Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Cannot uninstall tv wizard from computer
Message
<blockquote data-quote="babaloupa" data-source="post: 284925" data-attributes="member: 29616"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014</p><p>Ran by Bella (administrator) on BELLA-PC on 26-10-2014 10:41:52</p><p>Running from C:\Users\Bella\Downloads</p><p>Loaded Profile: Bella (Available profiles: Bella)</p><p>Platform: Windows 7 Home Premium (X64) OS Language: English (United States)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe</p><p>(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe</p><p>(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxext.exe</p><p>(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe</p><p>(Microsoft Corporation) C:\Windows\System32\CISVC.EXE</p><p>(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac</p><p>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe</p><p>(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe</p><p>(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [] => [X]</p><p>HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)</p><p>HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-20] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon</p><p>HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)</p><p>HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()</p><p>HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)</p><p>HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)</p><p>HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)</p><p>Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-1044241667-917603167-2797466746-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer:</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}" target="_blank">https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.com/ig?brand=TSNA&bmod=TSNA" target="_blank">http://www.google.com/ig?brand=TSNA&bmod=TSNA</a></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://www.google.com/ig?brand=TSNA&bmod=TSNA" target="_blank">http://www.google.com/ig?brand=TSNA&bmod=TSNA</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="https://ca.yahoo.com?fr=hp-avast&type=avastbcl" target="_blank">https://ca.yahoo.com?fr=hp-avast&type=avastbcl</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = <a href="https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}" target="_blank">https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = <a href="https://ca.yahoo.com?fr=hp-avast&type=avastbcl" target="_blank">https://ca.yahoo.com?fr=hp-avast&type=avastbcl</a></p><p>StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe</p><p>SearchScopes: HKLM - DefaultScope {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA</a></p><p>SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKLM - {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA</a></p><p>SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = <a href="https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}" target="_blank">https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}</a></p><p>SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = <a href="https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}" target="_blank">https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}</a></p><p>SearchScopes: HKCU - DefaultScope {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA</a></p><p>SearchScopes: HKCU - {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = <a href="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA" target="_blank">http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA</a></p><p>BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)</p><p>BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)</p><p>BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)</p><p>BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)</p><p>Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File</p><p>Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File</p><p>Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File</p><p>DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} <a href="http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab" target="_blank">http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab</a></p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{A5901E20-427E-4D27-B328-AD8A98F6FF64}: [NameServer] 0.0.0.0</p><p>Tcpip\..\Interfaces\{F447F826-232F-4087-B3E5-7BBBD96D5BAE}: [NameServer] 0.0.0.0</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\77ptt2qu.default-1413647069098</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bella\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml</p><p>FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-mx.xml</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]</p><p>FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:wrc@avast.com">wrc@avast.com</a>] - C:\Program Files\AVAST Software\Avast\WebRep\FF</p><p>FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-23]</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)</p><p>R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-26] (SurfRight B.V.)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()</p><p>R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)</p><p>R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)</p><p>R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()</p><p>R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software)</p><p>R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)</p><p>R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)</p><p>R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()</p><p>R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)</p><p>S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-10-26 10:41 - 2014-10-26 10:42 - 00017888 _____ () C:\Users\Bella\Downloads\FRST.txt</p><p>2014-10-26 10:41 - 2014-10-26 10:41 - 00000000 ____D () C:\FRST</p><p>2014-10-26 10:39 - 2014-10-26 10:39 - 02113024 _____ (Farbar) C:\Users\Bella\Downloads\FRST64.exe</p><p>2014-10-26 10:05 - 2014-10-26 10:05 - 00008050 _____ () C:\windows\system32\.crusader</p><p>2014-10-26 09:53 - 2014-10-26 10:08 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-10-26 09:53 - 2014-10-26 09:53 - 00001864 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-10-26 09:52 - 2014-10-26 09:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro_x64.exe</p><p>2014-10-26 09:49 - 2014-10-26 09:50 - 10280824 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro.exe</p><p>2014-10-25 07:08 - 2014-10-25 07:08 - 00283984 _____ () C:\windows\Minidump\102514-26442-01.dmp</p><p>2014-10-23 21:37 - 2014-10-23 21:38 - 00283984 _____ () C:\windows\Minidump\102314-19952-01.dmp</p><p>2014-10-20 08:24 - 2014-10-20 08:24 - 00283984 _____ () C:\windows\Minidump\102014-20202-01.dmp</p><p>2014-10-18 09:17 - 2014-10-26 10:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-10-18 09:17 - 2014-10-18 09:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-10-18 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys</p><p>2014-10-18 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys</p><p>2014-10-18 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys</p><p>2014-10-18 09:13 - 2014-10-18 09:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bella\Downloads\mbam-setup-2.0.3.1025.exe</p><p>2014-10-18 08:54 - 2014-10-18 08:54 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000(1).exe</p><p>2014-10-18 08:53 - 2014-10-18 08:53 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000.exe</p><p>2014-10-18 07:30 - 2014-10-18 07:30 - 00003098 _____ () C:\windows\System32\Tasks\{9C6EA312-3EEC-4047-ABEF-A8F2450ECBE0}</p><p>2014-10-18 07:20 - 2014-10-18 07:20 - 00000000 ____D () C:\ProgramData\TEMP</p><p>2014-10-18 07:17 - 2014-10-26 10:10 - 00001338 _____ () C:\windows\Tasks\YSPBIM.job</p><p>2014-10-18 07:17 - 2014-10-26 10:10 - 00001334 _____ () C:\windows\Tasks\QQPK.job</p><p>2014-10-18 07:17 - 2014-10-18 07:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate</p><p>2014-10-18 07:17 - 2014-10-18 07:17 - 00004364 _____ () C:\windows\System32\Tasks\YSPBIM</p><p>2014-10-18 07:17 - 2014-10-18 07:17 - 00004360 _____ () C:\windows\System32\Tasks\QQPK</p><p>2014-10-18 07:17 - 2014-10-18 07:17 - 00000000 ____D () C:\Users\Bella\AppData\Local\globalUpdate</p><p>2014-10-18 07:15 - 2014-10-18 09:44 - 00000000 ____D () C:\ProgramData\rdoOQMEVSwI</p><p>2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\Users\Bella\AppData\Local\TVWizard</p><p>2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\ProgramData\TVWizard</p><p>2014-10-18 07:13 - 2014-10-18 07:13 - 00004026 _____ () C:\windows\System32\Tasks\LaunchSignup</p><p>2014-10-18 07:07 - 2014-10-18 07:07 - 00000000 ____D () C:\ProgramData\McAfee</p><p>2014-10-16 05:50 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll</p><p>2014-10-16 05:50 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll</p><p>2014-10-16 05:50 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll</p><p>2014-10-16 05:50 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys</p><p>2014-10-14 20:21 - 2014-10-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox</p><p>2014-10-03 09:36 - 2014-10-03 09:36 - 00088576 ___SH () C:\Users\Bella\Desktop\Thumbs.db</p><p>2014-10-03 09:35 - 2014-10-18 07:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service</p><p>2014-10-03 09:35 - 2014-10-03 09:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk</p><p>2014-10-03 09:35 - 2014-10-03 09:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>2014-10-03 09:32 - 2014-10-03 09:32 - 00244272 _____ () C:\Users\Bella\Downloads\Firefox Setup Stub 32.0.3.exe</p><p>2014-10-01 08:34 - 2014-10-01 08:34 - 00021504 ___SH () C:\Users\Bella\Downloads\Thumbs.db</p><p>2014-09-30 07:10 - 2014-09-30 07:10 - 00012832 _____ () C:\Users\Bella\Downloads\Sept pay.zip</p><p>2014-09-29 07:27 - 2014-09-29 07:32 - 00000000 ____D () C:\Users\Bella\Documents\MAISON</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-10-26 10:30 - 2012-01-23 18:07 - 00000000 ____D () C:\Users\Bella\AppData\Roaming\Skype</p><p>2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-10-26 10:16 - 2010-06-19 11:06 - 01812471 _____ () C:\windows\WindowsUpdate.log</p><p>2014-10-26 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT</p><p>2014-10-26 10:09 - 2009-07-13 21:51 - 00089797 _____ () C:\windows\setupact.log</p><p>2014-10-26 08:09 - 2012-08-09 10:27 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job</p><p>2014-10-26 06:55 - 2012-07-07 07:13 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update</p><p>2014-10-25 13:27 - 2012-08-09 10:27 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job</p><p>2014-10-25 07:08 - 2010-07-21 22:30 - 570054710 _____ () C:\windows\MEMORY.DMP</p><p>2014-10-25 07:08 - 2010-07-21 22:30 - 00000000 ____D () C:\windows\Minidump</p><p>2014-10-20 08:24 - 2010-05-17 07:23 - 00386926 _____ () C:\windows\PFRO.log</p><p>2014-10-18 11:19 - 2014-07-31 21:11 - 00000000 ____D () C:\Users\Bella\AppData\Local\Adobe</p><p>2014-10-18 11:18 - 2012-04-27 09:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-10-18 11:18 - 2011-09-17 14:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-10-18 09:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat</p><p>2014-10-18 08:01 - 2011-10-07 11:12 - 00000000 ____D () C:\Users\Bella\AppData\Local\CrashDumps</p><p>2014-10-18 07:51 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\LiveKernelReports</p><p>2014-10-18 07:17 - 2010-05-17 07:21 - 00000000 ____D () C:\Program Files (x86)\Google</p><p>2014-10-18 07:01 - 2009-07-13 21:45 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT</p><p>2014-10-18 07:00 - 2014-07-10 07:20 - 00000000 ___SD () C:\windows\system32\CompatTel</p><p>2014-10-18 05:42 - 2010-06-19 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help</p><p>2014-10-18 05:41 - 2013-08-15 06:03 - 00000000 ____D () C:\windows\system32\MRT</p><p>2014-10-18 05:38 - 2012-03-15 12:36 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe</p><p>2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype</p><p>2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ____D () C:\ProgramData\Skype</p><p>2014-10-03 09:44 - 2010-07-10 22:52 - 00000000 ____D () C:\Users\Bella\AppData\Local\Google</p><p>2014-10-02 15:53 - 2010-07-10 22:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe</p><p>2014-10-01 08:34 - 2014-08-08 20:52 - 00000000 ____D () C:\Users\Bella\Downloads\Alaclair Ensemble - TOUTE EST IMPOSSIBLE</p><p>2014-09-29 08:24 - 2012-01-23 17:41 - 00001023 _____ () C:\Users\Bella\Desktop\Internet Explorer.lnk</p><p>2014-09-29 07:30 - 2014-08-13 04:54 - 00000000 ____D () C:\Users\Bella\Documents\PÉLI</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Users\Bella\ICS_s64.exe</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Bella\AppData\Local\Temp\BackupSetup.exe</p><p>C:\Users\Bella\AppData\Local\Temp\DataCard_Setup64.exe</p><p>C:\Users\Bella\AppData\Local\Temp\mediaimpression_2.0.63.630_2.0.63.952_update_all.exe</p><p>C:\Users\Bella\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\Bella\AppData\Local\Temp\ResetDevice.exe</p><p>C:\Users\Bella\AppData\Local\Temp\ri8_vmhh.dll</p><p>C:\Users\Bella\AppData\Local\Temp\ShoppinHelper2new2.exe</p><p>C:\Users\Bella\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Bella\AppData\Local\Temp\sqlite3.dll</p><p>C:\Users\Bella\AppData\Local\Temp\tbRadi.dll</p><p>C:\Users\Bella\AppData\Local\Temp\wlsetup.exe</p><p>C:\Users\Bella\AppData\Local\Temp\wlsetupc.exe</p><p>C:\Users\Bella\AppData\Local\Temp\~tmp1366308164410.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-10-26 07:32</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014</p><p>Ran by Bella at 2014-10-26 10:42:42</p><p>Running from C:\Users\Bella\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}</p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)</p><p>iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)</p><p>Intel PROSet Wireless (Version: - ) Hidden</p><p>Intel PROSet Wireless (x32 Version: - ) Hidden</p><p>Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)</p><p>Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)</p><p>Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)</p><p>Intel(R) Wireless Display (HKLM\...\{3676B6E2-15D9-4829-9703-29FFD9CED18B}) (Version: 1.2.18.10 - Intel Corporation)</p><p>iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)</p><p>Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden</p><p>Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>MediaImpression 2.0 for PENTAX (HKLM-x32\...\{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}) (Version: 2.0.63.630 - ArcSoft)</p><p>Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)</p><p>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)</p><p>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)</p><p>Mozilla Firefox 33.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 es-MX)) (Version: 33.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)</p><p>NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation)</p><p>NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden</p><p>QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)</p><p>RICOH R5U230 Media Driver ver.2.08.03.04 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.04 - RICOH)</p><p>Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)</p><p>Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated)</p><p>System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)</p><p>TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)</p><p>TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)</p><p>TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)</p><p>TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)</p><p>TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation)</p><p>TOSHIBA eco Utility (Version: 1.2.12.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA eco Utility (x32 Version: 1.2.12.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)</p><p>TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)</p><p>TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)</p><p>TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)</p><p>TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)</p><p>TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation)</p><p>TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)</p><p>TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)</p><p>TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)</p><p>TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA)</p><p>TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)</p><p>TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)</p><p>TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation)</p><p>TOSHIBA Value Added Package (Version: 1.3.12.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Value Added Package (x32 Version: 1.3.12.64 - TOSHIBA Corporation) Hidden</p><p>TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation)</p><p>ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)</p><p>TV Wizard (HKLM-x32\...\TVWizard) (Version: 2.7.43 - Small Island Development) <==== ATTENTION</p><p>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p></p><p>==================== Restore Points =========================</p><p></p><p>07-10-2014 14:02:06 Windows Update</p><p>11-10-2014 04:04:22 Windows Update</p><p>14-10-2014 13:23:43 Windows Update</p><p>18-10-2014 12:37:31 Windows Update</p><p>18-10-2014 14:19:56 Removed MySafeProxy for Internet Explorer</p><p>18-10-2014 14:22:34 Removed MySafeProxy for Internet Explorer</p><p>21-10-2014 13:06:29 Windows Update</p><p>26-10-2014 17:01:02 Checkpoint by HitmanPro</p><p>26-10-2014 17:05:10 Checkpoint by HitmanPro</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {2CC36FAC-9BE6-42BC-99D1-568740A666E3} - System32\Tasks\YSPBIM => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION</p><p>Task: {34818A3A-D320-4669-AA38-1DB145CE6154} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: {3FFBC680-6456-473A-B869-821E988E867B} - System32\Tasks\QQPK => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION</p><p>Task: {493F8827-97B5-49D6-A248-264FB379AB1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)</p><p>Task: {6515744D-AE1A-4D91-864C-2FFD87902569} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)</p><p>Task: {757D02AC-613B-4167-BF2F-CD89A21523B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION</p><p>Task: {EC57929C-75B0-49F3-91CE-F2916261B3A7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: {F859BDC3-BD9C-46FD-B115-71B308ED5C88} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: {F98A2592-E43B-4F55-9CAE-3A0095087B4A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.)</p><p>Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION</p><p>Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\windows\Tasks\QQPK.job => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION</p><p>Task: C:\windows\Tasks\YSPBIM.job => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll</p><p>2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll</p><p>2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll</p><p>2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll</p><p>2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll</p><p>2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll</p><p>2010-05-17 07:17 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll</p><p>2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll</p><p>2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll</p><p>2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll</p><p>2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll</p><p>2014-08-04 22:17 - 2014-08-04 22:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll</p><p>2014-10-25 17:28 - 2014-10-25 17:28 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll</p><p>2012-08-27 18:33 - 2012-08-27 18:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2012-08-27 18:33 - 2012-08-27 18:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2014-08-04 22:17 - 2014-08-04 22:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll</p><p>2014-10-14 20:21 - 2014-10-14 20:21 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll</p><p>2014-10-18 11:18 - 2014-10-18 11:18 - 16832176 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1044241667-917603167-2797466746-500 - Administrator - Disabled)</p><p>Bella (S-1-5-21-1044241667-917603167-2797466746-1000 - Administrator - Enabled) => C:\Users\Bella</p><p>Guest (S-1-5-21-1044241667-917603167-2797466746-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-1044241667-917603167-2797466746-1002 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000207F030.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000237EDA0.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}</p><p> Writer Name: Registry Writer</p><p> Writer Instance ID: {bdf25eff-4263-46e9-9e23-9db4643ace65}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000228EF40.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}</p><p> Writer Name: COM+ REGDB Writer</p><p> Writer Instance ID: {1fcfb0c4-033b-4541-96ee-bd935ea68bd8}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000220EC20.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}</p><p> Writer Name: Shadow Copy Optimization Writer</p><p> Writer Instance ID: {cc48c333-cc9f-4ea1-b6ca-37b1b880f6ec}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29}</p><p></p><p>Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd}</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (10/26/2014 10:12:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)</p><p></p><p>Error: (10/26/2014 10:09:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.</p><p></p><p>Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)</p><p>Description: WLAN Extensibility Module has stopped unexpectedly.</p><p></p><p>Module Path: C:\windows\System32\IWMSSvc.dll</p><p></p><p>Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)</p><p>Description: WLAN Extensibility Module has stopped unexpectedly.</p><p></p><p>Module Path: C:\windows\System32\IWMSSvc.dll</p><p></p><p>Error: (10/26/2014 10:08:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)</p><p>Description: WLAN Extensibility Module has stopped unexpectedly.</p><p></p><p>Module Path: C:\windows\System32\IWMSSvc.dll</p><p></p><p>Error: (10/26/2014 10:06:29 AM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.</p><p>The computer with the IP address 192.168.1.1 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (10/26/2014 10:01:19 AM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.</p><p>The computer with the IP address 192.168.1.1 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (10/26/2014 09:56:09 AM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.</p><p>The computer with the IP address 192.168.1.1 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (10/26/2014 09:50:59 AM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.</p><p>The computer with the IP address 192.168.1.1 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p>Error: (10/26/2014 09:45:49 AM) (Source: NetBT) (EventID: 4321) (User: )</p><p>Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102.</p><p>The computer with the IP address 192.168.1.1 did not allow the name to be claimed by</p><p>this computer.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz</p><p>Percentage of memory in use: 54%</p><p>Total physical RAM: 3824.43 MB</p><p>Available physical RAM: 1740.13 MB</p><p>Total Pagefile: 7646.99 MB</p><p>Available Pagefile: 5217.83 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.83 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (TI105872W0F) (Fixed) (Total:455.04 GB) (Free:354.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6D3E2460)</p><p>Partition 1: (Active) - (Size=1.5 GB) - (Type=27)</p><p>Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="babaloupa, post: 284925, member: 29616"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014 Ran by Bella (administrator) on BELLA-PC on 26-10-2014 10:41:52 Running from C:\Users\Bella\Downloads Loaded Profile: Bella (Available profiles: Bella) Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-20] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1504608 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705432 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] () HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1044241667-917603167-2797466746-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.google.com/ig?brand=TSNA&bmod=TSNA[/url] HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.google.com/ig?brand=TSNA&bmod=TSNA[/url] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [url]https://ca.yahoo.com?fr=hp-avast&type=avastbcl[/url] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [url]https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}[/url] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = [url]https://ca.yahoo.com?fr=hp-avast&type=avastbcl[/url] StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/url] SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {50822F2F-B944-4468-BDEF-6079F755DCE2} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/url] SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = [url]https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}[/url] SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = [url]https://ca.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}[/url] SearchScopes: HKCU - DefaultScope {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/url] SearchScopes: HKCU - {04315858-E070-42A6-923B-3B6C15BF6D0E} URL = [url]http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA[/url] BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - No File DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} [url]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab[/url] Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A5901E20-427E-4D27-B328-AD8A98F6FF64}: [NameServer] 0.0.0.0 Tcpip\..\Interfaces\{F447F826-232F-4087-B3E5-7BBBD96D5BAE}: [NameServer] 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Bella\AppData\Roaming\Mozilla\Firefox\Profiles\77ptt2qu.default-1413647069098 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Bella\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-mx.xml FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-10-14] FF HKLM-x32\...\Firefox\Extensions: [[email]wrc@avast.com[/email]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-23] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-26] (SurfRight B.V.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] () R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 10:41 - 2014-10-26 10:42 - 00017888 _____ () C:\Users\Bella\Downloads\FRST.txt 2014-10-26 10:41 - 2014-10-26 10:41 - 00000000 ____D () C:\FRST 2014-10-26 10:39 - 2014-10-26 10:39 - 02113024 _____ (Farbar) C:\Users\Bella\Downloads\FRST64.exe 2014-10-26 10:05 - 2014-10-26 10:05 - 00008050 _____ () C:\windows\system32\.crusader 2014-10-26 09:53 - 2014-10-26 10:08 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-10-26 09:53 - 2014-10-26 09:53 - 00001864 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-10-26 09:53 - 2014-10-26 09:53 - 00000000 ____D () C:\Program Files\HitmanPro 2014-10-26 09:52 - 2014-10-26 09:53 - 11194928 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro_x64.exe 2014-10-26 09:49 - 2014-10-26 09:50 - 10280824 _____ (SurfRight B.V.) C:\Users\Bella\Downloads\HitmanPro.exe 2014-10-25 07:08 - 2014-10-25 07:08 - 00283984 _____ () C:\windows\Minidump\102514-26442-01.dmp 2014-10-23 21:37 - 2014-10-23 21:38 - 00283984 _____ () C:\windows\Minidump\102314-19952-01.dmp 2014-10-20 08:24 - 2014-10-20 08:24 - 00283984 _____ () C:\windows\Minidump\102014-20202-01.dmp 2014-10-18 09:17 - 2014-10-26 10:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-18 09:17 - 2014-10-18 09:17 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-18 09:17 - 2014-10-18 09:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-18 09:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-18 09:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-18 09:17 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-10-18 09:13 - 2014-10-18 09:14 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Bella\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-18 08:54 - 2014-10-18 08:54 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000(1).exe 2014-10-18 08:53 - 2014-10-18 08:53 - 01976320 _____ () C:\Users\Bella\Downloads\adwcleaner_4.000.exe 2014-10-18 07:30 - 2014-10-18 07:30 - 00003098 _____ () C:\windows\System32\Tasks\{9C6EA312-3EEC-4047-ABEF-A8F2450ECBE0} 2014-10-18 07:20 - 2014-10-18 07:20 - 00000000 ____D () C:\ProgramData\TEMP 2014-10-18 07:17 - 2014-10-26 10:10 - 00001338 _____ () C:\windows\Tasks\YSPBIM.job 2014-10-18 07:17 - 2014-10-26 10:10 - 00001334 _____ () C:\windows\Tasks\QQPK.job 2014-10-18 07:17 - 2014-10-18 07:22 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-10-18 07:17 - 2014-10-18 07:17 - 00004364 _____ () C:\windows\System32\Tasks\YSPBIM 2014-10-18 07:17 - 2014-10-18 07:17 - 00004360 _____ () C:\windows\System32\Tasks\QQPK 2014-10-18 07:17 - 2014-10-18 07:17 - 00000000 ____D () C:\Users\Bella\AppData\Local\globalUpdate 2014-10-18 07:15 - 2014-10-18 09:44 - 00000000 ____D () C:\ProgramData\rdoOQMEVSwI 2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\Users\Bella\AppData\Local\TVWizard 2014-10-18 07:15 - 2014-10-18 07:15 - 00000000 ____D () C:\ProgramData\TVWizard 2014-10-18 07:13 - 2014-10-18 07:13 - 00004026 _____ () C:\windows\System32\Tasks\LaunchSignup 2014-10-18 07:07 - 2014-10-18 07:07 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-16 05:50 - 2014-10-09 18:53 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-16 05:50 - 2014-10-09 18:53 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-16 05:50 - 2014-10-09 18:47 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-16 05:50 - 2014-09-14 17:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-14 20:21 - 2014-10-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-03 09:36 - 2014-10-03 09:36 - 00088576 ___SH () C:\Users\Bella\Desktop\Thumbs.db 2014-10-03 09:35 - 2014-10-18 07:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-03 09:35 - 2014-10-03 09:35 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-03 09:35 - 2014-10-03 09:35 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-03 09:32 - 2014-10-03 09:32 - 00244272 _____ () C:\Users\Bella\Downloads\Firefox Setup Stub 32.0.3.exe 2014-10-01 08:34 - 2014-10-01 08:34 - 00021504 ___SH () C:\Users\Bella\Downloads\Thumbs.db 2014-09-30 07:10 - 2014-09-30 07:10 - 00012832 _____ () C:\Users\Bella\Downloads\Sept pay.zip 2014-09-29 07:27 - 2014-09-29 07:32 - 00000000 ____D () C:\Users\Bella\Documents\MAISON ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 10:30 - 2012-01-23 18:07 - 00000000 ____D () C:\Users\Bella\AppData\Roaming\Skype 2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 10:19 - 2009-07-13 21:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 10:16 - 2010-06-19 11:06 - 01812471 _____ () C:\windows\WindowsUpdate.log 2014-10-26 10:09 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-10-26 10:09 - 2009-07-13 21:51 - 00089797 _____ () C:\windows\setupact.log 2014-10-26 08:09 - 2012-08-09 10:27 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job 2014-10-26 06:55 - 2012-07-07 07:13 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-10-25 13:27 - 2012-08-09 10:27 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job 2014-10-25 07:08 - 2010-07-21 22:30 - 570054710 _____ () C:\windows\MEMORY.DMP 2014-10-25 07:08 - 2010-07-21 22:30 - 00000000 ____D () C:\windows\Minidump 2014-10-20 08:24 - 2010-05-17 07:23 - 00386926 _____ () C:\windows\PFRO.log 2014-10-18 11:19 - 2014-07-31 21:11 - 00000000 ____D () C:\Users\Bella\AppData\Local\Adobe 2014-10-18 11:18 - 2012-04-27 09:27 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-10-18 11:18 - 2011-09-17 14:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-18 09:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat 2014-10-18 08:01 - 2011-10-07 11:12 - 00000000 ____D () C:\Users\Bella\AppData\Local\CrashDumps 2014-10-18 07:51 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\LiveKernelReports 2014-10-18 07:17 - 2010-05-17 07:21 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-18 07:01 - 2009-07-13 21:45 - 00338960 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-18 07:00 - 2014-07-10 07:20 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-18 05:42 - 2010-06-19 11:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-18 05:41 - 2013-08-15 06:03 - 00000000 ____D () C:\windows\system32\MRT 2014-10-18 05:38 - 2012-03-15 12:36 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-16 12:01 - 2012-01-23 18:06 - 00000000 ____D () C:\ProgramData\Skype 2014-10-03 09:44 - 2010-07-10 22:52 - 00000000 ____D () C:\Users\Bella\AppData\Local\Google 2014-10-02 15:53 - 2010-07-10 22:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-01 08:34 - 2014-08-08 20:52 - 00000000 ____D () C:\Users\Bella\Downloads\Alaclair Ensemble - TOUTE EST IMPOSSIBLE 2014-09-29 08:24 - 2012-01-23 17:41 - 00001023 _____ () C:\Users\Bella\Desktop\Internet Explorer.lnk 2014-09-29 07:30 - 2014-08-13 04:54 - 00000000 ____D () C:\Users\Bella\Documents\PÉLI Files to move or delete: ==================== C:\Users\Bella\ICS_s64.exe Some content of TEMP: ==================== C:\Users\Bella\AppData\Local\Temp\BackupSetup.exe C:\Users\Bella\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Bella\AppData\Local\Temp\mediaimpression_2.0.63.630_2.0.63.952_update_all.exe C:\Users\Bella\AppData\Local\Temp\Quarantine.exe C:\Users\Bella\AppData\Local\Temp\ResetDevice.exe C:\Users\Bella\AppData\Local\Temp\ri8_vmhh.dll C:\Users\Bella\AppData\Local\Temp\ShoppinHelper2new2.exe C:\Users\Bella\AppData\Local\Temp\SkypeSetup.exe C:\Users\Bella\AppData\Local\Temp\sqlite3.dll C:\Users\Bella\AppData\Local\Temp\tbRadi.dll C:\Users\Bella\AppData\Local\Temp\wlsetup.exe C:\Users\Bella\AppData\Local\Temp\wlsetupc.exe C:\Users\Bella\AppData\Local\Temp\~tmp1366308164410.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 07:32 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014 Ran by Bella at 2014-10-26 10:42:42 Running from C:\Users\Bella\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.) iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.) Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{3676B6E2-15D9-4829-9703-29FFD9CED18B}) (Version: 1.2.18.10 - Intel Corporation) iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) MediaImpression 2.0 for PENTAX (HKLM-x32\...\{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}) (Version: 2.0.63.630 - ArcSoft) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 33.0 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 es-MX)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.) RICOH R5U230 Media Driver ver.2.08.03.04 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.08.03.04 - RICOH) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.0 - Synaptics Incorporated) System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation) TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation) TOSHIBA eco Utility (Version: 1.2.12.64 - TOSHIBA Corporation) Hidden TOSHIBA eco Utility (x32 Version: 1.2.12.64 - TOSHIBA Corporation) Hidden TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation) TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.3.12.64 - TOSHIBA Corporation) Hidden TOSHIBA Value Added Package (x32 Version: 1.3.12.64 - TOSHIBA Corporation) Hidden TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) TV Wizard (HKLM-x32\...\TVWizard) (Version: 2.7.43 - Small Island Development) <==== ATTENTION Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-10-2014 14:02:06 Windows Update 11-10-2014 04:04:22 Windows Update 14-10-2014 13:23:43 Windows Update 18-10-2014 12:37:31 Windows Update 18-10-2014 14:19:56 Removed MySafeProxy for Internet Explorer 18-10-2014 14:22:34 Removed MySafeProxy for Internet Explorer 21-10-2014 13:06:29 Windows Update 26-10-2014 17:01:02 Checkpoint by HitmanPro 26-10-2014 17:05:10 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2CC36FAC-9BE6-42BC-99D1-568740A666E3} - System32\Tasks\YSPBIM => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION Task: {34818A3A-D320-4669-AA38-1DB145CE6154} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {3FFBC680-6456-473A-B869-821E988E867B} - System32\Tasks\QQPK => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION Task: {493F8827-97B5-49D6-A248-264FB379AB1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software) Task: {6515744D-AE1A-4D91-864C-2FFD87902569} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.) Task: {757D02AC-613B-4167-BF2F-CD89A21523B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {EC57929C-75B0-49F3-91CE-F2916261B3A7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {F859BDC3-BD9C-46FD-B115-71B308ED5C88} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {F98A2592-E43B-4F55-9CAE-3A0095087B4A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-09] (Facebook Inc.) Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000Core.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1044241667-917603167-2797466746-1000UA.job => C:\Users\Bella\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\QQPK.job => C:\Users\Bella\AppData\Roaming\QQPK.exe <==== ATTENTION Task: C:\windows\Tasks\YSPBIM.job => C:\Users\Bella\AppData\Roaming\YSPBIM.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll 2010-04-07 16:07 - 2010-04-07 16:07 - 09468728 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll 2009-11-03 13:26 - 2009-11-03 13:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll 2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll 2010-05-17 07:17 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll 2009-03-12 19:08 - 2009-03-12 19:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll 2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll 2011-07-27 17:07 - 2011-07-27 17:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2010-02-05 17:44 - 2010-02-05 17:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll 2014-08-04 22:17 - 2014-08-04 22:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-25 17:28 - 2014-10-25 17:28 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll 2012-08-27 18:33 - 2012-08-27 18:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 18:33 - 2012-08-27 18:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-04 22:17 - 2014-08-04 22:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-10-14 20:21 - 2014-10-14 20:21 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-18 11:18 - 2014-10-18 11:18 - 16832176 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1044241667-917603167-2797466746-500 - Administrator - Disabled) Bella (S-1-5-21-1044241667-917603167-2797466746-1000 - Administrator - Enabled) => C:\Users\Bella Guest (S-1-5-21-1044241667-917603167-2797466746-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1044241667-917603167-2797466746-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000207F030.72). hr = 0x80070005, Access is denied. . Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,000000000237EDA0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {bdf25eff-4263-46e9-9e23-9db4643ace65} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a4c,(null),0,REG_BINARY,0000000005E2E580.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {d4f693ce-adc7-47a9-b286-a53df2f835af} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,0,REG_BINARY,000000000228EF40.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {1fcfb0c4-033b-4541-96ee-bd935ea68bd8} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,0,REG_BINARY,000000000220EC20.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {cc48c333-cc9f-4ea1-b6ca-37b1b880f6ec} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000814,(null),0,REG_BINARY,0000000005EDE520.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {b04d292a-cc70-48f6-8ac1-b8a6b6671b29} Error: (10/26/2014 10:05:40 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002c0,(null),0,REG_BINARY,000000000161E540.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {eac85efc-b97f-41d4-95de-b4de615e0abd} System errors: ============= Error: (10/26/2014 10:12:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (10/26/2014 10:09:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0. Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (10/26/2014 10:08:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (10/26/2014 10:08:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\windows\System32\IWMSSvc.dll Error: (10/26/2014 10:06:29 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (10/26/2014 10:01:19 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (10/26/2014 09:56:09 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (10/26/2014 09:50:59 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (10/26/2014 09:45:49 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz Percentage of memory in use: 54% Total physical RAM: 3824.43 MB Available physical RAM: 1740.13 MB Total Pagefile: 7646.99 MB Available Pagefile: 5217.83 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI105872W0F) (Fixed) (Total:455.04 GB) (Free:354.23 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 6D3E2460) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=9.3 GB) - (Type=17) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top