Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Isaac at 2015-03-26 21:34:54 Running from C:\Users\Isaac\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit) AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4156 - Intel Corporation) Intel(R) Wireless Bluetooth(R)(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.3.25.0 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit) TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation) Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1776862199-797976733-331589447-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 25-03-2015 16:48:38 End of disinfection ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2015-03-25 16:47 - 00000762 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2688C557-CAA7-4BFF-8CF3-A2F59BBF0785} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit) Task: {5EC8AD37-4343-4D07-B612-D592A6B7AC4F} - System32\Tasks\steamwebhelper_killer => TASKKILL <==== ATTENTION Task: {62A2B518-8C38-4597-A4E2-ABD0F304DFD3} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-08] () Task: {D5CDA898-4E44-4E27-AF05-376A43E8FD90} - System32\Tasks\ASC8_SkipUac_Isaac => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit) Task: {EB6766EE-A867-4777-A2FA-9F7698733E53} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {ECB0FC29-0231-414F-98C4-7F486C20A39E} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: ) Task: {F116E30A-A7FB-4741-9908-6D679989455F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation) ==================== Loaded Modules (whitelisted) ============== ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1776862199-797976733-331589447-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdvancedSystemCareService8 => 2 MSCONFIG\Services: Bluetooth Device Monitor => 2 MSCONFIG\Services: Bluetooth OBEX Service => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: EvtEng => 2 MSCONFIG\Services: iBtSiva => 2 MSCONFIG\Services: igfxCUIService1.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 3 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) ME Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LiveUpdateSvc => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MyWiFiDHCPDNS => 3 MSCONFIG\Services: Razer Game Scanner Service => 2 MSCONFIG\Services: RegSrvc => 2 MSCONFIG\Services: RzKLService => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: ZeroConfigService => 2 HKLM\...\StartupApproved\StartupFolder: => "ISCTSystray.lnk" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TSSSrv" HKLM\...\StartupApproved\Run: => "TSVU" HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "Raptor" HKLM\...\StartupApproved\Run32: => "KeNotify" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKLM\...\StartupApproved\Run32: => "TSVU" HKLM\...\StartupApproved\Run32: => "TSSSrv" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKU\S-1-5-21-1776862199-797976733-331589447-1001\...\StartupApproved\Run: => "appnhost" HKU\S-1-5-21-1776862199-797976733-331589447-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_66D9B4593984BB5EE437F9BA7B8E9ADA" HKU\S-1-5-21-1776862199-797976733-331589447-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1776862199-797976733-331589447-1001\...\StartupApproved\Run: => "Advanced SystemCare 8" HKU\S-1-5-21-1776862199-797976733-331589447-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Accounts: ============================= Administrator (S-1-5-21-1776862199-797976733-331589447-500 - Administrator - Disabled) Guest (S-1-5-21-1776862199-797976733-331589447-501 - Limited - Disabled) Isaac (S-1-5-21-1776862199-797976733-331589447-1001 - Administrator - Enabled) => C:\Users\Isaac ==================== Faulty Device Manager Devices ============= Name: High Definition Audio Device Description: High Definition Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Kernel Debug Network Adapter Description: Microsoft Kernel Debug Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: kdnic Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Generic Bluetooth Adapter Description: Generic Bluetooth Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: GenericAdapter Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Intel(R) Dual Band Wireless-AC 7260 Description: Intel(R) Dual Band Wireless-AC 7260 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: NETwNb64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (03/26/2015 09:21:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8007043c). System errors: ============= Error: (03/26/2015 09:22:58 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:22:43 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:21:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1084VSSUnavailable{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} Error: (03/26/2015 09:21:42 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:21:36 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:21:09 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:20:57 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:20:38 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} Error: (03/26/2015 09:20:33 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (03/26/2015 09:20:21 PM) (Source: DCOM) (EventID: 10005) (User: HollyStarLanes) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (03/26/2015 09:21:42 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe -EmbeddingWindows Modules Installer0x8007043c ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 28% Total physical RAM: 6059.86 MB Available physical RAM: 4320.3 MB Total Pagefile: 10133.86 MB Available Pagefile: 7867.43 MB Total Virtual: 131072 MB Available Virtual: 131071.77 MB ==================== Drives ================================ Drive c: (TI10676500E) (Fixed) (Total:688.52 GB) (Free:659.31 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================