Hi,
Here's my problem: When I try to use Internet Explorer, I get the following error message: "The proxy server isn’t responding Check your proxy settings 127.0.0.1:8080." When I try to disable the proxy in Internet Options, it comes back on immediately. Other programs that need internet aren't working either; for example, the Flashplayer update won't, Windows web search and SmartScreen won't work, and some Updates won't happen. Thunderbird and Firefox work without issues. I'm using Malwarebytes Anti-Malware Home Premium, and it doesn't find any issues. I also tried AdwCleaner without any results.
I already had the same issue back in May and was able to solve it by changing a ProxyEnable registry value from 1 to 0, but it's still at 0.
I would really appreciate your help!
Here are the log files:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Joana (administrator) on JKO (21-07-2016 10:47:51)
Running from C:\Users\Joana\Desktop
Loaded Profiles: Joana (Available Profiles: Joana)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(High-Logic B.V.) C:\Program Files (x86)\High-Logic FontService\fontservice.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Digital Wave Ltd) C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-07-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [FmsProxy] => C:\Program Files (x86)\High-Logic MainType\FmsProxy.exe [1721016 2014-11-11] (High-Logic B.V.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [957976 2016-04-26] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Statusfenster.lnk [2015-12-22]
ShortcutTarget: Canon LBP2900 Statusfenster.lnk -> C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE (CANON INC.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{4342cf58-9c90-4515-9891-3a2d8b92c38a}: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{45b4bb61-01fc-481f-a1e9-6d4eb370042a}: [DhcpNameServer] 192.168.2.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://scheduling.smarthinking.com/EAMWeb/WFMDATA/ENU/Common/servlet/login.xml?ReturnUrl=%2fEAMWeb%2fWFMDATA%2fENU%2fAPI%2fservlet%2fAdminGetUserProfile.ewfm
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2016-01-18] (DVDVideoSoft Ltd.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-01] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-01] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-19] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3399455300-1473740082-1351970817-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-02-25] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\searchplugins\googlede-pws.xml [2015-08-05]
FF SearchPlugin: C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\searchplugins\hma-proxy.xml [2016-02-29]
FF Extension: OpenDownload² - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2016-02-22]
FF Extension: Image Zoom - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2016-04-27]
FF Extension: Google Translator for Firefox - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\extensions\[email protected] [2016-04-27]
FF Extension: Tab Mix Plus - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-05]
FF Extension: Hide My [bleep]! Web Proxy - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\[email protected] [2016-02-29]
FF Extension: Pin It button - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\[email protected] [2015-12-10]
FF Extension: Session Manager - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-20]
FF Extension: Google Reverse Image Search - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd}.xpi [2016-07-16]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2016-01-18] [not signed]
FF Extension: Adblock Plus - C:\Users\Joana\AppData\Roaming\Mozilla\Firefox\Profiles\043soszk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-04-26] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [437784 2016-04-26] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [921112 2016-04-26] (BlueStack Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-10-02] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-07-14] (ELAN Microelectronics Corp.)
R2 HLfms; C:\Program Files (x86)\High-Logic FontService\fontservice.exe [5480608 2016-02-05] (High-Logic B.V.) [File not signed]
S2 isupdate.exe; C:\Program Files (x86)\InstallShield\isupdate.exe [42496 2015-04-20] (InstallShield®) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmPeStor; C:\Windows\system32\drivers\AmPeStor.sys [159920 2015-08-04] (Alcor Micro, Corp.)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-02] (ASUSTek Computer Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-06-30] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154168 2016-04-26] (BlueStack Systems)
R2 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2016-04-06] (Bluestack System Inc. )
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-10-02] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-10-02] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-10-02] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31320 2015-07-14] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3785520 2015-07-14] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-21 10:47 - 2016-07-21 10:49 - 00019073 _____ C:\Users\Joana\Desktop\FRST.txt
2016-07-21 10:47 - 2016-07-21 10:47 - 00000000 ____D C:\FRST
2016-07-21 10:46 - 2016-07-21 10:47 - 02393600 _____ (Farbar) C:\Users\Joana\Desktop\FRST64.exe
2016-07-21 08:08 - 2016-07-21 08:10 - 00256180 _____ C:\WINDOWS\Minidump\072116-27265-01.dmp
2016-07-18 21:12 - 2016-07-18 21:12 - 00000000 ____D C:\Users\Joana\Desktop\modified-shop_2.0.0.0-r9678_install
2016-07-18 21:08 - 2016-07-18 21:08 - 00001157 _____ C:\Users\Public\Desktop\PDF24.lnk
2016-07-18 21:08 - 2016-07-18 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2016-07-18 08:36 - 2016-07-18 08:38 - 06569088 _____ (Tim Kosse) C:\Users\Joana\Downloads\FileZilla_3.19.0_win64-setup.exe
2016-07-17 07:54 - 2016-07-17 07:54 - 00123098 _____ C:\Users\Joana\Desktop\british_museum_1490.zip
2016-07-17 04:31 - 2016-07-17 04:31 - 00000513 _____ C:\Users\Joana\Desktop\proxy.txt
2016-07-16 08:19 - 2016-07-16 18:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-07-15 10:22 - 2016-07-15 10:22 - 01617469 _____ C:\Users\Joana\Desktop\ABRAMS • How to Create a Doppelgänger Dog Pillow Excerpt.pdf
2016-07-15 07:14 - 2016-07-15 07:17 - 00220284 _____ C:\WINDOWS\Minidump\071516-28718-01.dmp
2016-07-15 04:17 - 2016-07-15 04:17 - 00121867 _____ C:\Users\Joana\Desktop\Transaktionsdetails - PayPal.pdf
2016-07-09 04:54 - 2016-07-17 04:27 - 00000000 ____D C:\Users\Joana\Desktop\handy
2016-07-07 11:46 - 2016-07-07 11:48 - 00195876 _____ C:\WINDOWS\Minidump\070716-38031-01.dmp
2016-06-29 01:45 - 2016-07-21 08:33 - 00000000 ____D C:\AdwCleaner
2016-06-29 01:45 - 2016-06-29 01:45 - 03703360 _____ C:\Users\Joana\Desktop\adwcleaner_5.200.exe
2016-06-29 01:04 - 2016-06-29 01:04 - 07606903 _____ C:\Users\Joana\Desktop\-The proxy server isn't responding- Removal Guide.pdf
2016-06-28 12:28 - 2016-06-29 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-23 13:50 - 2016-06-23 13:50 - 00285772 _____ C:\WINDOWS\Minidump\062316-22062-01.dmp
2016-06-22 14:34 - 2016-06-22 14:34 - 00001742 _____ C:\Users\Joana\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-06-22 14:34 - 2016-06-22 14:34 - 00001718 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-06-22 14:33 - 2016-06-22 14:34 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-21 10:30 - 2016-03-03 20:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-21 10:29 - 2016-01-19 16:14 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-21 10:10 - 2015-08-11 17:58 - 00000000 ____D C:\Users\Joana\AppData\Roaming\DVDVideoSoft
2016-07-21 09:35 - 2016-01-19 16:14 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-21 09:35 - 2015-08-05 17:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-07-21 09:33 - 2015-12-03 13:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-21 09:32 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-21 08:31 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-21 08:31 - 2015-08-04 21:21 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-21 08:22 - 2016-04-23 02:04 - 00000000 ____D C:\Program Files\Detong
2016-07-21 08:22 - 2015-12-03 12:38 - 00000000 ____D C:\Users\Joana
2016-07-21 08:08 - 2015-12-09 19:56 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-21 08:08 - 2015-08-04 22:35 - 491737244 _____ C:\WINDOWS\MEMORY.DMP
2016-07-21 08:06 - 2015-08-05 18:58 - 00000000 ____D C:\Users\Joana\AppData\Roaming\com.oxygenxml
2016-07-21 08:03 - 2015-11-17 01:11 - 00000000 ____D C:\Users\Joana\AppData\Roaming\FileZilla
2016-07-20 08:47 - 2015-08-06 18:36 - 00000000 ____D C:\Users\Joana\AppData\Local\CrashDumps
2016-07-19 17:15 - 2015-08-05 17:58 - 00000000 ____D C:\Users\Joana\Documents\Calibre Library
2016-07-18 21:08 - 2015-10-07 19:02 - 00000000 ____D C:\Program Files (x86)\PDF24
2016-07-18 16:42 - 2015-10-06 13:24 - 00000000 ____D C:\Users\Joana\Desktop\new stuff
2016-07-18 08:39 - 2015-08-05 20:17 - 00001927 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-07-18 08:39 - 2015-08-05 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-07-18 08:39 - 2015-08-05 20:17 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-07-17 12:36 - 2015-12-03 12:28 - 05056328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-17 12:36 - 2015-08-05 17:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-17 10:00 - 2016-03-16 20:27 - 00000033 _____ C:\Users\Joana\AppData\Roaming\AdobeWLCMCache.dat
2016-07-17 07:43 - 2015-10-20 10:16 - 00000000 ____D C:\Users\Joana\Desktop\PEARSON
2016-07-17 04:35 - 2015-08-06 21:03 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-16 10:39 - 2015-08-05 18:06 - 00000000 ____D C:\Users\Joana\AppData\Local\Adobe
2016-07-13 12:50 - 2015-12-08 02:29 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 12:49 - 2015-12-08 02:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 16:54 - 2015-08-05 17:47 - 00000000 ____D C:\Users\Joana\AppData\Roaming\Skype
2016-07-01 13:46 - 2016-03-23 15:30 - 00073730 _____ C:\Users\Joana\Desktop\Concession+Cash+Redemption+Form-Updated.pdf
2016-06-29 14:46 - 2015-08-04 19:43 - 00000000 ____D C:\Users\Joana\AppData\Local\Packages
2016-06-29 02:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-29 01:35 - 2016-03-03 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-28 14:28 - 2015-08-05 17:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-28 14:28 - 2015-08-05 17:47 - 00000000 ____D C:\ProgramData\Skype
2016-06-28 12:10 - 2016-04-30 03:20 - 00001091 _____ C:\Users\Joana\Desktop\price comparison.txt
2016-06-26 01:16 - 2015-08-05 17:56 - 00001029 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-06-26 01:16 - 2015-08-05 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-06-26 01:16 - 2015-08-05 17:56 - 00000000 ____D C:\Program Files (x86)\Calibre2
2016-06-22 15:21 - 2016-03-03 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-22 15:21 - 2016-03-03 20:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-06-22 14:30 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-22 14:30 - 2015-08-07 10:29 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-06-22 14:23 - 2015-08-07 10:29 - 00000000 ____D C:\ProgramData\BlueStacks
2016-06-21 16:06 - 2016-06-20 22:52 - 00771032 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2016-06-21 16:06 - 2016-06-20 22:52 - 00769496 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2016-06-21 16:06 - 2015-08-06 18:30 - 00391128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2016-06-21 15:14 - 2015-08-05 17:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-06-21 15:12 - 2016-06-20 23:27 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-21 13:06 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-21 13:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Files in the root of some directories =======
2016-03-16 20:27 - 2016-07-17 10:00 - 0000033 _____ () C:\Users\Joana\AppData\Roaming\AdobeWLCMCache.dat
2015-12-03 12:35 - 2015-12-03 12:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Joana\AppData\Local\Temp\AskSLib.dll
C:\Users\Joana\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Joana\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Joana\AppData\Local\Temp\Setup.exe
C:\Users\Joana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Joana\AppData\Local\Temp\tmd_34018055.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-13 16:36
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2016
Ran by Joana (2016-07-21 10:50:19)
Running from C:\Users\Joana\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-03 17:11:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3399455300-1473740082-1351970817-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3399455300-1473740082-1351970817-503 - Limited - Disabled)
Guest (S-1-5-21-3399455300-1473740082-1351970817-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3399455300-1473740082-1351970817-1003 - Limited - Enabled)
Joana (S-1-5-21-3399455300-1473740082-1351970817-1001 - Administrator - Enabled) => C:\Users\Joana
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
Beauty Guide 2.2.4 (HKLM\...\Beauty Guide_is1) (Version: 2.2.4 - Tint Guide)
BlueStacks App Player (HKLM-x32\...\{AA655366-D323-404D-AA9B-AD562CAE1DD0}) (Version: 2.2.21.6212 - BlueStack Systems, Inc.)
calibre (HKLM-x32\...\{C5EAF3E8-7DA7-4E44-AF72-B3F124DDA463}) (Version: 2.60.0 - Kovid Goyal)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - )
CoffeeCup Website Color Schemer (HKLM-x32\...\CoffeeCup Website Color Schemer) (Version: - CoffeeCup Software)
Duplicate Cleaner Pro 3.2.7 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.7 - DigitalVolcano Software Ltd)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.1.119 - DVDVideoSoft Ltd.)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.0.8.1127 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.61.805 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.61.805 - DVDVideoSoft Ltd.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
High-Logic MainType 6 (HKLM-x32\...\MainType4_is1) (Version: - High-Logic B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Oxygen XML Editor 17.0 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 17.0 - SyncRO Soft)
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Pixel Ruler (HKLM-x32\...\Pixel Ruler) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
Tutor.com Classroom (HKLM-x32\...\{5DB1EA3B-F4FF-4422-BC52-43619323BE1F}) (Version: 6.4.4 - Tutor.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.30 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.4 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3399455300-1473740082-1351970817-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Joana\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {31537397-427A-4A22-81D9-395081B35F6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {536D9772-B68B-4D83-9E69-BEAE914233E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {627EDCBE-9228-422B-A9FD-0B06EECC042A} - \InstallShield Update Task -> No File <==== ATTENTION
Task: {62B4F52A-D811-4102-95B9-E07B5461BDDB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {69890A85-DF07-48E4-ACCA-B11A47F06DB5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {76D66964-265A-4DBD-9C5F-88DDF1E479EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-19] (Google Inc.)
Task: {908E3AD2-086B-4F1C-89B0-C012E232DD74} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-06-30] (AsusTek)
Task: {AE3A0CE2-C65B-46F1-98FD-FFF03CB0BB16} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {BA038DD7-2FC2-4D6E-B2EA-DCECA2088190} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {BB5B9C10-547A-44AA-8C4F-461F9A5911ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {C043B42E-F835-4922-A49D-F0CACD2FBE72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-19] (Google Inc.)
Task: {C5E2CDD0-ADE6-428A-BC6E-CC0BD81AD481} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {DC7CF6A6-BE10-48EE-AD58-31A603D6E861} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EDA775A0-80C5-45D3-9EB6-6E09FCAA220C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F00D73A4-426F-4E11-AA5B-0580D99103C7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F17ACE7E-819E-4287-A74F-2B36BA3B2929} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {FFF89707-0612-4426-9C25-F1B8F973C165} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Joana\Desktop\Collection\Bücher\Downloads\CryptLoad_1.1.8\router\FRITZ!Box\reconnect.bat - Verknüpfung.lnk -> D:\Dokumente\Visual Studio 2005\Projects\Linker\Linker\bin\Release\CryptLoad_Secure\router\FRITZ!Box\reconnect.bat (No File)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-18 11:06 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-18 11:06 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-27 11:22 - 2016-06-27 11:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-20 01:05 - 2016-04-20 01:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 06:48 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 11:51 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 11:51 - 2016-04-23 00:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-06-15 02:57 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 02:57 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 02:57 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 02:58 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-08-11 18:00 - 2016-01-19 04:02 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-20 01:05 - 2016-04-20 01:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 01:05 - 2016-04-20 01:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-26 15:40 - 2016-06-22 14:23 - 03306496 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2016-03-15 17:26 - 2016-01-19 04:02 - 00039272 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\jansson.dll
2016-03-15 17:26 - 2016-01-19 04:02 - 00110952 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\zlib1.dll
2016-03-15 17:26 - 2016-01-19 03:56 - 00209768 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\mmconv_2.dll
2016-03-15 17:26 - 2016-01-19 03:56 - 00099688 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\mmpreset.dll
2016-03-15 17:26 - 2016-01-19 04:02 - 01268072 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\libGLESv2.dll
2016-03-15 17:26 - 2016-01-19 04:02 - 00013672 _____ () C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\libEGL.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2015-10-05 14:19 - 00001702 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na2m-pr.licenses.adobe.com
127.0.0.1 na4r.services.adobe.com
127.0.0.1 ims-na1-prprod.adobelogin.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Canon LBP2900 Statusfenster.lnk"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "FmsProxy"
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3399455300-1473740082-1351970817-1001\...\StartupApproved\Run: => "GoogleDriveSync"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BCDF5843-6D47-4406-9955-F756FBC04D7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A5C40EC4-6ADE-41B9-96DB-7DFE10659282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09F8CAAC-0A19-4A75-B179-9DB6129C86F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{96D0B3F6-1185-4C7B-ACB4-45AD3BC93BB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CEC72C8E-6E27-46F8-ADDF-031061D26676}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BF4DA212-6B9F-445A-BE7C-8DD9FCFEC02F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{302EDF52-1CA4-4733-A7C6-3675CD2DDB1A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3CD5BE4F-ED63-4CD2-BCFF-F4B7372E4F6F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{82812D7B-932B-4101-B21E-08BB6072E47B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D773C0DE-A9A2-46CE-B41B-DF763A5E8803}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FFE94EB6-93E9-491F-9AAD-745DAB5256F7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{72244BDA-9C06-42BE-957E-2904CADA5B02}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3FE9DD3E-8E13-4A10-A7B9-A0EAAECDF895}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C41271B7-4BCB-4AD5-A112-D9E37B89EF64}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{07A7B678-DEFC-46BA-A86B-EB7B385626AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C8DC0416-D6FE-47C3-A969-5A09382BB388}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{49E112BB-872E-40DE-A50C-F21281A6CBDF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4F9A15C-F00C-4B85-AAC5-941395C2AF11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F08FC7BA-0922-41F4-8280-3CAC7179AD2D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0BFC023F-0E5F-4AC2-8BCE-FC6C8E17E82D}] => (Allow) C:\Windows\System32\CNAB4RPD.EXE
FirewallRules: [{4245FFD0-90D5-4101-AA06-B55C5B79AAB7}] => (Allow) C:\Windows\System32\CNAB4RPD.EXE
FirewallRules: [{643C37C2-E584-4348-9A26-F30AA501FB74}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{D56B42D6-DB25-477A-BE8B-39778DC3D955}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{8D824332-12E8-4890-ACA8-68B8985FA19E}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{EF63A732-F817-4D01-B527-05B92837E32C}] => (Block) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{EB80021C-E6C4-47D6-A62F-44B002A28069}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{7BC11F81-5936-42EE-BDA8-DE06668A53BB}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{C1292B41-9651-4BDF-B069-A7CCAF8C02B5}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{14004729-0314-4779-B742-7260025AC76A}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{A6CEDCBB-2D9B-4978-B5F0-998006DFCD9D}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{0D4E4CD7-B166-4D27-AC51-6F4BF4024388}] => (Allow) C:\Program Files (x86)\Internet Explorer\iexplore.exe
FirewallRules: [{3E96A6EA-0D55-41F6-83B3-494550F06625}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{EF0EC2B2-6C4A-4FFE-8F04-BCD646370136}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{22DD3887-9953-4F23-98E1-6AF8AC77FB8C}C:\program files\filezilla ftp client\filezilla.exe] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{7ACF6B4F-7D3A-40A1-9D5A-15A5B292106D}C:\program files\filezilla ftp client\filezilla.exe] => (Block) C:\program files\filezilla ftp client\filezilla.exe
==================== Restore Points =========================
17-06-2016 12:31:03 Windows Update
25-06-2016 12:47:20 Scheduled Checkpoint
07-07-2016 12:49:38 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/21/2016 09:35:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
Error: (07/21/2016 09:35:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
Error: (07/21/2016 09:35:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (07/21/2016 09:35:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4
Error: (07/21/2016 09:35:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
Error: (07/21/2016 09:35:52 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
Error: (07/21/2016 09:35:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (07/21/2016 09:33:36 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\Sources\Manager\WIPolicyCreateAll.cpp @ line 59
Executing Function: WIPolicyCreateAll::execute
Message: Unhandled exception caught during execution of work item
Policy File Name: DptfPolicyPassive.dll
Framework Event: PolicyCreate [27]
Exception Function: PolicyManager::createPolicy
Exception Text:
DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 457
Executing Function: EsifServices::primitiveExecuteGet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: GET_THERMAL_RELATIONSHIP_TABLE [91]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Error: (07/21/2016 09:33:33 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR
DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\Sources\Manager\WIPolicyCreateAll.cpp @ line 59
Executing Function: WIPolicyCreateAll::execute
Message: Unhandled exception caught during execution of work item
Policy File Name: DptfPolicyActive.dll
Framework Event: PolicyCreate [27]
Exception Function: PolicyManager::createPolicy
Exception Text:
DPTF Build Version: 8.1.10603.192
DPTF Build Date: Aug 7 2015 10:44:44
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 457
Executing Function: EsifServices::primitiveExecuteGet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: GET_ACTIVE_RELATIONSHIP_TABLE [89]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Error: (07/21/2016 09:19:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
System errors:
=============
Error: (07/21/2016 10:31:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (07/21/2016 09:34:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BstHdUpdaterSvc service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.
Error: (07/21/2016 09:34:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BstHdUpdaterSvc service to connect.
Error: (07/21/2016 09:34:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the isupdate.exe service to connect.
Error: (07/21/2016 09:33:28 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The ATKGFNEXSrv service depends on the following service: ASMMAP64. This service might not be installed.
Error: (07/21/2016 09:32:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_429e0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/21/2016 09:32:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_429e0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/21/2016 09:32:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_429e0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/21/2016 09:32:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_429e0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (07/21/2016 09:32:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
CodeIntegrity:
===================================
Date: 2016-07-20 11:25:02.248
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-17 17:32:28.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-16 11:11:07.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-13 16:40:26.636
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-07-07 17:34:38.366
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-29 16:35:24.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-25 12:31:32.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-22 13:15:28.684
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-21 13:12:32.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-06-20 01:38:03.071
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 71%
Total physical RAM: 3979.34 MB
Available physical RAM: 1124.41 MB
Total Virtual: 7307.34 MB
Available Virtual: 4178.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:464.8 GB) (Free:108.52 GB) NTFS
Drive d: (SSD) (Fixed) (Total:14.91 GB) (Free:14.87 GB) NTFS
Drive e: (TAILS) (Removable) (Total:1.46 GB) (Free:1.24 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 969FA63F)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by jaffacake, 21 July 2016 - 09:07 AM.