaInventory.exe3
 
Error: (01/02/2016 03:13:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/24/2015 04:19:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2015 08:03:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2015 07:53:02 AM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhost (3960) WebCacheLocal: Unable to write a shadowed header for file C:\Users\hp\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.
 
Error: (09/21/2015 07:53:02 AM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhost (3960) WebCacheLocal: An attempt to open the file "C:\Users\hp\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (01/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2016 04:44:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%5
 
Error: (01/02/2016 04:44:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (01/02/2016 03:35:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Portable Device Enumerator Service service failed to start due to the following error: 
%%1115
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Support Service service failed to start due to the following error: 
%%1069
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/02/2016 12:45:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error: 
%%1069
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 69%
Total physical RAM: 6040.36 MB
Available physical RAM: 1856.61 MB
Total Virtual: 12078.91 MB
Available Virtual: 6737.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:678.09 GB) (Free:205.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.25 GB) (Free:1.12 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 9A5BA236)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=678.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,006 posts
  • MVP

Let's see if a boot-time scan can get rid of it.

 

Click on the Avast ball in systray or the Avast shortcut on your desktop or All Programs, Avast Software, Avast Free Anti-virus.

 

Click on Scan then Scan for Viruses.  In the box under the monitor icon, click on the down arrow and select Boot-time Scan.

 

Click on Scan Settings

 

Change System Drive to All hard drives

 

 

Under Heuristics click on the gray box to the left of Normal. It should turn Orange and now say High

 

Make sure the two boxes are checked.  Where it says 

 

When a threat is found... change it to Move to Chest.  OK.  Start.

 

The next time you reboot the scan will start.  I usually let it run while I sleep because it can take 6 hours.  (Good idea to mute the speakers so windows won't wake you when it finally boots up)

 

It normally stores its log in C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change but last time I ran it it told you where to look for the log when it first started up.

 

Once it finishes copy and paste the log into a replay.  (if it says it found anything)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP