Hi Firef;y
2 logs as requested - FRST first
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Kerlin (administrator) on KERLIN-LAPTOP (04-08-2015 19:05:38)
Running from C:\Users\Kerlin\Desktop
Loaded Profiles: Kerlin (Available Profiles: Kerlin & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(
http://www.ruby-lang.org/) C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\bin\rubyw.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(
http://www.ruby-lang.org/) C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\rubyw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\pia_manager\openvpn.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoftware) C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-20] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-06] (Avast Software s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\...\Run: [bitsager] => C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe [275696 2015-07-09] (Filtro In Rame)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-01-11]
ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2012-10-08]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-04-21]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2015-06-07]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
Startup: C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2012-07-23]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-24] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.firstshowing.net/http://www.firstshowing.net/category/starwars/http://www.v8supercar.com.au/https://kat.ph/http://www.autogate.com.au/HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {135D64EC-4B5A-47F4-85ED-7EDA758026BB} URL =
http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=lbar
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {2E737BA2-0293-4C3E-A074-83D4151AA669} URL =
http://search.us.com/serp?guid={07443993-C6FB-4891-8752-942F6182D233}&k={searchTerms}
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {4790D5F0-656C-41E9-9681-BA49B6DA6506} URL =
https://au.search.yahoo.com/search?fr=c ... =994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-24] (Avast Software s.r.o.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: news.net -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> C:\Program Files\BreakingNews\x64\ScriptHost.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-24] (Avast Software s.r.o.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2429091067-2142817945-3690742074-1000 -> No Name - {B0413D78-327A-4F9F-86AC-E872D7FE86F9} - No File
DPF: HKLM-x32 {1EAF0371-58DE-479D-95F0-8888F82FBDB7}
http://auweb.liveblockauctions.com/v5/i ... uncher.cabDPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7}
http://videocast.manheim.com.au/lib/LiveSound.dllDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
https://support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468}
http://www.kaboodleplanner.com.au/Core/ ... _Win32.cabDPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3}
http://xserv.dell.com/DellDriverScanner/DellSystem.CABTcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{110F5F90-DFD5-4971-8001-2E1C295F5F96}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ADF488E0-B83E-44A6-A3D3-CE1B38D31698}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{FD0E44EB-0910-47F0-9A2C-CF61164C4E90}: [DhcpNameServer] 209.222.18.222 209.222.18.218
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer 11\iexplorer.exe
FireFox:
========
FF ProfilePath: C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL:
https://au.search.yahoo.com/search?fr=g ... =994519&p=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF SearchPlugin: C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default\searchplugins\yahoo_ff.xml [2015-06-22]
FF Extension: LAILoader - C:\Users\Kerlin\AppData\Roaming\Mozilla\Firefox\Profiles\y5yjqdqe.default\Extensions\lailo@liveblockauctions.com [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]
Chrome:
=======
CHR Profile: C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-09]
CHR Extension: (Docs) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-30]
CHR Extension: (Google Drive) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-30]
CHR Extension: (YouTube) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-30]
CHR Extension: (Google Search) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-30]
CHR Extension: (Box Rock) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbpjlglfgfbjmoimmpkjjbkodjcddek [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-09]
CHR Extension: (Google Wallet) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-30]
CHR Profile: C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Video Downloader professional) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-22]
CHR Extension: (Avast SafePrice) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-01-29]
CHR Extension: (CouchPotato) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jochingjncojldfclaicaomboafaiong [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kerlin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-03-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-24] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-24] (Avast Software)
R2 HPSLPSVC; C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2000-01-01] (Realtek Semiconductor)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
R2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 ackaxfnrcw32; C:\Program Files\010\ackaxfnrcw32.exe run options=00100010100000000000000000000000 source=D2D41557-698B-4E0B-8AD2-7EC2A2E45321 [X]
S2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [X]
S3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [X]
S4 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [X]
S4 xTjKDRcFDB; "C:\ProgramData\uXxpPZKaGR\xTjKDRcFDB.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-24] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-24] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2000-01-01] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-24] (Avast Software)
S3 cpuz134; \??\C:\Users\Kerlin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-04 19:05 - 2015-08-04 19:06 - 00023282 _____ C:\Users\Kerlin\Desktop\FRST.txt
2015-08-04 19:05 - 2015-08-04 19:05 - 00000000 ____D C:\FRST
2015-08-04 19:04 - 2015-08-04 19:04 - 02169856 _____ (Farbar) C:\Users\Kerlin\Desktop\FRST64.exe
2015-08-02 13:24 - 2015-08-02 13:24 - 01782870 _____ C:\Users\Kerlin\Desktop\desktop.bmp
2015-08-01 15:01 - 2015-08-01 15:01 - 00453447 _____ C:\Users\Kerlin\Desktop\mbam.txt
2015-08-01 14:03 - 2015-08-03 19:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-01 14:03 - 2015-08-01 14:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-01 14:03 - 2015-08-01 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 14:02 - 2015-08-01 14:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-01 14:02 - 2015-08-01 14:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-01 14:02 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-01 14:02 - 2015-06-18 08:52 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-01 14:02 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-01 14:01 - 2015-08-01 14:01 - 00006738 _____ C:\Users\Kerlin\Desktop\AdwCleaner[R1].txt
2015-08-01 13:31 - 2015-08-01 13:32 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Kerlin\Desktop\mbam-setup.exe
2015-08-01 13:28 - 2015-08-01 13:29 - 02248704 _____ C:\Users\Kerlin\Desktop\adwcleaner_4.208.exe
2015-07-31 18:00 - 2015-07-31 18:00 - 00001638 _____ C:\Users\Kerlin\Desktop\ckfiles.txt
2015-07-31 17:29 - 2015-07-31 17:29 - 00000000 ____D C:\MGADiagToolOutput
2015-07-31 17:28 - 2015-07-31 17:28 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2015-07-31 17:27 - 2015-07-31 17:27 - 02031992 _____ (Microsoft Corporation) C:\Users\Kerlin\Desktop\MGADiag.exe
2015-07-31 17:27 - 2015-07-31 17:27 - 00468480 _____ () C:\Users\Kerlin\Desktop\CKScanner.exe
2015-07-28 20:27 - 2015-07-28 20:27 - 00024506 _____ C:\Users\Kerlin\Desktop\dds.txt
2015-07-28 20:27 - 2015-07-28 20:27 - 00009524 _____ C:\Users\Kerlin\Desktop\attach.txt
2015-07-28 20:17 - 2015-07-28 20:17 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KERLIN-LAPTOP-Windows-7-Professional-(64-bit).dat
2015-07-28 20:14 - 2015-07-28 20:14 - 00000000 ____D C:\RegBackup
2015-07-28 20:13 - 2015-07-28 20:13 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-28 20:13 - 2015-07-28 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-28 20:13 - 2015-07-28 20:13 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-28 20:11 - 2015-07-28 20:12 - 04720448 _____ C:\Users\Kerlin\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-27 21:54 - 2015-08-01 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-26 15:52 - 2015-07-26 15:52 - 00688992 _____ (Swearware) C:\Users\Kerlin\Downloads\dds (4).scr
2015-07-26 15:51 - 2015-07-26 15:51 - 00688992 ____R (Swearware) C:\Users\Kerlin\Downloads\dds (3).scr
2015-07-26 12:46 - 2015-07-26 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-26 12:45 - 2015-07-26 12:46 - 00000000 ____D C:\Program Files\iTunes
2015-07-26 12:45 - 2015-07-26 12:45 - 00000000 ____D C:\Program Files\iPod
2015-07-16 20:57 - 2015-07-16 20:57 - 00000000 ____D C:\Users\Kerlin\.MakeMKV
2015-07-13 18:14 - 2015-07-13 18:14 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\17396
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Users\Kerlin\Documents\DVDFab9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\DVDFab9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-07-12 19:55 - 2015-07-12 19:55 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2015-07-12 15:53 - 2015-07-12 16:00 - 62602552 _____ (Fengtao Software Inc. ) C:\Users\Kerlin\Downloads\DVDFab9202.exe
2015-07-12 15:53 - 2015-07-12 15:53 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2015-07-12 15:53 - 2015-07-12 15:53 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2015-07-12 15:51 - 2015-07-12 15:52 - 08120500 _____ (GuinpinSoft inc) C:\Users\Kerlin\Downloads\Setup_MakeMKV_v1.9.4.exe
2015-07-12 11:45 - 2015-07-12 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-09 07:38 - 2015-07-09 07:38 - 00275696 _____ (Filtro In Rame) C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe
2015-07-08 17:14 - 2015-07-08 17:14 - 00030860 _____ C:\Users\Kerlin\Downloads\NCM TENDER JUL_06_20152 (1).xlsx
2015-07-08 17:11 - 2015-07-08 17:11 - 00035256 _____ C:\Users\Kerlin\Downloads\Tender Master.xlsx
2015-07-08 17:00 - 2015-07-08 19:15 - 00288768 _____ C:\Users\Kerlin\Downloads\Online Activity Reort.xls
2015-07-08 16:57 - 2015-07-08 16:57 - 00030860 _____ C:\Users\Kerlin\Downloads\NCM TENDER JUL_06_20152.xlsx
2015-07-06 20:10 - 2015-07-06 20:10 - 00790826 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-06 19:30 - 2015-07-06 19:50 - 23735712 _____ (Softland) C:\Users\Kerlin\Downloads\dopdf-full.exe
2015-07-05 12:42 - 2015-07-05 12:42 - 00000000 ____D C:\Users\Kerlin\.dvdcss
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-04 18:49 - 2014-03-30 12:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88.job
2015-08-04 18:37 - 2012-07-23 20:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 12:59 - 2013-05-30 18:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 12:30 - 2012-07-17 18:03 - 01511881 _____ C:\Windows\WindowsUpdate.log
2015-08-02 13:31 - 2009-07-14 14:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-02 13:31 - 2009-07-14 14:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-01 13:58 - 2015-01-04 13:28 - 00000000 ____D C:\AdwCleaner
2015-08-01 13:44 - 2009-07-14 15:13 - 00805282 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 13:37 - 2015-06-15 01:00 - 00002704 _____ C:\Windows\setupact.log
2015-08-01 13:37 - 2012-07-22 18:04 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-01 13:37 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-01 13:35 - 2012-07-24 20:59 - 00183974 _____ C:\Windows\PFRO.log
2015-08-01 13:35 - 2012-07-23 19:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-01 13:28 - 2012-07-23 07:38 - 00000000 ____D C:\Users\Kerlin\Documents\Outlook Files
2015-08-01 13:21 - 2012-07-23 19:39 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Azureus
2015-08-01 13:20 - 2013-08-25 09:23 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\TuneUpMedia
2015-08-01 13:18 - 2013-03-03 06:58 - 00000000 ____D C:\Users\hedev
2015-08-01 13:18 - 2012-07-23 19:29 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\Mozilla
2015-08-01 13:17 - 2012-07-26 17:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-01 13:17 - 2012-07-26 17:52 - 00000000 ____D C:\ProgramData\Adobe
2015-07-26 12:45 - 2012-09-16 08:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-26 12:45 - 2012-09-16 08:37 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 15:29 - 2012-09-09 11:59 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\vlc
2015-07-16 20:57 - 2012-07-17 18:08 - 00000000 ____D C:\Users\Kerlin
2015-07-16 12:41 - 2014-03-30 12:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88
2015-07-16 12:41 - 2013-05-30 18:09 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 05:37 - 2012-07-23 20:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 05:37 - 2012-07-23 20:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 05:37 - 2012-07-23 20:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-12 15:49 - 2013-02-15 06:18 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\DVD Flick
2015-07-12 12:02 - 2015-02-22 12:12 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-12 11:45 - 2013-06-02 10:00 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-06 21:30 - 2015-01-23 19:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-05 12:41 - 2013-06-13 07:29 - 00000000 ____D C:\Users\Kerlin\AppData\Roaming\dvdcss
==================== Files in the root of some directories =======
2009-02-13 10:02 - 2009-02-13 10:02 - 0080896 _____ (Microsoft Corporation) C:\Program Files\devcon_amd64.exe
2012-09-14 06:32 - 2012-09-14 06:32 - 0000272 _____ () C:\Users\Kerlin\AppData\Roaming\.backup.dm
2015-07-09 07:38 - 2015-07-09 07:38 - 0275696 _____ (Filtro In Rame) C:\Users\Kerlin\AppData\Roaming\adtshlEx.exe
2013-06-29 17:41 - 2013-06-29 17:41 - 0000037 ___SH () C:\Users\Kerlin\AppData\Local\70149b02515b3bb20dd492.47983420
2013-06-02 09:24 - 2013-06-02 09:24 - 0000292 _____ () C:\Users\Kerlin\AppData\Local\HamsterBookConverter.cfg
2014-12-26 09:34 - 2014-12-26 09:34 - 0628496 _____ (CMI Limited) C:\Users\Kerlin\AppData\Local\nsp36DA.tmp
2012-07-24 18:58 - 2013-12-15 09:19 - 0007663 _____ () C:\Users\Kerlin\AppData\Local\resmon.resmoncfg
2010-11-21 13:24 - 2010-11-21 13:24 - 0050176 _____ () C:\ProgramData\mstbsvroj.exe
Files to move or delete:
====================
C:\ProgramData\mstbsvroj.exe
Some files in TEMP:
====================
C:\Users\Kerlin\AppData\Local\Temp\i4jdel1.exe
C:\Users\Kerlin\AppData\Local\Temp\i4jdel2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-02 00:19
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Kerlin (2015-08-04 19:06:31)
Running from C:\Users\Kerlin\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2429091067-2142817945-3690742074-500 - Administrator - Disabled)
Guest (S-1-5-21-2429091067-2142817945-3690742074-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2429091067-2142817945-3690742074-1002 - Limited - Enabled)
Kerlin (S-1-5-21-2429091067-2142817945-3690742074-1000 - Administrator - Enabled) => C:\Users\Kerlin
UpdatusUser (S-1-5-21-2429091067-2142817945-3690742074-1003 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Any Video Converter Ultimate 4.5.3 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CleanMyPhone (build 1.3.3) (HKLM-x32\...\CleanMyPhone_is1) (Version: - )
DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVDFab 9.2.0.2 (10/06/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.00 - Philipp Winterberg)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)
FreeFileSync 5.10 (HKLM-x32\...\FreeFileSync) (Version: 5.10 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer 11 (HKLM-x32\...\{66732EEE-ECBC-4CA6-A474-1122}_is1) (Version: - Microsoft Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
JPEG Lossless Rotator 9.2 (HKLM\...\JPEG Lossless Rotator_is1) (Version: - Anny)
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
MakeMKV v1.9.4 (HKLM-x32\...\MakeMKV) (Version: v1.9.4 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyHarmony (HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NAPS2 2.6.3 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
NVIDIA 3D Vision Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Serviio (HKLM\...\Serviio) (Version: - )
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimComputer (HKLM-x32\...\{9F12F452-E819-401B-B1F0-8B73CAC049D1}) (Version: 1.3.23129 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{EFC3724F-73A8-4BF6-B69F-313EC03A42B3}) (Version: 2.2.22316 - SlimWare Utilities, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.20 - Western Digital)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
06-07-2015 20:20:23 doPDF 8
06-07-2015 21:25:24 doPDF 8
14-07-2015 00:00:04 Scheduled Checkpoint
22-07-2015 07:29:35 Scheduled Checkpoint
28-07-2015 20:19:33 before malware fix
01-08-2015 13:15:37 Removed Adobe Reader X (10.1.15).
01-08-2015 13:22:37 Removed Private Internet Access Support Files
01-08-2015 13:23:39 Removed Java 7 Update 51
01-08-2015 13:25:33 Removed Java(TM) 6 Update 22 (64-bit)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EE22C34-DA46-4A4F-9695-252E5F998960} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {2EF1F1DF-81DE-4E8A-AA57-57ED57E444D0} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2012-07-18] (SlimWare Utilities, Inc.)
Task: {42AA4FA1-9854-4ED4-9B83-E72348AD4177} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {65766224-9442-401B-8095-6C62A86118B5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {657CBE3B-019B-42A6-90DC-0F1E3B324BB1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {73670356-C527-4AC3-9611-19026747A0DC} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
Task: {9B341374-BDF4-499F-AE41-A42D651846BD} - \FellowSky\FellowSky No Task File <==== ATTENTION
Task: {9FE94936-08C3-4F68-B23D-C956893B9EFA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A7C6DBE9-D716-405D-9C70-4FD44311A118} - System32\Tasks\{4943610C-187A-452D-ADC6-D5BBACCBAC3B} => pcalua.exe -a C:\Users\Kerlin\Downloads\SABnzbd-0.7.20-win32-setup.exe -d C:\Users\Kerlin\Downloads
Task: {AE83EB35-A10E-4628-B261-CD77356AC243} - System32\Tasks\{E21F4D4C-CDB6-49EE-89CD-A2301F1D2180} => pcalua.exe -a E:\autoRcd.exe -d E:\
Task: {C1EE5FE7-3347-429D-AEBA-431129D9971C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C6BFAA54-267E-4C75-B7E3-2DAEC76A044E} - System32\Tasks\{C3515804-0D0E-449E-8FDC-93082371D942} => pcalua.exe -a "C:\Users\Kerlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQS5YAGD\Video_Nvidia_W74_A10_Setup_RXD7P_ZPE[1].exe" -d C:\Users\Kerlin\Desktop
Task: {CE5C25B9-99D9-4DFE-947A-7C0079475A8F} - System32\Tasks\{57BA10DB-D001-40E3-A0DE-7F45C8582813} => pcalua.exe -a C:\Users\Kerlin\Downloads\USB3_Renesas_W7_A03_Setup-61X2W_ZPE.exe -d C:\Users\Kerlin\Downloads
Task: {D0E2EFB2-6989-4A58-B0A0-61AC667E9DF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {DC50442F-238D-491C-8B01-781F85484C6E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-06-30] ()
Task: {E833AD34-56A5-490C-952A-7597E617595A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F054899B-6BEC-4203-B3E9-ECE075667B2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-30] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4bc39ce5ad88.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
==================== Loaded Modules (Whitelisted) ==============
2012-07-22 18:03 - 2013-03-15 14:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-20 21:35 - 2015-01-20 21:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-03-21 18:54 - 2015-03-21 18:54 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-07-22 17:59 - 2011-07-19 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00104960 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-03-21 18:54 - 2015-03-21 18:54 - 00368640 _____ () C:\Program Files\Serviio\bin\ServiioConsole.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-06-30 17:35 - 2015-06-30 17:39 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-04-24 07:09 - 2015-04-24 07:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-24 07:09 - 2015-04-24 07:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-01 13:34 - 2015-08-01 13:34 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073103\algo.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-03-14 11:38 - 2015-03-14 11:38 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00053248 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00671744 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00294912 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00102400 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00013824 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00036864 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00057344 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00007168 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00037888 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00086016 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00049152 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00546205 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2015-06-07 15:30 - 2015-06-07 15:30 - 00008192 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00012288 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00135168 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00040960 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00110592 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00014848 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00024576 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00019968 _____ () C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00155648 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2015-06-07 15:30 - 2015-06-07 15:30 - 00176128 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-08-01 13:38 - 2015-08-01 13:38 - 00012800 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00009728 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00014848 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-01 13:37 - 2015-08-01 13:37 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\src\rgloader\rgloader193.mswin.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00009216 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00126976 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00087552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00016384 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-01 13:38 - 2015-08-01 13:38 - 00127316 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\bin\libffi-6.dll
2015-08-01 13:39 - 2015-08-01 13:39 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00013312 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00095744 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-01 13:39 - 2015-08-01 13:39 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrB9CC.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-07-06 20:18 - 2015-07-06 20:18 - 00171008 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6cf2c1c750318204fc1dddd118eca040\IsdiInterop.ni.dll
2012-07-24 20:32 - 2011-02-18 08:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00012800 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00009728 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00014848 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\src\rgloader\rgloader193.mswin.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00094208 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00118784 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00069120 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00083968 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\zlib1.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00275968 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00015360 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008192 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00009216 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00023552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00008704 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00036352 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00126976 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00087552 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-01 13:42 - 2015-08-01 13:42 - 00016384 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00127316 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\bin\libffi-6.dll
2015-08-01 13:41 - 2015-08-01 13:41 - 00013312 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-01 13:41 - 2015-08-01 13:41 - 00095744 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-01 13:42 - 2015-08-01 13:43 - 00026624 _____ () C:\Users\Kerlin\AppData\Local\Temp\ocrAF70.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2012-12-17 06:44 - 2000-01-01 10:00 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-06-30 17:35 - 2015-06-30 17:39 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 39149568 _____ () C:\Program Files (x86)\Internet Explorer 11\libcef.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 01379328 _____ () C:\Program Files (x86)\Internet Explorer 11\libglesv2.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 00176128 _____ () C:\Program Files (x86)\Internet Explorer 11\libegl.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 08929280 _____ () C:\Program Files (x86)\Internet Explorer 11\pdf.dll
2015-03-30 00:52 - 2015-02-26 23:18 - 00968704 _____ () C:\Program Files (x86)\Internet Explorer 11\ffmpegsumo.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
AlternateDataStreams: C:\Users\Kerlin\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Kerlin\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2429091067-2142817945-3690742074-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kerlin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{EF4E2CA9-189E-43A4-BFC6-52333ECDD34B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{6427E243-72F6-4DDD-BB2B-13B13C6E44C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C1BEF1A8-CCFF-48BE-AA9C-9D569631F217}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{55C4CA76-B1FE-41EE-953E-D382C1C32229}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{2D2BFC86-9026-4551-8FE9-80033667CBF6}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{3AE1D3C1-9258-4AB1-B716-B0CE458861C6}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{0ECDC335-8D6B-4FEA-A1D6-1922CDDC8380}] => (Allow) C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hppiw.exe
FirewallRules: [{F57D8C76-BB1F-42C1-807A-A245E6BBBDB0}] => (Allow) C:\Users\Kerlin\AppData\Local\Temp\7zS0B29\hppiw.exe
FirewallRules: [TCP Query User{E988F878-9B81-4FDD-81AC-5D11E6BFDBF2}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{488014D2-06EA-4A29-B55D-BDBB61625461}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [TCP Query User{C24B8680-C129-4724-B265-E9B407A5AB8A}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{6D4E3548-0062-4AC3-8F91-B75DCE0A13CF}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [TCP Query User{4E16F515-9165-48BF-AF3E-8E2C1A44EB88}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{8B83D6A9-D28C-458E-95E4-EC3FABCE9198}C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\kerlin\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [{04F6B718-D1AD-4857-AC6A-3C552650FFD4}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{7D7816C1-0FD1-4640-9142-9A89E13ADF02}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{78A5C9B6-9497-4EC3-BA52-E5D4825ECA9B}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{B45B95AB-9BB6-4098-AF6F-D4E1730C0898}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{543B5F1F-576F-4DC6-9E0C-42C8571E7F58}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{57278E6B-57BB-42D6-9EA6-91B6FAFD934E}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{B04865D3-ADAE-4AD7-873F-1DD9E72C4FE9}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{18BDB6A9-DB74-4E51-9562-23AD42F5AF70}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{2167BF9E-441F-4E3A-9640-70B1980676E9}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [{F750A9F2-FB98-4E3D-B9F0-438585620DF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25927F27-E11A-43B0-880A-122458DCC575}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF205C26-57F0-4612-8E38-ACA19DAEBCC0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{64BF6834-BD4F-4F8A-9DA2-C36EC4D5D407}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1AEA7E6-F3A2-481B-8EDB-D24BF63FAFC1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2FFDAEDC-5A71-4C65-9FF6-5AAAEC85D724}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B3C47AF7-121E-4647-929B-6144EDFEA59D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{55BE75F3-A17D-475A-96BE-328443D3C18C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{AE804EF9-E5B9-4369-827C-BEB3AD17AA97}C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{BF6C4B3B-6388-4B5D-B627-6E61C4B197D2}C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\kerlin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{021A62E9-861B-4A14-8F78-8034548294C5}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{0DE92E4A-1943-46DA-8BE9-F55BD6D72127}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{733E1E58-1C34-4325-AB00-153CF7C64685}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{D5BD4634-D5AA-4871-A715-4929905D5E94}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{A3B469CD-977C-4457-BEE8-B30F5155DE2B}] => (Allow) C:\Users\Kerlin\AppData\Local\TNT2\2.0.0.1918\TNT2User.exe
FirewallRules: [{4281C4FD-0726-4BA7-9FF8-170FA4660370}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AAC456F-CB34-41DF-B8C0-583DC0953A77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{818E5CDA-72E9-49C1-B43A-4637C41138CB}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{5DDEF11F-4099-45C7-B3C7-37282C2E60C3}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [{67F89B70-8707-4F77-A12F-028D2847E400}] => (Allow) C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
FirewallRules: [{AA07B68B-BA6C-4A83-A1C2-7DE386838FF3}] => (Allow) C:\Program Files (x86)\Windows Audio\R1\WmiPrvSD.exe
FirewallRules: [TCP Query User{D9668256-F24A-418B-B3EC-C6BFA77A05C5}C:\program files\serviio\jre\bin\javaw.exe] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [UDP Query User{EF60E6F6-9D3D-4DE1-A9EE-BB4D8F049D90}C:\program files\serviio\jre\bin\javaw.exe] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{13AFCEF5-D1F2-453F-BE27-E0DEFF8860B2}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{E35AE08C-03FD-4D3E-9180-0EA0503E9BAA}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{3337009D-06A0-4463-BAAD-CA5A5C93C2BC}] => (Allow) C:\Program Files\Serviio\bin\ServiioConsole.exe
FirewallRules: [TCP Query User{5BE4189D-06CF-402B-BA01-14B2241F8D62}C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [UDP Query User{17930995-BACF-4723-9733-99B47E86B3B3}C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\kerlin\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [{F438967D-300F-40B7-B9D0-9FF9DAC13C41}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{018301A5-B359-4915-B4CA-9A2688839289}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{671E89D8-3EF0-429D-A9F8-E9B4A60FA342}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E4169D3D-26A4-4124-A835-0E34AA7C817C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
==================== Faulty Device Manager Devices =============
Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: wpnfd_1_10_0_1
Description: wpnfd_1_10_0_1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: wpnfd_1_10_0_1
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2015 07:00:08 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).
Error: (08/01/2015 01:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/28/2015 08:08:40 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).
Error: (07/28/2015 08:08:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).
Error: (07/28/2015 08:08:22 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).
Error: (07/28/2015 08:07:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031).
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
System errors:
=============
Error: (08/01/2015 01:43:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Error: (08/01/2015 01:43:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (08/01/2015 01:38:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd
wpnfd_1_10_0_1
Error: (08/01/2015 01:37:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Device Monitor service failed to start due to the following error:
%%2
Error: (08/01/2015 01:37:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ackaxfnrcw32 service failed to start due to the following error:
%%2
Error: (07/20/2015 07:16:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (07/20/2015 07:14:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (07/17/2015 03:29:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (07/13/2015 06:13:57 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.
Error: (07/12/2015 08:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Microsoft Office:
=========================
Error: (08/02/2015 07:00:08 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)
Error: (08/01/2015 01:38:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/28/2015 08:08:40 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)
Error: (07/28/2015 08:08:28 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)
Error: (07/28/2015 08:08:22 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)
Error: (07/28/2015 08:07:25 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Windows Backup failed while determining libraries location of one of the users included in backup. (0x81000031)
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (07/26/2015 12:50:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
CodeIntegrity:
===================================
Date: 2012-09-02 12:05:31.270
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-09-02 12:05:15.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-09-02 11:19:07.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-08-27 18:43:09.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-08-27 18:42:57.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2860QM CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8086.17 MB
Available physical RAM: 4543.89 MB
Total Virtual: 16170.52 MB
Available Virtual: 10872.01 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.63 GB) (Free:11.32 GB) NTFS
Drive d: (Vuze) (Fixed) (Total:698.54 GB) (Free:617.22 GB) NTFS
Drive r: (2tb3) (Fixed) (Total:1862.98 GB) (Free:6.87 GB) NTFS
Drive y: (Movies) (Fixed) (Total:1863.01 GB) (Free:770.18 GB) NTFS
Drive z: (Movie Book) (Fixed) (Total:3725.99 GB) (Free:376.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 698.6 GB) (Disk ID: CA60F336)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or
(Size: 698.6 GB) (Disk ID: 7387B785)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 6181F547)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 1C58AE47)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of log ============================