Jump to content

zingikis

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you, Left a small tip for you, since I can't afford to give much
  2. Put my computer to sleep and turned it back on, with chrome open and no notification from avast. Seems fixed to me. Is there anything else I should do to check?
  3. Ahh. Just noticed it, yes I do. Here it is: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02Ran by 1 at 2015-05-19 16:54:45 Run:1Running from C:\Users\1\DesktopLoaded Profiles: 1 & UpdatusUser (Available profiles: 1 & UpdatusUser)Boot Mode: Normal============================================== Content of fixlist:*****************Closeprocesses:Emptytemp:GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3682626979-3468085338-2191893697-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.yhs4.searc...5_17&os=Windows8.1&p={searchTerms}SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.searc...5_17&os=Windows8.1&p={searchTerms}SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.searc...5_17&os=Windows8.1&p={searchTerms}SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> URL http://search.condui...rchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> SuggestionsURL_JSON http://suggest.searc...x={searchTerms}SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.searc...5_17&os=Windows8.1&p={searchTerms}CHR Extension: (Speedial) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-05-19]C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkdCHR HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.goo...ice/update2/crxCHR HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.goo...ice/update2/crxReg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fReg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: ipconfig /flushdnsCMD: bitsadmin /reset /allusers***************** Processes closed successfully.C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.Error setting Default URLSearchHook.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully."HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd directory not found."C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => File/Directory not found."HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully."HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd" => Key deleted successfully. ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= The operation completed successfully. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. {E59E6CC5-E22D-4E46-AE87-AE7AE880E67D} canceled.1 out of 1 jobs canceled. ========= End of CMD: =========
  4. Hi Argus Thank You for helping me. I followed the steps and FRST seems to have crashed, it's been stuck like this for about 10 minutes now. The green bar doesn't move and I can't press anything in the window
  5. Hello I'm having the same issue as this person - https://forums.malwarebytes.org/index.php?/topic/163907-malware-from-svchostexe-with-random-website-urls/ I also have Avast. I scanned my system with MWB, it found a couple non-malware files and I proceeded to delete them (this is after the avast pop-ups began). However, the issue wasn't fixed. I read through the problem (provided in the link), but I'm not sure what OS the person is using so I didn't take any further steps, other than scanning with mwb as well as FRST. Here are the FRST scan logs (after mwb scan) I'm not sure how to add the file as an attachment so I will copy and paste it's contents FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by 1 (administrator) on USER on 19-05-2015 14:48:15Running from C:\Users\1\DownloadsLoaded Profiles: 1 & UpdatusUser (Available profiles: 1 & UpdatusUser)Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayAppHKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)HKLM\...\Run: [XboxStat] => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrunHKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-09] (AVAST Software)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\Run: [GoogleChromeAutoLaunch_5FEC37F68AD04C6DB9277540FD044B6F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-11-11] (NVIDIA Corporation)AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-11-11] (NVIDIA Corporation)Startup: C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk [2014-11-22]ShortcutTarget: Warcraft Config.lnk -> C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe (No File)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-05-30] (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKU\S-1-5-21-3682626979-3468085338-2191893697-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/URLSearchHook: [s-1-5-21-3682626979-3468085338-2191893697-1003] ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtBtAyC0B0EyEzztBtCyCtN0D0Tzu0StCtBtCtCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EtC0AyEyCyC0CtGtC0CyByBtGyDzytB0DtG0C0CyCyEtGyBtC0Bzy0A0CyC0AyCtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtDyEyB0E0D0EtAtGzz0DyBzztGyE0DyCyCtGzzzyyCyDtGtA0EtAtC0CtDtCyByDtDyByB2QtN0A0LzuyE%26cr%3D1311112926%26a%3Dwny_ir_15_17%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtBtAyC0B0EyEzztBtCyCtN0D0Tzu0StCtBtCtCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EtC0AyEyCyC0CtGtC0CyByBtGyDzytB0DtG0C0CyCyEtGyBtC0Bzy0A0CyC0AyCtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtDyEyB0E0D0EtAtGzz0DyBzztGyE0DyCyCtGzzzyyCyDtGtA0EtAtC0CtDtCyByDtDyByB2QtN0A0LzuyE%26cr%3D1311112926%26a%3Dwny_ir_15_17%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtBtAyC0B0EyEzztBtCyCtN0D0Tzu0StCtBtCtCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EtC0AyEyCyC0CtGtC0CyByBtGyDzytB0DtG0C0CyCyEtGyBtC0Bzy0A0CyC0AyCtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtDyEyB0E0D0EtAtGzz0DyBzztGyE0DyCyCtGzzzyyCyDtGtA0EtAtC0CtDtCyByDtDyByB2QtN0A0LzuyE%26cr%3D1311112926%26a%3Dwny_ir_15_17%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> URL http://search.conduit.com/Results.aspx?ctid=CT3323129&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPA84442AD-0287-4292-956C-EF06F7820230&q={searchTerms}&SSPV=SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_ir_15_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtBtAyC0B0EyEzztBtCyCtN0D0Tzu0StCtBtCtCtN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StB0EtC0AyEyCyC0CtGtC0CyByBtGyDzytB0DtG0C0CyCyEtGyBtC0Bzy0A0CyC0AyCtC0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtDyEyB0E0D0EtAtGzz0DyBzztGyE0DyCyCtGzzzyyCyDtGtA0EtAtC0CtDtCyByDtDyByB2QtN0A0LzuyE%26cr%3D1311112926%26a%3Dwny_ir_15_17%26os%3DWindows8.1&p={searchTerms} SearchScopes: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBoxBHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-30] (AVAST Software)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll No FileBHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-13] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-30] (AVAST Software)BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll No FileBHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-13] (Oracle Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-13] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-13] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-13] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-13] (Oracle Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-02] (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\1\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)FF Plugin HKU\S-1-5-21-3682626979-3468085338-2191893697-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) Chrome: =======CHR HomePage: Default -> hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHPCHR StartupUrls: Default -> "hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP"CHR Profile: C:\Users\1\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Speedial) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2015-05-19]CHR Extension: (Blue Nebula - Full HD - Axlg) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpbfcgopniakghhkjcnnmpfdemapblij [2015-04-26]CHR Extension: (Morpheon Dark - Aero) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2015-05-19]CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-05-19]CHR Extension: (AdBlock) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-19]CHR Extension: (Bookmark Manager) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]CHR Extension: (Avast Online Security) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-19]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]CHR Extension: (Skype Click to Call) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-19]CHR Extension: (Google Wallet) - C:\Users\1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-03]CHR HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-30]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-30] (AVAST Software)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-30] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-30] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-30] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-30] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-30] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-30] ()R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-31] (Intel Corporation)R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows ® Win 7 DDK provider)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-19 14:48 - 2015-05-19 14:48 - 00023489 _____ () C:\Users\1\Downloads\FRST.txt2015-05-19 14:48 - 2015-05-19 14:48 - 00000000 ____D () C:\FRST2015-05-19 14:47 - 2015-05-19 14:47 - 02107392 _____ (Farbar) C:\Users\1\Downloads\FRST64.exe2015-05-19 14:45 - 2015-05-19 14:45 - 00912744 _____ () C:\Users\1\Downloads\pbsvc.exe2015-05-19 14:22 - 2015-05-19 14:22 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-05-19 14:22 - 2015-05-19 14:22 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-05-19 14:22 - 2015-05-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-05-19 14:22 - 2015-05-19 14:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-05-19 14:22 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-05-19 14:22 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-05-19 14:22 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-05-19 14:21 - 2015-05-19 14:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\1\Downloads\mbam-setup-2.1.6.1022.exe2015-05-19 14:20 - 2015-05-19 14:20 - 00159578 _____ () C:\Users\1\Downloads\JavaRa-2.6.zip2015-05-19 14:19 - 2015-05-19 14:19 - 00781312 _____ () C:\Users\1\Downloads\delfix_1.010.exe2015-05-18 22:31 - 2015-05-18 22:31 - 00009096 _____ () C:\Users\1\Desktop\fadsadasd.jpeg2015-05-10 00:03 - 2015-05-10 00:25 - 00000000 ____D () C:\Users\1\AppData\Local\The Witcher2015-05-10 00:03 - 2015-05-10 00:21 - 00000000 ____D () C:\Users\1\Documents\The Witcher2015-05-10 00:02 - 2015-05-10 00:02 - 00000000 ____D () C:\Users\Public\Documents\The Witcher2015-05-09 22:55 - 2015-05-09 22:55 - 00000221 _____ () C:\Users\1\Desktop\The Witcher Enhanced Edition.url2015-05-08 13:53 - 2015-05-08 13:53 - 00013403 _____ () C:\Users\1\Downloads\A0B982CB3B62C9EB6E5415837212A96D0071DDD0.torrent2015-04-30 21:24 - 2015-04-30 21:24 - 00000258 __RSH () C:\ProgramData\ntuser.pol2015-04-29 04:25 - 2015-04-29 04:26 - 68095229 _____ () C:\Users\1\Downloads\Fate-stay_night_English_v3.2_[mirror_moon].exe2015-04-29 04:17 - 2015-04-29 04:17 - 08043648 _____ (1f0.de ) C:\Users\1\Downloads\LAVFilters-0.62-Installer.exe2015-04-29 04:17 - 2015-04-29 04:17 - 00000000 ____D () C:\Program Files (x86)\LAV Filters2015-04-27 03:44 - 2015-04-27 03:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google2015-04-26 19:41 - 2015-04-26 19:41 - 00000408 _____ () C:\Users\1\AppData\Roaming\CamShapes.ini2015-04-26 19:41 - 2015-04-26 19:41 - 00000408 _____ () C:\Users\1\AppData\Roaming\CamLayout.ini2015-04-26 19:41 - 2015-04-26 19:41 - 00000046 _____ () C:\Users\1\AppData\Roaming\Camdata.ini2015-04-26 19:41 - 2015-04-26 19:41 - 00000000 ____D () C:\ProgramData\61b8997000007e742015-04-26 19:37 - 2015-04-26 19:37 - 00000096 _____ () C:\Users\1\AppData\Roaming\version2.xml2015-04-20 22:22 - 2015-04-20 22:22 - 00000006 _____ () C:\Users\1\Desktop\postcodesalfordquays.txt2015-04-19 23:03 - 2015-04-19 23:03 - 00001447 _____ () C:\Users\1\Desktop\Fate - Shortcut.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-19 14:44 - 2014-03-03 22:42 - 00000000 ____D () C:\Users\1\AppData\Roaming\Skype2015-05-19 14:44 - 2014-03-03 00:07 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3682626979-3468085338-2191893697-10012015-05-19 14:43 - 2014-03-03 20:46 - 01919163 _____ () C:\WINDOWS\WindowsUpdate.log2015-05-19 14:43 - 2013-11-14 13:45 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-05-19 14:39 - 2014-03-03 23:21 - 00000000 ___DO () C:\Users\1\SkyDrive2015-05-19 14:39 - 2014-03-03 22:12 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-05-19 14:38 - 2015-01-13 01:46 - 00029283 _____ () C:\WINDOWS\setupact.log2015-05-19 14:38 - 2014-09-30 14:39 - 00000000 ____D () C:\Program Files (x86)\Steam2015-05-19 14:38 - 2013-11-14 05:34 - 00067774 _____ () C:\WINDOWS\PFRO.log2015-05-19 14:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\InputMethod2015-05-19 14:38 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-05-19 14:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-05-19 14:34 - 2014-03-07 23:42 - 00000000 ____D () C:\Users\1\AppData\Local\Battle.net2015-05-19 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-05-19 13:53 - 2014-03-03 22:12 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-05-19 12:41 - 2014-04-02 13:44 - 00000000 ____D () C:\Program Files\Microsoft Office 152015-05-19 12:33 - 2014-03-03 21:06 - 00003894 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A9688BAF-4790-4048-8507-5CECD41E680E}2015-05-19 00:12 - 2014-03-03 22:18 - 00000024 _____ () C:\Users\1\jagexappletviewer.preferences2015-05-19 00:11 - 2014-03-03 22:18 - 00000040 _____ () C:\Users\1\jagex_cl_runescape_LIVE.dat2015-05-18 14:27 - 2014-03-27 22:15 - 00000000 ____D () C:\Users\1\AppData\Roaming\vlc2015-05-17 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-05-16 19:01 - 2014-04-20 18:34 - 00000040 _____ () C:\Users\1\jagex_cl_oldschool_LIVE.dat2015-05-16 14:28 - 2014-03-07 23:43 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2015-05-15 15:48 - 2014-03-03 22:12 - 00003888 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-15 15:48 - 2014-03-03 22:12 - 00003652 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-13 14:59 - 2014-04-02 13:52 - 00003080 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3682626979-3468085338-2191893697-10012015-05-13 14:59 - 2014-04-02 13:52 - 00000000 ___RD () C:\Users\1\OneDrive2015-05-13 00:48 - 2014-03-03 22:12 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-05-12 14:27 - 2014-03-07 23:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-05-10 00:03 - 2014-05-08 11:15 - 00108980 _____ () C:\WINDOWS\DirectX.log2015-05-06 20:19 - 2015-01-12 22:47 - 00000000 ____D () C:\Users\1\Documents\888poker2015-05-02 14:58 - 2014-03-03 22:42 - 00000000 ____D () C:\ProgramData\Skype2015-04-27 03:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy2015-04-26 19:39 - 2014-07-21 11:17 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork ==================== Files in the root of some directories ======= 2015-04-26 19:41 - 2015-04-26 19:41 - 0000046 _____ () C:\Users\1\AppData\Roaming\Camdata.ini2015-04-26 19:41 - 2015-04-26 19:41 - 0000408 _____ () C:\Users\1\AppData\Roaming\CamLayout.ini2015-04-26 19:41 - 2015-04-26 19:41 - 0000408 _____ () C:\Users\1\AppData\Roaming\CamShapes.ini2015-04-26 19:37 - 2015-04-26 19:37 - 0000096 _____ () C:\Users\1\AppData\Roaming\version2.xml2014-03-03 22:21 - 2014-03-31 09:21 - 0000076 _____ () C:\Users\1\AppData\Roaming\WB.CFG2014-03-03 21:03 - 2014-03-03 21:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP:====================C:\Users\1\AppData\Local\Temp\ERUNT.exeC:\Users\1\AppData\Local\Temp\setup.exeC:\Users\1\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-10 16:00 ==================== End Of Log ============================ ADDITION.TXT Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02Ran by 1 at 2015-05-19 14:48:40Running from C:\Users\1\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= 1 (S-1-5-21-3682626979-3468085338-2191893697-1001 - Administrator - Enabled) => C:\Users\1Administrator (S-1-5-21-3682626979-3468085338-2191893697-500 - Administrator - Disabled)Guest (S-1-5-21-3682626979-3468085338-2191893697-501 - Limited - Disabled)UpdatusUser (S-1-5-21-3682626979-3468085338-2191893697-1003 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )888poker (HKLM-x32\...\888poker) (Version: - )Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)ExpressCache (HKLM\...\{3EA6AB5D-D434-4ACA-9609-48F1319518EF}) (Version: 1.0.94 - Condusiv Technologies)Final Fantasy VII - Ultima Edition (HKLM-x32\...\Final Fantasy VII_is1) (Version: - )FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenH1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 1.3.1.0 - Internet Helper (Powered by Panda Security))iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)LAV Filters 0.62.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.62.0 - Hendrik Leppkes)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMalwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)NVIDIA Graphics Driver 327.68 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.68 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.3.36532 - Grinding Gear Games)Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)PS TO PC CONVERTER (HKLM-x32\...\{A483F88A-41E9-45B2-AAC9-A823DD9B4873}) (Version: 2007.01.01 - )qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) HiddenSettings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)Transformers Universe (HKLM-x32\...\{EAB5ACD3-43C0-4B3E-931A-CA61520934AD}) (Version: 1.0.0.0 - Jagex Ltd)Twin USB Gamepad (HKLM-x32\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx)Unity Web Player (HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)USB Force Wheel (HKLM-x32\...\{D5778AE9-6376-4CE6-AD4A-8712F4EC3302}) (Version: 2002.10.8 - )USB Vibration Joystick (BM) (HKLM-x32\...\{61A994FF-D39B-4937-9DB9-87EC4E91B31F}) (Version: 1.00.0000 - ShanWan)USB Vibration Joystick (HKLM-x32\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\1\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CBCB36B-AEDA-4A04-80A6-57B46DC84460} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-30] (AVAST Software)Task: {18E0648D-9228-400E-A6E4-A5AD3A9F4C61} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3682626979-3468085338-2191893697-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exeTask: {2E465855-48D5-4060-B824-205664D8E64E} - System32\Tasks\{754575F8-0F61-4D38-B423-3265AAD4960F} => pcalua.exe -a "C:\Users\1\Downloads\Xbox360_64Eng (1).exe" -d C:\Users\1\DownloadsTask: {32E68B52-B3B0-43BF-88F2-FEF79785E5CF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)Task: {333167DE-3C61-4D03-9373-303DC51EF610} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)Task: {589CF5DB-BA34-49C5-8211-C47F9AE8F5AF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {5A79545D-2805-411B-B785-B156B7879403} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {5B5490D4-C129-4862-9C75-14596E3B5710} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)Task: {5E03EACA-C33E-4A1B-AC54-4B698349DD37} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)Task: {63837361-963A-4292-A096-926609629405} - System32\Tasks\Microsoft Office 15 Sync Maintenance for USER-1 User => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)Task: {77BFC5FC-2542-416A-AEB3-B28EF6FA2DA7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()Task: {79226BFB-4671-4E1A-BACF-1B04E4770AB3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)Task: {7A8BC8D4-C54B-487E-82A6-9F3A13D4E2C2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()Task: {8FA45B04-F173-48CA-9C83-1C9493DBC520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-03] (Google Inc.)Task: {9EFEF1F9-0013-4C6A-ACA5-9A2F1CFBFE01} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {A20514D6-5F28-45E7-8B8E-4419451550C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-16] (Microsoft Corporation)Task: {B407E3AC-2F79-4D8A-AC4B-E59169976814} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {BA91963D-E838-4F91-AB8F-89E141BABB35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-03] (Google Inc.)Task: {C4155627-7A1C-41ED-B279-397A43235E30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)Task: {D04FC687-3676-4B18-A068-083458D336D5} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3682626979-3468085338-2191893697-1001Task: {D4EBF875-F3DA-40FE-B75E-F24E049AD5B2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-03-03 21:14 - 2013-11-11 05:27 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-04-02 13:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe2015-03-16 18:11 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-01-25 03:22 - 2014-01-25 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-10-16 20:15 - 2013-10-16 20:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll2015-05-19 12:33 - 2015-05-19 12:33 - 02929664 _____ () C:\Program Files\AVAST Software\Avast\defs\15051900\algo.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll2015-05-13 00:48 - 2015-05-05 05:06 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll2015-05-13 00:48 - 2015-05-05 05:06 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll2014-04-02 13:08 - 2014-04-02 13:08 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-03-03 20:53 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\1\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\clonewarsadventures.com -> clonewarsadventures.comIE trusted site: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\freerealms.com -> freerealms.comIE trusted site: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\soe.com -> soe.comIE trusted site: HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\sony.com -> sony.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\1\Desktop\BF75rtM.jpgDNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Internet Helper Anti-phishing"HKU\S-1-5-21-3682626979-3468085338-2191893697-1001\...\StartupApproved\Run: => "PC Health Kit" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{34A8FFDD-021A-46A1-9F10-DF5F60B34708}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{FA7E57B3-79ED-475A-AD1E-1A1989D048F6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{183DAFC0-C456-48BC-8B8D-7EE3E8D76A80}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{4C137C49-69B6-4608-B7C0-B2D95E1313D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [TCP Query User{B57872A7-6350-4FEA-A5A3-F10CFE5E4C4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{70BB5209-3D2F-42C5-B5A9-CC9566863562}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{F0D5656B-F8A7-4888-8ECC-F72B4267EBAF}] => (Allow) C:\Users\1\Downloads\uTorrent.exeFirewallRules: [{4F1DDF63-D8FC-40E6-9033-92BBE50D36F4}] => (Allow) C:\Users\1\Downloads\uTorrent.exeFirewallRules: [{6C60E7C7-31E3-48B6-86D2-6E04B9D93452}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{1F80E810-602B-48B5-9446-54E05A321217}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{EB947004-AD00-4D0F-BB3D-9D56245F3BBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{AC87D806-2052-4BE9-A16E-8C931E5A6EC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{7465C6C2-5248-4AEA-A8AE-C058DDA8965D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{178FD6CB-4A63-4236-9579-69DEECADA619}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{45AADE19-0076-4E25-9DC6-9C4D3ABAA1BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exeFirewallRules: [{58B045D8-D76D-4057-9B3E-2B800A4522D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exeFirewallRules: [{B786FC53-97FB-4943-8FB1-37981110F688}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{ABDF7924-D127-4267-A36C-BD459911CC88}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{7594FBA2-6ABB-4481-AECE-DF36E1EAB316}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{7E77B507-9BA6-45C4-8679-9C0D63108A66}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{87BA5C51-F808-48F1-A664-13C55D6020ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exeFirewallRules: [{A92BB2B2-3E40-4960-A005-130E79116443}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exeFirewallRules: [{F6E98497-050B-4C34-9D19-1D89B483442D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exeFirewallRules: [{7BA20E28-1531-4548-B82A-F69668C5F4E5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exeFirewallRules: [{82F5D5B6-9408-41E1-B5C3-56A5A820EEF9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{5AB2761F-071F-4E0E-A10A-775FF6FB3C8D}] => (Allow) C:\Users\1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{6C80C809-5F72-4944-9BD0-CAEBC34F406D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exeFirewallRules: [{6D45A9C1-21C3-4E42-A4E3-04A16F8A0F4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exeFirewallRules: [{ACD0AF77-748B-48E1-83EC-7A681210E52F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exeFirewallRules: [{00A2FA84-2BF1-466F-B53E-04878FBBD674}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exeFirewallRules: [{DE55F606-61C7-40EA-A016-A65664160146}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exeFirewallRules: [{226563BD-5FDB-4A8C-A621-33923E443BE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exeFirewallRules: [{23FC8E7C-A89E-46F7-9615-EFAFE525D88C}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exeFirewallRules: [{22280B1B-FEDE-4133-B95C-3D1C7F9796B8}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exeFirewallRules: [{33828430-DFF2-49E6-9CDB-CB1149DA8454}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exeFirewallRules: [{E1C026C0-9382-428B-8AD9-E067AD82C945}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exeFirewallRules: [{87E47A94-95C3-47D3-8F48-ADF9CC934EED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [{5A7B2E56-B8B7-4782-B2B7-33328A3B7C19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [TCP Query User{AA1D5F71-323F-4A13-AA49-C331F0E31034}C:\kmsemutemp\kms.exe] => (Allow) C:\kmsemutemp\kms.exeFirewallRules: [uDP Query User{585C9A13-E750-44B4-BD44-CD15B77082E7}C:\kmsemutemp\kms.exe] => (Allow) C:\kmsemutemp\kms.exeFirewallRules: [{F66D11C8-AD47-40F0-B7A5-D40C4FBF14FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exeFirewallRules: [{220EF4B9-0311-4B59-9CFA-0F8572384C4F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exeFirewallRules: [{701F0969-09B7-46FA-960D-7FD298FA8058}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exeFirewallRules: [{48925169-B57B-4520-BFD1-7755E3F26A68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exeFirewallRules: [{F5F5C27B-EDBB-4190-B634-9EFCD107B755}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exeFirewallRules: [{FC2264A4-7739-4271-BFFB-6AE9F22C5F37}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exeFirewallRules: [{BE80F06A-9295-4314-B0EB-E3A6CCD91690}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exeFirewallRules: [{B9D03D6E-A935-45FF-9BAC-98F8BDED898A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exeFirewallRules: [{74541F6E-8E4D-49EA-8BA6-908AF31DE96B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exeFirewallRules: [{0880CC72-FE13-4A47-85C2-6C19554AEF44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exeFirewallRules: [{27CC6721-1878-45EB-A3B5-EDBF69B7E983}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exeFirewallRules: [{F46584D9-9AEF-4A05-9A7A-2C872C1924DE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exeFirewallRules: [{C9C10637-B6F8-4397-B297-989F09417843}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exeFirewallRules: [{0BE0EB43-2C90-4B50-A396-C9ECF20A961E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exeFirewallRules: [{93E58B6F-5EC6-4C22-8644-73E26F361AB1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exeFirewallRules: [{D002BCFC-789B-45B1-8917-6AB4F341B921}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exeFirewallRules: [{EB778E22-EE95-4708-BB5C-F6424CE71BCE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exeFirewallRules: [{E1F1A94E-9247-4F9C-A8F3-E74674A11D2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exeFirewallRules: [{E840AEAA-D652-4D90-BBB1-6942CB7BE1E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exeFirewallRules: [{4A670C2D-4B56-4D1E-842F-8EC54FBF8D16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exeFirewallRules: [{B52029F8-73A9-4F02-AFEE-26842C99EB42}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{5997FB29-044E-43A8-801B-D6A792AD8F4A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{0CC30443-CDE5-4AE5-BE3D-606F94A33CC4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{CF42CE57-E978-4DF6-BF6F-928745830FE3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [TCP Query User{AAA00B15-A789-4763-B393-6305FFBED8F6}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exeFirewallRules: [uDP Query User{5DD4F7E9-A7F1-42F3-91B7-1AAEF4C72FB1}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exeFirewallRules: [{502AF2F7-2776-4109-A846-1C3259500967}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exeFirewallRules: [{089A732B-5297-480B-8D6C-DF7C0E8A2681}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exeFirewallRules: [{0D5BF2A9-3F70-47A3-9001-6B76DD385726}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exeFirewallRules: [{C3C46925-9342-4541-9F49-43D5B88340AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exeFirewallRules: [TCP Query User{299D01A0-ACC4-450F-AE60-B018229092F0}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exeFirewallRules: [uDP Query User{D20DBA3D-B6E6-4C7A-B6C9-0E5C66DEB85E}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exeFirewallRules: [{521B2847-AC58-4F7C-AED9-7EB4812A1DD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeFirewallRules: [{C0B88324-20DC-4EE1-839F-09724A4B8B7A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeFirewallRules: [TCP Query User{E25293EA-5901-46FB-9505-5DEA430C022D}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Block) C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exeFirewallRules: [uDP Query User{57698604-7D4F-4FD5-8317-49C07C94B727}C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe] => (Block) C:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exeFirewallRules: [TCP Query User{B0C9EE81-0150-40B6-8574-D1D271866695}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exeFirewallRules: [uDP Query User{7A779A38-A7F4-48CD-85C4-EC3B98793FA3}C:\programdata\battle.net\agent\agent.3632\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3632\agent.exeFirewallRules: [{7E6E3DD4-8DF7-4533-828A-6B5D86562C3D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exeFirewallRules: [{BA5EFB87-2AE9-4E62-9CA1-DF82896575ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exeFirewallRules: [TCP Query User{EA977D73-3F57-40AD-AA94-8F1676235827}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [uDP Query User{691E45E1-13A5-4A06-820C-912BD2C61E1C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exeFirewallRules: [{FCEBF39B-6017-4B8E-92D8-2125567596EA}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{C2998EF4-6EBC-4119-B01C-ADECDC4A97A5}] => (Allow) D:\SteamLibrary\SteamApps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{B4575460-E952-4D0C-876C-BB98DCDD3957}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exeFirewallRules: [{64E0040C-2B91-4FAA-BAB7-E2B2213EF30A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exeFirewallRules: [TCP Query User{C7318007-BFC2-4F8C-81DE-FE6596CE179B}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Allow) C:\program files (x86)\pacificpoker\bin\poker.exeFirewallRules: [uDP Query User{B12C2B01-A0AF-4EBC-BEA8-0A4F3D3F1752}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Allow) C:\program files (x86)\pacificpoker\bin\poker.exeFirewallRules: [{6E353CF1-6CB6-447A-A5B7-3DA35CECF720}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exeFirewallRules: [{F8B4F0DC-B398-4598-AC23-668C20FA510B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exeFirewallRules: [{1ED5B0D6-4EC5-4EF3-91D4-74300942BC71}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exeFirewallRules: [{77CDABCB-6733-434C-8F94-88E0F85A8F2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exeFirewallRules: [TCP Query User{C1465DB9-3A5D-4538-B64D-F73A64F4896D}C:\users\1\desktop\sammywidgets_e_f\sammywidgets_e_f\sammywidgets.exe] => (Allow) C:\users\1\desktop\sammywidgets_e_f\sammywidgets_e_f\sammywidgets.exeFirewallRules: [uDP Query User{EB31A2CC-D975-436A-BA38-275657CE59D9}C:\users\1\desktop\sammywidgets_e_f\sammywidgets_e_f\sammywidgets.exe] => (Allow) C:\users\1\desktop\sammywidgets_e_f\sammywidgets_e_f\sammywidgets.exeFirewallRules: [{D3DBA624-A1B8-4AFE-B0D0-E74AF835FD5E}] => (Allow) D:\SteamLibrary\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exeFirewallRules: [{B06B0BB6-106D-40A5-AFF9-32A1555FDA07}] => (Allow) D:\SteamLibrary\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exeFirewallRules: [{2B7608A8-9803-46AC-9B9B-D71527E0F9F4}] => (Allow) D:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exeFirewallRules: [{BDF858C1-708C-4681-AAFB-5FD932A57FB6}] => (Allow) D:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exeFirewallRules: [{0B53083D-F432-4ABA-9DBD-113B0036E612}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exeFirewallRules: [{74CD190A-A4AA-4EF6-AD78-60359913091D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exeFirewallRules: [TCP Query User{FA8DDF91-4EB4-40F0-8F7E-915AC80FC48B}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3715\agent.exeFirewallRules: [uDP Query User{ADAF3978-BB8D-4646-94AD-D034B683EEBF}C:\programdata\battle.net\agent\agent.3715\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3715\agent.exeFirewallRules: [{FF571F1F-7828-4916-A169-6520E24468A3}] => (Allow) D:\SteamLibrary\SteamApps\common\H1Z1\LaunchPad.exeFirewallRules: [{DDA6F3C4-4AE4-4B53-8FF2-2723896DE82B}] => (Allow) D:\SteamLibrary\SteamApps\common\H1Z1\LaunchPad.exeFirewallRules: [TCP Query User{6955E30A-541F-4F61-AD96-D9688BBAEDA6}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exeFirewallRules: [uDP Query User{6616D667-193D-421C-BEAF-52B077CE633C}D:\steamlibrary\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\steamlibrary\steamapps\common\h1z1\h1z1.exeFirewallRules: [{DEEED4F3-B473-41EA-A90B-0D1B220C8DDC}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{4DA53B04-CF4B-47CE-BE70-EDCB70FC701F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{0B3E65FF-86A1-4FC0-BBE2-5852A343FFA2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{95BE68FB-669E-47B3-A2C4-2BD225F6DEE0}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exeFirewallRules: [{E60DC42F-9065-42D8-9B44-576484844D75}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exeFirewallRules: [{ACEE1296-6B84-4B63-ABF0-93576EE6E1A2}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exeFirewallRules: [{21C0E11E-40A8-4DA7-B4B5-7745D5DB7C2A}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exeFirewallRules: [{6C454DBD-6745-458B-B2AA-A63B9F3FA3DE}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exeFirewallRules: [{B5F57B03-86FD-453C-91E2-4F962B93FF73}] => (Allow) D:\SteamLibrary\SteamApps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exeFirewallRules: [{F58131E9-6FA8-438C-AAEB-092B1786BD9C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/19/2015 02:38:05 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x52e75292Faulting module name: MSVCR100.dll, version: 10.0.30319.460, time stamp: 0x4db13576Exception code: 0x40000015Fault offset: 0x0008cb95Faulting process ID: 0x1928Faulting application start time: 0xEasySettingsCmdServer.exe0Faulting application path: EasySettingsCmdServer.exe1Faulting module path: EasySettingsCmdServer.exe2Report ID: EasySettingsCmdServer.exe3Faulting package full name: EasySettingsCmdServer.exe4Faulting package-relative application ID: EasySettingsCmdServer.exe5 Error: (05/19/2015 00:41:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: USER)Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (05/17/2015 00:57:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (05/13/2015 00:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x52e75292Faulting module name: MSVCR100.dll, version: 10.0.30319.460, time stamp: 0x4db13576Exception code: 0x40000015Fault offset: 0x0008cb95Faulting process ID: 0xdc8Faulting application start time: 0xEasySettingsCmdServer.exe0Faulting application path: EasySettingsCmdServer.exe1Faulting module path: EasySettingsCmdServer.exe2Report ID: EasySettingsCmdServer.exe3Faulting package full name: EasySettingsCmdServer.exe4Faulting package-relative application ID: EasySettingsCmdServer.exe5 Error: (05/12/2015 09:07:01 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (05/10/2015 04:00:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) Error: (05/08/2015 05:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: SWMAgent.exe, version: 2.1.21.0, time stamp: 0x526518c7Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2Exception code: 0xc0000005Fault offset: 0x0001df63Faulting process ID: 0x380Faulting application start time: 0xSWMAgent.exe0Faulting application path: SWMAgent.exe1Faulting module path: SWMAgent.exe2Report ID: SWMAgent.exe3Faulting package full name: SWMAgent.exe4Faulting package-relative application ID: SWMAgent.exe5 Error: (05/08/2015 11:11:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: EasySettingsCmdServer.exe, version: 0.0.0.0, time stamp: 0x52e75292Faulting module name: MSVCR100.dll, version: 10.0.30319.460, time stamp: 0x4db13576Exception code: 0x40000015Fault offset: 0x0008cb95Faulting process ID: 0x178cFaulting application start time: 0xEasySettingsCmdServer.exe0Faulting application path: EasySettingsCmdServer.exe1Faulting module path: EasySettingsCmdServer.exe2Report ID: EasySettingsCmdServer.exe3Faulting package full name: EasySettingsCmdServer.exe4Faulting package-relative application ID: EasySettingsCmdServer.exe5 Error: (05/06/2015 03:55:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: USER)Description: Application or service 'Microsoft Office Document Cache Sync Client Interface' could not be shut down. Error: (05/03/2015 07:03:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: The volume Recovery was not optimised because an error was encountered: The parameter is incorrect. (0x80070057) System errors:=============Error: (05/19/2015 02:47:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 02:39:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 02:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 02:38:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 02:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 00:42:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 00:34:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 03:41:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/19/2015 00:53:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The avast! HardwareID service failed to start due to the following error: %%127 Error: (05/18/2015 11:57:48 PM) (Source: volsnap) (EventID: 36) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Microsoft Office Sessions:=========================Error: (05/19/2015 02:38:05 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EasySettingsCmdServer.exe0.0.0.052e75292MSVCR100.dll10.0.30319.4604db13576400000150008cb95192801d0923907a3c050C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\MSVCR100.dll469e1b8d-fe2c-11e4-bee3-50b7c379e726 Error: (05/19/2015 00:41:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: USER)Description: 3C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exeMicrosoft Office Document Cache Sync Client Interface023172992243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (05/17/2015 00:57:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: RecoveryThe parameter is incorrect. (0x80070057) Error: (05/13/2015 00:46:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: EasySettingsCmdServer.exe0.0.0.052e75292MSVCR100.dll10.0.30319.4604db13576400000150008cb95dc801d08d72709709f3C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\MSVCR100.dllaf88aa29-f965-11e4-bee2-c8f733236be8 Error: (05/12/2015 09:07:01 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (05/10/2015 04:00:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: RecoveryThe parameter is incorrect. (0x80070057) Error: (05/08/2015 05:22:29 PM) (Source: Application Error) (EventID: 1000) (User: )Description: SWMAgent.exe2.1.21.0526518c7ntdll.dll6.3.9600.17736550f42c2c00000050001df6338001d08865a73b91d4C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\WINDOWS\SYSTEM32\ntdll.dll6bb0e827-f59e-11e4-bee1-c8f733236be8 Error: (05/08/2015 11:11:26 AM) (Source: Application Error) (EventID: 1000) (User: )Description: EasySettingsCmdServer.exe0.0.0.052e75292MSVCR100.dll10.0.30319.4604db13576400000150008cb95178c01d0897756f3a92aC:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exeC:\Program Files (x86)\Samsung\Settings\CmdServer\MSVCR100.dll95dcda87-f56a-11e4-bee1-c8f733236be8 Error: (05/06/2015 03:55:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: USER)Description: 10C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exeMicrosoft Office Document Cache Sync Client Interface0210178856243003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065002000310035005C0072006F006F0074005C007600660073005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800380036005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310035005C00630032007200330032002E0064006C006C00000043003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B00650072000000 Error: (05/03/2015 07:03:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )Description: RecoveryThe parameter is incorrect. (0x80070057) ==================== Memory info =========================== Processor: Intel® Core i7-3635QM CPU @ 2.40GHzPercentage of memory in use: 27%Total physical RAM: 7893.53 MBAvailable physical RAM: 5753.37 MBTotal Pagefile: 9173.54 MBAvailable Pagefile: 7011 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:60 GB) (Free:2.49 GB) NTFSDrive d: (Data) (Fixed) (Total:172.37 GB) (Free:45.55 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ========================================================Disk: 1 (Size: 7.5 GB) (Disk ID: 83D0E1F9) Partition: GPT Partition Type. ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.