Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Help with GOSAVE malware???
Message
<blockquote data-quote="lawzize" data-source="post: 268834" data-attributes="member: 28449"><p>Here's the addition.txt too.</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014</p><p>Ran by Alex at 2014-09-27 17:43:03</p><p>Running from C:\Users\Alex\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)</p><p>AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden</p><p>AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden</p><p>Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)</p><p>Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)</p><p>Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)</p><p>Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)</p><p>Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)</p><p>Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)</p><p>Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden</p><p>Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden</p><p>Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)</p><p>avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)</p><p>iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)</p><p>Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)</p><p>Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)</p><p>Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden</p><p>Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden</p><p>Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden</p><p>Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden</p><p>Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden</p><p>Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)</p><p>Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden</p><p>SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)</p><p>TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)</p><p>Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)</p><p>Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)</p><p>VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)</p><p>WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>08-09-2014 18:43:58 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030</p><p>11-09-2014 21:21:59 Windows Modules Installer</p><p>19-09-2014 17:05:45 Removed Autodesk Material Library Base Resolution Image Library 2015.</p><p>24-09-2014 16:36:44 Windows Update</p><p>26-09-2014 22:42:28 avast! antivirus system restore point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask</p><p>Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList</p><p>Task: {0C7F10FF-ADC4-4812-9227-C362D2C9DE66} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1749167043-3042925933-2216563286-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe</p><p>Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask</p><p>Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate</p><p>Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)</p><p>Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)</p><p>Task: {40A0EC9C-EAA3-4656-A3A4-6215317D2602} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-26] (AVAST Software)</p><p>Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance</p><p>Task: {51668310-6B52-423E-889E-141F3E7CC71B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: {5A83533B-BC6F-481B-AF05-A31AEE5C373D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation</p><p>Task: {637652DF-6780-4E40-90CC-2413FDF9BA68} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload</p><p>Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup</p><p>Task: {6C768377-25D4-4C78-BFD3-1396A8DC1065} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)</p><p>Task: {6DAC2F59-2415-416E-9BB0-848592993B58} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv</p><p>Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task</p><p>Task: {71F14F17-D9DD-4B66-B518-5B249A58B4FC} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management</p><p>Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask</p><p>Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState</p><p>Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task</p><p>Task: {89332084-13E0-4E3E-9DBA-0683F414DA75} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-16] (Adobe Systems Incorporated)</p><p>Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask</p><p>Task: {9D778C48-51DA-42F9-AB0D-7E0D368184F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation)</p><p>Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work</p><p>Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask</p><p>Task: {D64E200C-3029-42B7-AC05-96D35508BD2F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics</p><p>Task: {D78597D7-D293-4707-B458-FD7E1CE3E0BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)</p><p>Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing</p><p>Task: {D91A2709-980D-4399-91EA-C0D18691201D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)</p><p>Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization</p><p>Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE</p><p>Task: {E75AC768-0EE1-4F19-8358-5376732DA16C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for POTATOES-Alex Potatoes => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation)</p><p>Task: {FC776448-2CBD-4CFF-B493-19F35443E8FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2014-02-26 22:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll</p><p>2014-08-26 23:36 - 2014-09-26 11:13 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll</p><p>2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2014-06-10 23:37 - 2014-06-10 23:37 - 00188416 _____ () C:\Program Files\WindowsApps\57472JeffCole.CribbageClassic_1.0.1.3_neutral__rdk3bxwe9kqbm\Cribbage.exe</p><p>2014-09-22 10:15 - 2014-09-22 10:15 - 00232960 _____ () C:\Program Files\WindowsApps\ATrillionGamesLtd.3DChessMaster_1.7.5.0_neutral__2cw2yhd8jafk0\3DChessGame.exe</p><p>2014-09-26 16:47 - 2014-09-26 16:47 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll</p><p>2014-09-26 16:47 - 2014-09-26 16:47 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092602\algo.dll</p><p>2014-09-27 17:42 - 2014-09-27 17:42 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092701\algo.dll</p><p>2014-09-08 13:07 - 2014-09-03 21:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll</p><p>2014-09-08 13:07 - 2014-09-03 21:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll</p><p>2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2014-06-18 22:08 - 2014-09-26 11:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll</p><p>2014-09-26 20:26 - 2014-09-03 21:41 - 00104328 _____ () C:\Users\Alex\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll</p><p>2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF</p><p>2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll</p><p>2014-09-26 16:47 - 2014-09-26 16:47 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll</p><p>2014-04-17 09:53 - 2014-04-17 09:53 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll</p><p>2014-04-17 09:53 - 2014-04-17 09:53 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll</p><p>2014-04-24 11:55 - 2014-04-24 11:55 - 00770560 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll</p><p>2014-04-24 11:56 - 2014-04-24 11:56 - 00483840 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll</p><p>2014-04-24 11:56 - 2014-04-24 11:56 - 00041984 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll</p><p>2014-04-24 11:56 - 2014-04-24 11:56 - 00012800 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll</p><p>2014-04-17 12:57 - 2014-04-17 12:57 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll</p><p>2014-06-18 22:11 - 2014-09-26 11:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll</p><p>2014-06-18 22:08 - 2014-09-26 11:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll</p><p>2014-09-25 16:57 - 2014-09-22 22:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKLM\...\StartupApproved\Run32: => "APSDaemon"</p><p>HKLM\...\StartupApproved\Run32: => "iTunesHelper"</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1749167043-3042925933-2216563286-500 - Administrator - Disabled)</p><p>Alex (S-1-5-21-1749167043-3042925933-2216563286-1001 - Administrator - Enabled) => C:\Users\Alex</p><p>Guest (S-1-5-21-1749167043-3042925933-2216563286-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-1749167043-3042925933-2216563286-1005 - Limited - Enabled)</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (09/27/2014 05:35:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80070005</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 66198359</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 66198359</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (09/27/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 66197219</p><p></p><p>Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 66197219</p><p></p><p>Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 10803422</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 10803422</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (09/27/2014 05:27:02 PM) (Source: BTHUSB) (EventID: 17) (User: )</p><p>Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.</p><p></p><p>Error: (09/26/2014 10:59:30 PM) (Source: BTHUSB) (EventID: 17) (User: )</p><p>Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.</p><p></p><p>Error: (09/26/2014 08:28:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Google Update Service (gupdate) service failed to start due to the following error: </p><p>%%2</p><p></p><p>Error: (09/26/2014 08:25:54 PM) (Source: ACPI) (EventID: 13) (User: )</p><p>Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.</p><p></p><p>Error: (09/26/2014 08:25:56 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 5:01:37 PM on 9/26/2014 was unexpected.</p><p></p><p>Error: (09/26/2014 08:25:46 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY)</p><p>Description: 32212265131162064</p><p></p><p>Error: (09/26/2014 04:37:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Google Update Service (gupdate) service failed to start due to the following error: </p><p>%%2</p><p></p><p>Error: (09/26/2014 04:33:50 PM) (Source: ACPI) (EventID: 13) (User: )</p><p>Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.</p><p></p><p>Error: (09/26/2014 04:25:13 PM) (Source: BTHUSB) (EventID: 17) (User: )</p><p>Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.</p><p></p><p>Error: (09/26/2014 00:59:57 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 11:25:10 AM on 9/26/2014 was unexpected.</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (09/27/2014 05:35:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )</p><p>Description: 80070005</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 66198359</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 66198359</p><p></p><p>Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (09/27/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 66197219</p><p></p><p>Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 66197219</p><p></p><p>Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 10803422</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 10803422</p><p></p><p>Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-09-26 16:29:36.773</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-09-26 16:29:36.449</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-09-24 10:36:57.185</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-09-11 15:22:01.129</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-09-10 10:58:44.059</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-08-27 18:08:53.414</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-07-26 22:19:00.109</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-07-14 01:32:14.471</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-07-12 19:50:28.589</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2014-07-12 19:50:28.259</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz</p><p>Percentage of memory in use: 52%</p><p>Total physical RAM: 3979.75 MB</p><p>Available physical RAM: 1888.23 MB</p><p>Total Pagefile: 4683.75 MB</p><p>Available Pagefile: 1767.71 MB</p><p>Total Virtual: 131072 MB</p><p>Available Virtual: 131071.8 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Windows) (Fixed) (Total:109.79 GB) (Free:44.82 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 119.2 GB) (Disk ID: 6FCD0630)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="lawzize, post: 268834, member: 28449"] Here's the addition.txt too. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-09-2014 Ran by Alex at 2014-09-27 17:43:03 Running from C:\Users\Alex\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-1749167043-3042925933-2216563286-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-09-2014 18:43:58 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 11-09-2014 21:21:59 Windows Modules Installer 19-09-2014 17:05:45 Removed Autodesk Material Library Base Resolution Image Library 2015. 24-09-2014 16:36:44 Windows Update 26-09-2014 22:42:28 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0C7F10FF-ADC4-4812-9227-C362D2C9DE66} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1749167043-3042925933-2216563286-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {40A0EC9C-EAA3-4656-A3A4-6215317D2602} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-26] (AVAST Software) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {51668310-6B52-423E-889E-141F3E7CC71B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {5A83533B-BC6F-481B-AF05-A31AEE5C373D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {637652DF-6780-4E40-90CC-2413FDF9BA68} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6C768377-25D4-4C78-BFD3-1396A8DC1065} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {6DAC2F59-2415-416E-9BB0-848592993B58} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {71F14F17-D9DD-4B66-B518-5B249A58B4FC} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {89332084-13E0-4E3E-9DBA-0683F414DA75} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-16] (Adobe Systems Incorporated) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9D778C48-51DA-42F9-AB0D-7E0D368184F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-26] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D64E200C-3029-42B7-AC05-96D35508BD2F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {D78597D7-D293-4707-B458-FD7E1CE3E0BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {D91A2709-980D-4399-91EA-C0D18691201D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation) Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {E75AC768-0EE1-4F19-8358-5376732DA16C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for POTATOES-Alex Potatoes => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-26] (Microsoft Corporation) Task: {FC776448-2CBD-4CFF-B493-19F35443E8FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-26 22:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-08-26 23:36 - 2014-09-26 11:13 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 02:40 - 2010-01-21 02:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-06-10 23:37 - 2014-06-10 23:37 - 00188416 _____ () C:\Program Files\WindowsApps\57472JeffCole.CribbageClassic_1.0.1.3_neutral__rdk3bxwe9kqbm\Cribbage.exe 2014-09-22 10:15 - 2014-09-22 10:15 - 00232960 _____ () C:\Program Files\WindowsApps\ATrillionGamesLtd.3DChessMaster_1.7.5.0_neutral__2cw2yhd8jafk0\3DChessGame.exe 2014-09-26 16:47 - 2014-09-26 16:47 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-26 16:47 - 2014-09-26 16:47 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092602\algo.dll 2014-09-27 17:42 - 2014-09-27 17:42 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092701\algo.dll 2014-09-08 13:07 - 2014-09-03 21:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll 2014-09-08 13:07 - 2014-09-03 21:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll 2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-18 22:08 - 2014-09-26 11:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-09-26 20:26 - 2014-09-03 21:41 - 00104328 _____ () C:\Users\Alex\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll 2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 02:34 - 2010-01-21 02:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-09-26 16:47 - 2014-09-26 16:47 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll 2014-04-17 09:53 - 2014-04-17 09:53 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll 2014-04-17 09:53 - 2014-04-17 09:53 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll 2014-04-24 11:55 - 2014-04-24 11:55 - 00770560 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll 2014-04-24 11:56 - 2014-04-24 11:56 - 00483840 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll 2014-04-24 11:56 - 2014-04-24 11:56 - 00041984 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll 2014-04-24 11:56 - 2014-04-24 11:56 - 00012800 _____ () C:\Users\Alex\AppData\Local\Packages\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Sh130cfbe4#\9ef21ae2ff95f96dcc5d7181d3ef82d5\Arkadium.SharpDXEngine.AudioLoader.ni.dll 2014-04-17 12:57 - 2014-04-17 12:57 - 00038912 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.4.1408.2503_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.AudioLoader.dll 2014-09-25 16:57 - 2014-09-22 22:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll 2014-09-25 16:57 - 2014-09-22 22:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll 2014-09-25 16:57 - 2014-09-22 22:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll 2014-09-25 16:57 - 2014-09-22 22:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll 2014-09-25 16:57 - 2014-09-22 22:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll 2014-06-18 22:11 - 2014-09-26 11:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-06-18 22:08 - 2014-09-26 11:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2014-09-25 16:57 - 2014-09-22 22:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "iTunesHelper" ========================= Accounts: ========================== Administrator (S-1-5-21-1749167043-3042925933-2216563286-500 - Administrator - Disabled) Alex (S-1-5-21-1749167043-3042925933-2216563286-1001 - Administrator - Enabled) => C:\Users\Alex Guest (S-1-5-21-1749167043-3042925933-2216563286-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1749167043-3042925933-2216563286-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/27/2014 05:35:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 66198359 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 66198359 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 66197219 Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 66197219 Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10803422 Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10803422 Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (09/27/2014 05:27:02 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (09/26/2014 10:59:30 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (09/26/2014 08:28:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (09/26/2014 08:25:54 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (09/26/2014 08:25:56 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:01:37 PM on 9/26/2014 was unexpected. Error: (09/26/2014 08:25:46 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 16) (User: NT AUTHORITY) Description: 32212265131162064 Error: (09/26/2014 04:37:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (09/26/2014 04:33:50 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (09/26/2014 04:25:13 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Error: (09/26/2014 00:59:57 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:25:10 AM on 9/26/2014 was unexpected. Microsoft Office Sessions: ========================= Error: (09/27/2014 05:35:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 66198359 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 66198359 Error: (09/27/2014 05:27:01 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 05:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 66197219 Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 66197219 Error: (09/27/2014 05:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10803422 Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10803422 Error: (09/27/2014 02:03:46 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2014-09-26 16:29:36.773 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-26 16:29:36.449 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-24 10:36:57.185 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-11 15:22:01.129 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-09-10 10:58:44.059 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-27 18:08:53.414 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-26 22:19:00.109 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-14 01:32:14.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-12 19:50:28.589 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-12 19:50:28.259 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz Percentage of memory in use: 52% Total physical RAM: 3979.75 MB Available physical RAM: 1888.23 MB Total Pagefile: 4683.75 MB Available Pagefile: 1767.71 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:109.79 GB) (Free:44.82 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 6FCD0630) Partition: GPT Partition Type. ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top