Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
can't connect online on any browser after running anti-malware.
Message
<blockquote data-quote="dnunez" data-source="post: 322137" data-attributes="member: 32414"><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2014</p><p>Ran by D-Black at 2014-12-27 04:34:30</p><p>Running from C:\Users\D-Black\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}</p><p>AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>µTorrent (HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)</p><p>Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)</p><p>Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden</p><p>Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)</p><p>Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - )</p><p>ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden</p><p>Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)</p><p>Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )</p><p>Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Consumer Input Update Helper (Version: 1.3.25.149 - Compete Inc.) Hidden</p><p>Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited)</p><p>Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)</p><p>Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited)</p><p>Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)</p><p>D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)</p><p>DirectXInstallService (Version: 9.0.2 - Roxio) Hidden</p><p>DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)</p><p>Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden</p><p>Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)</p><p>Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)</p><p>Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden</p><p>Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden</p><p>GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)</p><p>Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)</p><p>iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)</p><p>Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden</p><p>iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)</p><p>Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)</p><p>Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)</p><p>Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden</p><p>Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)</p><p>Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)</p><p>Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)</p><p>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)</p><p>Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)</p><p>Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)</p><p>Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)</p><p>Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)</p><p>Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden</p><p>Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)</p><p>Mozilla Firefox 4.0b7 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0b7 (x86 en-US)) (Version: 4.0b7 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>MPlayer (remove only) (HKLM\...\MPlayer) (Version: - )</p><p>MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)</p><p>MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)</p><p>OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden</p><p>OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)</p><p>QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>RaidCall (HKLM\...\RaidCall) (Version: 7.2.0-1.0.5185.0 - raidcall.com)</p><p>RapidTyping 5 (HKLM\...\RapidTyping5) (Version: 5.0.132.79 - RapidTyping Software)</p><p>Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)</p><p>Roxio Creator Premier (HKLM\...\{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}) (Version: 10.3 - Roxio)</p><p>TalonRO Client 1.0.0 (HKLM\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)</p><p>VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden</p><p>Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)</p><p>Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)</p><p>Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)</p><p>Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)</p><p>Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)</p><p>Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)</p><p>WinSCP 4.3.4 (HKLM\...\winscp3_is1) (Version: 4.3.4 - Martin Prikryl)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\D-Black\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)</p><p>CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>19-12-2014 21:04:11 Revo Uninstaller's restore point - Google Chrome</p><p>19-12-2014 21:25:03 Revo Uninstaller's restore point - Ares 2.2.4</p><p>21-12-2014 11:20:46 Windows Update</p><p>21-12-2014 22:19:52 Revo Uninstaller's restore point - BrowserPlus1 Toolbar</p><p>21-12-2014 22:24:26 Revo Uninstaller's restore point - I - Cinema</p><p>21-12-2014 22:26:54 Revo Uninstaller's restore point - Search App by Ask</p><p>22-12-2014 20:36:20 Revo Uninstaller's restore point - couponarific</p><p>22-12-2014 21:32:57 Revo Uninstaller's restore point - Consumer Input (remove only)</p><p>22-12-2014 21:35:08 Revo Uninstaller's restore point - Optimizer Pro v3.2</p><p>24-12-2014 21:51:19 Windows Update</p><p>26-12-2014 22:57:06 Revo Uninstaller's restore point - Consumer Input</p><p>27-12-2014 01:00:03 Checkpoint by HitmanPro</p><p>27-12-2014 01:01:01 Checkpoint by HitmanPro</p><p>27-12-2014 01:33:12 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028</p><p>27-12-2014 02:36:34 Revo Uninstaller's restore point - DonutQuotes</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 21:04 - 2014-12-20 11:15 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {05745761-13A4-4B6C-8D21-DBBAEABFC5B9} - System32\Tasks\BBQLeads => C:\Program Files\bbqleads\ScheduledTask.exe</p><p>Task: {0F1B1718-D2B7-4821-ACC5-39EEA8B8DCE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {1E5FB0F0-F89C-4545-B216-FCBC8159667E} - System32\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe</p><p>Task: {20E0498D-3DE8-49C7-A728-52830A6CB822} - System32\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe</p><p>Task: {3B0B499C-7B4A-4C2F-9260-D713C508209E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)</p><p>Task: {5D3DF72E-5194-4CBC-817C-3E8132F1EE40} - System32\Tasks\{9AC3D4ED-AE1C-4027-A8F7-5B2AD0FCD8B7} => pcalua.exe -a C:\Games\AnimusRO\Setup.exe -d C:\Games\AnimusRO</p><p>Task: {649DF508-4189-42FB-AFE7-D4F0709488E6} - System32\Tasks\{EF3284C3-9F15-4470-8C46-3BDFBA07F6F4} => pcalua.exe -a C:\Users\Rayniel\Downloads\XvidSetup(2).exe -d "C:\Program Files\Mozilla Firefox"</p><p>Task: {651FE509-1CFB-4B28-B61C-4AFAE7BF1747} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)</p><p>Task: {66003E71-5F8B-444A-A4DA-90F27F8CEBF5} - System32\Tasks\{5667287D-0C59-4797-A89D-2C5206521BB6} => pcalua.exe -a C:\Users\Rayniel\AppData\Local\Temp\DivXSetup.exe -d C:\Windows\system32 -c /update all</p><p>Task: {797B801C-1EEA-45B1-AE5F-B76901C5D929} - \DonutQuotes No Task File <==== ATTENTION</p><p>Task: {7EEE36E8-D6D8-451E-B451-3B567E34241A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.)</p><p>Task: {80AF8946-79B2-4384-80E2-51AE9E29DF80} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.)</p><p>Task: {82E73FAE-03CA-4F70-A052-7E14D9E1BC08} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe</p><p>Task: {8585181C-B0B3-4F02-A81B-CC516FA2BAFB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.)</p><p>Task: {9326A624-5E16-49CB-81B3-F881A2B6AE1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)</p><p>Task: {9AC36C67-1667-4775-A091-780ADA8E1158} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)</p><p>Task: {9B5A0C53-83FD-43A6-B1F1-29554000AA0C} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)</p><p>Task: {A51B7BA3-0D16-4F66-BCEE-91E58521CE4F} - System32\Tasks\{2EC03D0D-B86E-47AC-98FC-B5F928DEFE61} => pcalua.exe -a C:\Games\TalonRO\RagnarokSetup.exe -d C:\Games\TalonRO</p><p>Task: {B11DADEF-1489-42B5-99D0-567C8BF08524} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {B6A89C12-064B-495D-AF96-B66799F2784E} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe</p><p>Task: {B801CB72-D586-4FB8-BAC5-21CD35C3B68A} - System32\Tasks\{BB2F756B-9B22-480D-9312-5F5D71A87FDB} => pcalua.exe -a C:\Users\Rayniel\Downloads\XvidSetup(3).exe -d "C:\Program Files\Mozilla Firefox"</p><p>Task: {C3EDA453-59A8-44B2-9FD1-8C5142426C64} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {D01F9F1A-18F5-49BF-AA3F-8183D404D445} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)</p><p>Task: {DA31041C-7D77-4CC7-A880-C5DB7817994F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)</p><p>Task: {DA96A489-D182-43AA-951D-97521E5541E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated)</p><p>Task: {E4D1290A-666D-4148-B486-A447E473E365} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()</p><p>Task: {E61A3ECC-0F24-43AD-9A4F-80E2E7089F25} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)</p><p>Task: {EBDE51DE-7C1D-4806-B658-47818CE000FB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe</p><p>Task: {EC7D4901-A9C3-4D4C-85E2-079218AC4FDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30] (Google Inc.)</p><p>Task: {EF304ACB-5A15-446F-A576-A68D2A56F4ED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc</p><p>Task: {EF779E9E-9005-4171-9E55-F3A53D9A42A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30] (Google Inc.)</p><p>Task: {F701B475-FD53-41EB-B606-2E8205CB6585} - System32\Tasks\DivX online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] ()</p><p>Task: {FAC5EDE7-3704-42EF-8AE4-A60B28711D0B} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL c:\6545b25964d83b194dbaa5435fa1\MouseKeyboardCenter\Setup\Files\1033\Eng.rtf</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe</p><p>Task: C:\Windows\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe</p><p>Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core.job => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA.job => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core.job => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA.job => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2013-10-04 18:43 - 2012-04-20 13:13 - 00517960 _____ () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe</p><p>2009-10-14 15:36 - 2009-10-14 15:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe</p><p>2010-05-05 16:51 - 2010-05-05 16:51 - 00002560 _____ () C:\Windows\CTXFIRES.DLL</p><p>2009-10-14 15:34 - 2009-10-14 15:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe</p><p>2014-09-25 05:04 - 2014-09-25 05:04 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll</p><p>2014-12-19 21:35 - 2014-12-19 21:35 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll</p><p>2014-12-20 00:37 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll</p><p>2014-12-20 00:37 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll</p><p>2014-12-20 00:37 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll</p><p>2014-12-20 00:37 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll</p><p>2014-12-20 00:37 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\ProgramData\TEMP:373E1720</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\startupreg: Joystick 2 Mouse => C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure</p><p>MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\D-Black\AppData\Roaming\Yontoo\YontooDesktop.exe"</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-2383511167-434876183-2691488376-500 - Administrator - Disabled)</p><p>D-Black (S-1-5-21-2383511167-434876183-2691488376-1004 - Administrator - Enabled) => C:\Users\D-Black</p><p>Delaney (S-1-5-21-2383511167-434876183-2691488376-1007 - Administrator - Enabled) => C:\Users\Delaney</p><p>Guest (S-1-5-21-2383511167-434876183-2691488376-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-2383511167-434876183-2691488376-1003 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: Teredo Tunneling Pseudo-Interface</p><p>Description: Microsoft Teredo Tunneling Adapter</p><p>Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}</p><p>Manufacturer: Microsoft</p><p>Service: tunnel</p><p>Problem: : This device cannot start. (Code10)</p><p>Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.</p><p>On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/27/2014 02:36:24 AM) (Source: VSS) (EventID: 8194) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.</p><p>.</p><p>This is often caused by incorrect security settings in either the writer or requestor process.</p><p></p><p></p><p>Operation:</p><p> Gathering Writer Data</p><p></p><p>Context:</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {29ebfd78-b6f9-4786-a739-8dd39b157617}</p><p></p><p>Error: (12/27/2014 01:33:12 AM) (Source: VSS) (EventID: 8194) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.</p><p>.</p><p>This is often caused by incorrect security settings in either the writer or requestor process.</p><p></p><p></p><p>Operation:</p><p> Gathering Writer Data</p><p></p><p>Context:</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aca5ba9e-6ee9-47c0-99fb-dc4a19435b17}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,02E9FA30.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE80.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED20.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE6C.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0296F788.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}</p><p> Writer Name: Registry Writer</p><p> Writer Instance ID: {fd986f8f-1920-41f7-92e2-223102943f24}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED0C.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,(null),0,REG_BINARY,029AF3E8.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}</p><p> Writer Name: COM+ REGDB Writer</p><p> Writer Instance ID: {f5b1411b-a609-4e60-b922-1950a94ac6f7}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b24,(null),0,REG_BINARY,03E0ED00.64). hr = 0x80070005, Access is denied.</p><p>.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {449c93ae-2278-4afd-a8b6-f78367d7fa46}</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/27/2014 04:08:59 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 02:44:32 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 02:21:49 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 01:44:49 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 01:35:22 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 01:16:47 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 01:03:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: )</p><p>Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.</p><p></p><p>Error: (12/27/2014 01:02:27 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p>Error: (12/27/2014 00:37:29 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}</p><p></p><p>Error: (12/27/2014 00:33:47 AM) (Source: DCOM) (EventID: 10010) (User: )</p><p>Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (12/27/2014 02:36:24 AM) (Source: VSS) (EventID: 8194) (User: )</p><p>Description: 0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> Gathering Writer Data</p><p></p><p>Context:</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {29ebfd78-b6f9-4786-a739-8dd39b157617}</p><p></p><p>Error: (12/27/2014 01:33:12 AM) (Source: VSS) (EventID: 8194) (User: )</p><p>Description: 0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> Gathering Writer Data</p><p></p><p>Context:</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aca5ba9e-6ee9-47c0-99fb-dc4a19435b17}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x000002a4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,02E9FA30.64)0x80070005, Access is denied.</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE80.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED20.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE6C.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}</p><p> Writer Name: System Writer</p><p> Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0296F788.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}</p><p> Writer Name: Registry Writer</p><p> Writer Instance ID: {fd986f8f-1920-41f7-92e2-223102943f24}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED0C.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}</p><p> Writer Name: WMI Writer</p><p> Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,029AF3E8.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}</p><p> Writer Name: COM+ REGDB Writer</p><p> Writer Instance ID: {f5b1411b-a609-4e60-b922-1950a94ac6f7}</p><p></p><p>Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: )</p><p>Description: RegSetValueExW(0x00000b24,(null),0,REG_BINARY,03E0ED00.64)0x80070005, Access is denied.</p><p></p><p></p><p>Operation:</p><p> BackupShutdown Event</p><p></p><p>Context:</p><p> Execution Context: Writer</p><p> Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}</p><p> Writer Name: MSSearch Service Writer</p><p> Writer Instance ID: {449c93ae-2278-4afd-a8b6-f78367d7fa46}</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz</p><p>Percentage of memory in use: 68%</p><p>Total physical RAM: 3326.18 MB</p><p>Available physical RAM: 1056.59 MB</p><p>Total Pagefile: 6650.64 MB</p><p>Available Pagefile: 4000 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1893.12 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:450.98 GB) (Free:129.94 GB) NTFS</p><p>Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.42 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 602D1AA2)</p><p>Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)</p><p>Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=451 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ===========================</p></blockquote><p></p>
[QUOTE="dnunez, post: 322137, member: 32414"] Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2014 Ran by D-Black at 2014-12-27 04:34:30 Running from C:\Users\D-Black\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2383511167-434876183-2691488376-1004\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated) Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - ) ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Consumer Input Update Helper (Version: 1.3.25.149 - Compete Inc.) Hidden Creative Audio Control Panel (HKLM\...\AudioCS) (Version: 2.00 - Creative Technology Limited) Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties (HKLM\...\Creative Sound Blaster Properties) (Version: 1.02 - Creative Technology Limited) Creative WaveStudio 7 (HKLM\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) DirectXInstallService (Version: 9.0.2 - Roxio) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC) Elevated Installer (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Garmin Express (HKLM\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden GOM Player (HKLM\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.) Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Firefox 4.0b7 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0b7 (x86 en-US)) (Version: 4.0b7 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MPlayer (remove only) (HKLM\...\MPlayer) (Version: - ) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation) QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) RaidCall (HKLM\...\RaidCall) (Version: 7.2.0-1.0.5185.0 - raidcall.com) RapidTyping 5 (HKLM\...\RapidTyping5) (Version: 5.0.132.79 - RapidTyping Software) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Roxio Creator Premier (HKLM\...\{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}) (Version: 10.3 - Roxio) TalonRO Client 1.0.0 (HKLM\...\TalonRO_is1) (Version: 1.0.0 - TalonRO) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) WinSCP 4.3.4 (HKLM\...\winscp3_is1) (Version: 4.3.4 - Martin Prikryl) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\D-Black\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-2383511167-434876183-2691488376-1004_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\D-Black\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Restore Points ========================= 19-12-2014 21:04:11 Revo Uninstaller's restore point - Google Chrome 19-12-2014 21:25:03 Revo Uninstaller's restore point - Ares 2.2.4 21-12-2014 11:20:46 Windows Update 21-12-2014 22:19:52 Revo Uninstaller's restore point - BrowserPlus1 Toolbar 21-12-2014 22:24:26 Revo Uninstaller's restore point - I - Cinema 21-12-2014 22:26:54 Revo Uninstaller's restore point - Search App by Ask 22-12-2014 20:36:20 Revo Uninstaller's restore point - couponarific 22-12-2014 21:32:57 Revo Uninstaller's restore point - Consumer Input (remove only) 22-12-2014 21:35:08 Revo Uninstaller's restore point - Optimizer Pro v3.2 24-12-2014 21:51:19 Windows Update 26-12-2014 22:57:06 Revo Uninstaller's restore point - Consumer Input 27-12-2014 01:00:03 Checkpoint by HitmanPro 27-12-2014 01:01:01 Checkpoint by HitmanPro 27-12-2014 01:33:12 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028 27-12-2014 02:36:34 Revo Uninstaller's restore point - DonutQuotes ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2014-12-20 11:15 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05745761-13A4-4B6C-8D21-DBBAEABFC5B9} - System32\Tasks\BBQLeads => C:\Program Files\bbqleads\ScheduledTask.exe Task: {0F1B1718-D2B7-4821-ACC5-39EEA8B8DCE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {1E5FB0F0-F89C-4545-B216-FCBC8159667E} - System32\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe Task: {20E0498D-3DE8-49C7-A728-52830A6CB822} - System32\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe Task: {3B0B499C-7B4A-4C2F-9260-D713C508209E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.) Task: {5D3DF72E-5194-4CBC-817C-3E8132F1EE40} - System32\Tasks\{9AC3D4ED-AE1C-4027-A8F7-5B2AD0FCD8B7} => pcalua.exe -a C:\Games\AnimusRO\Setup.exe -d C:\Games\AnimusRO Task: {649DF508-4189-42FB-AFE7-D4F0709488E6} - System32\Tasks\{EF3284C3-9F15-4470-8C46-3BDFBA07F6F4} => pcalua.exe -a C:\Users\Rayniel\Downloads\XvidSetup(2).exe -d "C:\Program Files\Mozilla Firefox" Task: {651FE509-1CFB-4B28-B61C-4AFAE7BF1747} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation) Task: {66003E71-5F8B-444A-A4DA-90F27F8CEBF5} - System32\Tasks\{5667287D-0C59-4797-A89D-2C5206521BB6} => pcalua.exe -a C:\Users\Rayniel\AppData\Local\Temp\DivXSetup.exe -d C:\Windows\system32 -c /update all Task: {797B801C-1EEA-45B1-AE5F-B76901C5D929} - \DonutQuotes No Task File <==== ATTENTION Task: {7EEE36E8-D6D8-451E-B451-3B567E34241A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-20] (Google Inc.) Task: {80AF8946-79B2-4384-80E2-51AE9E29DF80} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.) Task: {82E73FAE-03CA-4F70-A052-7E14D9E1BC08} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {8585181C-B0B3-4F02-A81B-CC516FA2BAFB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.) Task: {9326A624-5E16-49CB-81B3-F881A2B6AE1A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {9AC36C67-1667-4775-A091-780ADA8E1158} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {9B5A0C53-83FD-43A6-B1F1-29554000AA0C} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {A51B7BA3-0D16-4F66-BCEE-91E58521CE4F} - System32\Tasks\{2EC03D0D-B86E-47AC-98FC-B5F928DEFE61} => pcalua.exe -a C:\Games\TalonRO\RagnarokSetup.exe -d C:\Games\TalonRO Task: {B11DADEF-1489-42B5-99D0-567C8BF08524} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B6A89C12-064B-495D-AF96-B66799F2784E} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe Task: {B801CB72-D586-4FB8-BAC5-21CD35C3B68A} - System32\Tasks\{BB2F756B-9B22-480D-9312-5F5D71A87FDB} => pcalua.exe -a C:\Users\Rayniel\Downloads\XvidSetup(3).exe -d "C:\Program Files\Mozilla Firefox" Task: {C3EDA453-59A8-44B2-9FD1-8C5142426C64} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2383511167-434876183-2691488376-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {D01F9F1A-18F5-49BF-AA3F-8183D404D445} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {DA31041C-7D77-4CC7-A880-C5DB7817994F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {DA96A489-D182-43AA-951D-97521E5541E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-19] (Adobe Systems Incorporated) Task: {E4D1290A-666D-4148-B486-A447E473E365} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {E61A3ECC-0F24-43AD-9A4F-80E2E7089F25} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {EBDE51DE-7C1D-4806-B658-47818CE000FB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {EC7D4901-A9C3-4D4C-85E2-079218AC4FDF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30] (Google Inc.) Task: {EF304ACB-5A15-446F-A576-A68D2A56F4ED} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {EF779E9E-9005-4171-9E55-F3A53D9A42A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-30] (Google Inc.) Task: {F701B475-FD53-41EB-B606-2E8205CB6585} - System32\Tasks\DivX online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2014-01-10] () Task: {FAC5EDE7-3704-42EF-8AE4-A60B28711D0B} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL c:\6545b25964d83b194dbaa5435fa1\MouseKeyboardCenter\Setup\Files\1033\Eng.rtf (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-2383511167-434876183-2691488376-1004.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe Task: C:\Windows\Tasks\CIMT_S-1-5-21-2383511167-434876183-2691488376-1004.job => C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004Core.job => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1004UA.job => C:\Users\D-Black\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001Core.job => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2383511167-434876183-2691488376-1001UA.job => C:\Users\Rayniel\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-10-04 18:43 - 2012-04-20 13:13 - 00517960 _____ () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe 2009-10-14 15:36 - 2009-10-14 15:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 2010-05-05 16:51 - 2010-05-05 16:51 - 00002560 _____ () C:\Windows\CTXFIRES.DLL 2009-10-14 15:34 - 2009-10-14 15:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe 2014-09-25 05:04 - 2014-09-25 05:04 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-12-19 21:35 - 2014-12-19 21:35 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll 2014-12-20 00:37 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-20 00:37 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-20 00:37 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-20 00:37 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-20 00:37 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Joystick 2 Mouse => C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\D-Black\AppData\Roaming\Yontoo\YontooDesktop.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2383511167-434876183-2691488376-500 - Administrator - Disabled) D-Black (S-1-5-21-2383511167-434876183-2691488376-1004 - Administrator - Enabled) => C:\Users\D-Black Delaney (S-1-5-21-2383511167-434876183-2691488376-1007 - Administrator - Enabled) => C:\Users\Delaney Guest (S-1-5-21-2383511167-434876183-2691488376-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2383511167-434876183-2691488376-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/27/2014 02:36:24 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29ebfd78-b6f9-4786-a739-8dd39b157617} Error: (12/27/2014 01:33:12 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aca5ba9e-6ee9-47c0-99fb-dc4a19435b17} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002a4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,02E9FA30.64). hr = 0x80070005, Access is denied. . Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE80.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED20.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE6C.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0296F788.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {fd986f8f-1920-41f7-92e2-223102943f24} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED0C.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,(null),0,REG_BINARY,029AF3E8.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {f5b1411b-a609-4e60-b922-1950a94ac6f7} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b24,(null),0,REG_BINARY,03E0ED00.64). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {449c93ae-2278-4afd-a8b6-f78367d7fa46} System errors: ============= Error: (12/27/2014 04:08:59 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 02:44:32 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 02:21:49 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 01:44:49 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 01:35:22 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 01:16:47 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 01:03:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0. Error: (12/27/2014 01:02:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/27/2014 00:37:29 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (12/27/2014 00:33:47 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= Error: (12/27/2014 02:36:24 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {29ebfd78-b6f9-4786-a739-8dd39b157617} Error: (12/27/2014 01:33:12 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aca5ba9e-6ee9-47c0-99fb-dc4a19435b17} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000002a4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,02E9FA30.64)0x80070005, Access is denied. Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE80.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED20.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000308,(null),0,REG_BINARY,0301EE6C.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aa632872-0abb-40c4-a14f-c18ab7c297a1} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001b0,(null),0,REG_BINARY,0296F788.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {fd986f8f-1920-41f7-92e2-223102943f24} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007f8,(null),0,REG_BINARY,01B2ED0C.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {77080f86-7b63-4b06-bb43-a00a15aef805} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001bc,(null),0,REG_BINARY,029AF3E8.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {f5b1411b-a609-4e60-b922-1950a94ac6f7} Error: (12/27/2014 01:01:55 AM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x00000b24,(null),0,REG_BINARY,03E0ED00.64)0x80070005, Access is denied. Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {449c93ae-2278-4afd-a8b6-f78367d7fa46} ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz Percentage of memory in use: 68% Total physical RAM: 3326.18 MB Available physical RAM: 1056.59 MB Total Pagefile: 6650.64 MB Available Pagefile: 4000 MB Total Virtual: 2047.88 MB Available Virtual: 1893.12 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:450.98 GB) (Free:129.94 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 602D1AA2) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log =========================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top