Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Infected Trovi , I mistakenly skipped a step and can't go back, too late.
Message
<blockquote data-quote="ezkmfe" data-source="post: 315363" data-attributes="member: 31745"><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01</p><p>Ran by William at 2014-12-15 02:02:45</p><p>Running from C:\Users\William\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}</p><p>AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)</p><p>BitTorrent (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)</p><p>CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)</p><p>CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)</p><p>CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden</p><p>eApp (HKLM-x32\...\{0FD1E53F-FD21-4A6B-ADB6-A044FC4DBAA1}) (Version: 2.00 - AIL)</p><p>Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)</p><p>Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden</p><p>ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies)</p><p>foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)</p><p>Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)</p><p>Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)</p><p>Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)</p><p>Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)</p><p>KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation)</p><p>Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)</p><p>Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)</p><p>Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)</p><p>Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden</p><p>Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)</p><p>Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.19.2 - ELAN Microelectronic Corp.)</p><p>Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5001.52 - CyberLink Corp.)</p><p>Lenovo PowerDVD10 (x32 Version: 10.0.5001.52 - CyberLink Corp.) Hidden</p><p>Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)</p><p>Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)</p><p>Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)</p><p>Microsoft SkyDrive (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro)</p><p>NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)</p><p>NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)</p><p>NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)</p><p>Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden</p><p>Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)</p><p>OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)</p><p>Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)</p><p>Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)</p><p>qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)</p><p>Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)</p><p>Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)</p><p>Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)</p><p>SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden</p><p>SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden</p><p>Should I Remove It (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)</p><p>Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden</p><p>Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)</p><p>StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.)</p><p>SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)</p><p>UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)</p><p>UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden</p><p>Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)</p><p>Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)</p><p>VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)</p><p>Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)</p><p>Winamp Detector Plug-in (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)</p><p>Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)</p><p>Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)</p><p>Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)</p><p>CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>11-12-2014 23:24:39 Windows Update</p><p>15-12-2014 08:34:03 zoek.exe restore point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2014-06-02 22:17 - 2014-07-26 01:55 - 08289788 ____N C:\WINDOWS\system32\Drivers\etc\hosts</p><p>127.0.0.1 08sr.combineads.info</p><p>127.0.0.1 08srvr.combineads.info</p><p>127.0.0.1 12srvr.combineads.info</p><p>127.0.0.1 2010-fr.com</p><p>127.0.0.1 2012-new.biz</p><p>127.0.0.1 212link.com</p><p>127.0.0.1 2319825.ourtoolbar.com</p><p>127.0.0.1 24h00business.com</p><p>127.0.0.1 a.adorika.net</p><p>127.0.0.1 a.ad-sys.com</p><p>127.0.0.1 a.daasafterdusk.com</p><p>127.0.0.1 ad.adn360.com</p><p>127.0.0.1 adcash.com</p><p>127.0.0.1 adeartss.eu</p><p>127.0.0.1 adesoeasy.eu</p><p>127.0.0.1 adf.girldatesforfree.net</p><p>127.0.0.1 adm.soft365.com</p><p>127.0.0.1 adomicileavail.googlepages.com</p><p>127.0.0.1 ads7.complexadveising.com</p><p>127.0.0.1 ads.adplxmd.com</p><p>127.0.0.1 ads.aff.co</p><p>127.0.0.1 ads.alpha00001.com</p><p>127.0.0.1 ads.cloud4ads.com</p><p>127.0.0.1 ads.egdating.net</p><p>127.0.0.1 ads.eorezo.com</p><p>127.0.0.1 ads.hooqy.com</p><p>127.0.0.1 ads.pornerbros.com</p><p>127.0.0.1 ads.realken.com</p><p>127.0.0.1 ads.regiedepub.com</p><p></p><p>There are 1000 more lines.</p><p></p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {0D78375D-8A74-489D-9A9A-BE3D83EE1B62} - System32\Tasks\{B0706191-1934-41FA-A144-DDFAFBD67E43} => Firefox.exe <a href="http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsMain" target="_blank">http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsMain</a></p><p>Task: {18FC36DE-D6A2-4434-BA28-9F060A9651EF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()</p><p>Task: {2E55578D-D72B-4B7F-9B50-9FFF3EFA4B0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()</p><p>Task: {36F81FFD-9A32-4145-A237-0B984733F8FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)</p><p>Task: {56BE943F-1FC1-45C5-80E7-B8D19C45DAFD} - System32\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)</p><p>Task: {5FCD2A30-DCC4-4EEC-8110-A02666AE3205} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe</p><p>Task: {5FD48BA0-EC9C-4E8A-97D4-C0C4320002E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe</p><p>Task: {66E4978F-7786-402C-9A97-4713656AFD74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe</p><p>Task: {6A20D182-46CA-42BA-9705-2415EC6145E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)</p><p>Task: {76D9D055-1C9C-44C7-B0E0-C1507C4BB12D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation)</p><p>Task: {8F12698B-754C-4E74-BEB7-343A639EC034} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)</p><p>Task: {AB41CDDC-A6CF-4F7C-8EA6-F8E2FD95F7A2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1787851555-3533030999-402119898-1002</p><p>Task: {BB77C989-DB88-483A-8C0E-C38E12F1B8F3} - System32\Tasks\{A380AA2B-77C2-4EAC-B97B-637458136D4D} => pcalua.exe -a "C:\Program Files (x86)\qBittorrent\uninst.exe"</p><p>Task: {C7ECD98F-2D6E-45A6-BAFC-4CC0A1EFFA2A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)</p><p>Task: {CE087E31-1A58-40BD-8A55-9FD73B94BFB6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)</p><p>Task: {E4927CF0-322E-474C-94BF-1864B471E4B9} - System32\Tasks\GoogleUpdateTaskMachineUA1cee1e159db4908 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)</p><p>Task: {E8BD714C-C470-4A92-9519-E8ACEF217B45} - System32\Tasks\{D991F849-67C0-4B5D-9A6E-4A045257A854} => pcalua.exe -a "C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.2.5952.0\AdAwareUpdater.exe" -c --uninstall</p><p>Task: {F57DB872-8E73-43BC-A5FE-4E8B7DF6B929} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe</p><p>Task: {F9384E77-5B91-49FC-9354-249A3B9B0D40} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)</p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2013-11-06 17:04 - 2014-11-12 13:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll</p><p>2014-11-13 13:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll</p><p>2013-11-06 17:40 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe</p><p>2013-11-06 17:49 - 2013-11-06 17:49 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe</p><p>2013-11-06 17:49 - 2013-11-06 17:49 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll</p><p>2014-11-13 13:27 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll</p><p>2014-08-13 23:24 - 2014-08-13 23:24 - 00453448 _____ () C:\WINDOWS\system32\igfxTray.exe</p><p>2014-03-13 14:55 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll</p><p>2014-03-13 14:55 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl</p><p>2014-03-13 14:55 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl</p><p>2014-03-13 14:55 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl</p><p>2014-03-13 14:55 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll</p><p>2014-11-13 13:26 - 2014-11-13 13:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll</p><p>2013-11-06 17:13 - 2013-05-15 19:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll</p><p>2014-12-11 15:28 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll</p><p>2014-12-11 15:27 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll</p><p>2014-12-11 15:28 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll</p><p>2014-12-11 15:27 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll</p><p>2014-12-11 15:28 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\ProgramData\Temp:373E1720</p><p>AlternateDataStreams: C:\Users\William\SkyDrive:ms-properties</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKLM\...\StartupApproved\Run: => "BTMTrayAgent"</p><p>HKLM\...\StartupApproved\Run: => "UMonit64"</p><p>HKLM\...\StartupApproved\Run: => "OnekeyStudio"</p><p>HKLM\...\StartupApproved\Run32: => "BDRegion"</p><p>HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"</p><p>HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "BitTorrent"</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-1787851555-3533030999-402119898-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-1787851555-3533030999-402119898-501 - Limited - Disabled)</p><p>William (S-1-5-21-1787851555-3533030999-402119898-1002 - Administrator - Enabled) => C:\Users\William</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [18]</p><p></p><p>Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 1a6c</p><p></p><p>Start Time: 01d0177404c620fd</p><p></p><p>Termination Time: 4294967295</p><p></p><p>Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe</p><p></p><p>Report Id: f83d7b12-8367-11e4-bf4f-00c2c61df9f1</p><p></p><p>Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6</p><p></p><p>Faulting package-relative application ID: App</p><p></p><p>Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)</p><p>Description: There was an error with the Windows Location Provider database</p><p></p><p>Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA)</p><p>Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: <a href="http://go.microsoft.com/fwlink/?LinkId=23127" target="_blank">http://go.microsoft.com/fwlink/?LinkId=23127</a></p><p></p><p>Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: )</p><p>Description: BITSC:\Windows\System32\bitsperf.dll8</p><p></p><p>Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 1758</p><p></p><p>Start Time: 01d0053d1f9d27e5</p><p></p><p>Termination Time: 4294967295</p><p></p><p>Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe</p><p></p><p>Report Id: 131a3849-7131-11e4-bf4c-00c2c61df9f1</p><p></p><p>Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6</p><p></p><p>Faulting package-relative application ID: App</p><p></p><p>Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )</p><p>Description: Application: IAStorIcon.exe</p><p>Framework Version: v4.0.30319</p><p>Description: The process was terminated due to an unhandled exception.</p><p>Exception Info: System.ObjectDisposedException</p><p>Stack:</p><p></p><p>Server stack trace: </p><p> at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()</p><p> at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)</p><p> at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)</p><p> at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)</p><p> at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)</p><p> at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)</p><p> at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit()</p><p> at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object)</p><p> at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)</p><p> at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()</p><p> at System.Threading.ThreadPoolWorkQueue.Dispatch()</p><p> at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: )</p><p>Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.</p><p></p><p>Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: </p><p>%%1053</p><p></p><p>Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )</p><p>Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.</p><p></p><p>Error: (12/13/2014 02:21:50 PM) (Source: EventLog) (EventID: 6008) (User: )</p><p>Description: The previous system shutdown at 7:37:59 AM on 12/13/2014 was unexpected.</p><p></p><p>Error: (12/11/2014 10:05:34 PM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA)</p><p>Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6S-1-15-2-1108376887-844143325-746510479-3280071419-2016386969-2294150450-2155870708</p><p></p><p>Error: (11/22/2014 03:57:42 AM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA)</p><p>Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.RedditReddHubV2_1.2.2.0_neutral__f4gsjrqj9hqv6S-1-15-2-1148596783-594735828-1081024010-608906154-3600108251-3105977856-1419927739</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [18]</p><p></p><p>Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: backgroundTaskHost.exe6.3.9600.163841a6c01d0177404c620fd4294967295C:\WINDOWS\system32\backgroundTaskHost.exef83d7b12-8367-11e4-bf4f-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App</p><p></p><p>Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)</p><p>Description: -2147024883</p><p></p><p>Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA)</p><p>Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)</p><p></p><p>Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: )</p><p>Description: BITSC:\Windows\System32\bitsperf.dll8</p><p></p><p>Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: )</p><p>Description: NvStreamSvcCan continue stopping. [1008]</p><p></p><p>Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: backgroundTaskHost.exe6.3.9600.16384175801d0053d1f9d27e54294967295C:\WINDOWS\system32\backgroundTaskHost.exe131a3849-7131-11e4-bf4c-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App</p><p></p><p>Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: )</p><p>Description: Application: IAStorIcon.exe</p><p>Framework Version: v4.0.30319</p><p>Description: The process was terminated due to an unhandled exception.</p><p>Exception Info: System.ObjectDisposedException</p><p>Stack:</p><p></p><p>Server stack trace: </p><p> at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()</p><p> at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)</p><p> at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)</p><p> at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)</p><p> at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)</p><p> at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)</p><p> at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit()</p><p> at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object)</p><p> at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)</p><p> at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()</p><p> at System.Threading.ThreadPoolWorkQueue.Dispatch()</p><p> at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-10-19 15:41:11.531</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p> Date: 2014-03-12 10:43:02.888</p><p> Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz</p><p>Percentage of memory in use: 46%</p><p>Total physical RAM: 8104.27 MB</p><p>Available physical RAM: 4367.52 MB</p><p>Total Pagefile: 12690.27 MB</p><p>Available Pagefile: 8617.21 MB</p><p>Total Virtual: 131072 MB</p><p>Available Virtual: 131071.78 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Windows8_OS) (Fixed) (Total:889.47 GB) (Free:823.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 22.4 GB) (Disk ID: EA3E1B9D)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 931.5 GB) (Disk ID: EA3E1B9E)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="ezkmfe, post: 315363, member: 31745"] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01 Ran by William at 2014-12-15 02:02:45 Running from C:\Users\William\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) BitTorrent (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden eApp (HKLM-x32\...\{0FD1E53F-FD21-4A6B-ADB6-A044FC4DBAA1}) (Version: 2.00 - AIL) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo) Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden ExpressCache (HKLM\...\{6E55C9F8-138E-4128-8A9F-6464725BE98A}) (Version: 1.0.102.0 - Condusiv Technologies) foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.5.0.0 - QFX Software Corporation) Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.19.2 - ELAN Microelectronic Corp.) Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5001.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5001.52 - CyberLink Corp.) Hidden Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation) Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.) qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden Should I Remove It (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.) Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) StageLight (HKLM\...\StageLight) (Version: 1.3.0.4350 - Open Labs, LLC.) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1787851555-3533030999-402119898-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\William\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 11-12-2014 23:24:39 Windows Update 15-12-2014 08:34:03 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-06-02 22:17 - 2014-07-26 01:55 - 08289788 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 08sr.combineads.info 127.0.0.1 08srvr.combineads.info 127.0.0.1 12srvr.combineads.info 127.0.0.1 2010-fr.com 127.0.0.1 2012-new.biz 127.0.0.1 212link.com 127.0.0.1 2319825.ourtoolbar.com 127.0.0.1 24h00business.com 127.0.0.1 a.adorika.net 127.0.0.1 a.ad-sys.com 127.0.0.1 a.daasafterdusk.com 127.0.0.1 ad.adn360.com 127.0.0.1 adcash.com 127.0.0.1 adeartss.eu 127.0.0.1 adesoeasy.eu 127.0.0.1 adf.girldatesforfree.net 127.0.0.1 adm.soft365.com 127.0.0.1 adomicileavail.googlepages.com 127.0.0.1 ads7.complexadveising.com 127.0.0.1 ads.adplxmd.com 127.0.0.1 ads.aff.co 127.0.0.1 ads.alpha00001.com 127.0.0.1 ads.cloud4ads.com 127.0.0.1 ads.egdating.net 127.0.0.1 ads.eorezo.com 127.0.0.1 ads.hooqy.com 127.0.0.1 ads.pornerbros.com 127.0.0.1 ads.realken.com 127.0.0.1 ads.regiedepub.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0D78375D-8A74-489D-9A9A-BE3D83EE1B62} - System32\Tasks\{B0706191-1934-41FA-A144-DDFAFBD67E43} => Firefox.exe [url]http://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?source=lightinstaller&page=tsMain[/url] Task: {18FC36DE-D6A2-4434-BA28-9F060A9651EF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {2E55578D-D72B-4B7F-9B50-9FFF3EFA4B0D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {36F81FFD-9A32-4145-A237-0B984733F8FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.) Task: {56BE943F-1FC1-45C5-80E7-B8D19C45DAFD} - System32\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.) Task: {5FCD2A30-DCC4-4EEC-8110-A02666AE3205} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe Task: {5FD48BA0-EC9C-4E8A-97D4-C0C4320002E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {66E4978F-7786-402C-9A97-4713656AFD74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {6A20D182-46CA-42BA-9705-2415EC6145E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd) Task: {76D9D055-1C9C-44C7-B0E0-C1507C4BB12D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-13] (Microsoft Corporation) Task: {8F12698B-754C-4E74-BEB7-343A639EC034} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {AB41CDDC-A6CF-4F7C-8EA6-F8E2FD95F7A2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1787851555-3533030999-402119898-1002 Task: {BB77C989-DB88-483A-8C0E-C38E12F1B8F3} - System32\Tasks\{A380AA2B-77C2-4EAC-B97B-637458136D4D} => pcalua.exe -a "C:\Program Files (x86)\qBittorrent\uninst.exe" Task: {C7ECD98F-2D6E-45A6-BAFC-4CC0A1EFFA2A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: {CE087E31-1A58-40BD-8A55-9FD73B94BFB6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated) Task: {E4927CF0-322E-474C-94BF-1864B471E4B9} - System32\Tasks\GoogleUpdateTaskMachineUA1cee1e159db4908 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.) Task: {E8BD714C-C470-4A92-9519-E8ACEF217B45} - System32\Tasks\{D991F849-67C0-4B5D-9A6E-4A045257A854} => pcalua.exe -a "C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.2.5952.0\AdAwareUpdater.exe" -c --uninstall Task: {F57DB872-8E73-43BC-A5FE-4E8B7DF6B929} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {F9384E77-5B91-49FC-9354-249A3B9B0D40} - System32\Tasks\Microsoft Office 15 Sync Maintenance for FLORENCIA-William Florencia => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cef0be23c17871.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-06 17:04 - 2014-11-12 13:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-11-13 13:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-11-06 17:40 - 2012-04-24 18:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2013-11-06 17:49 - 2013-11-06 17:49 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 2013-11-06 17:49 - 2013-11-06 17:49 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll 2014-11-13 13:27 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-08-13 23:24 - 2014-08-13 23:24 - 00453448 _____ () C:\WINDOWS\system32\igfxTray.exe 2014-03-13 14:55 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-03-13 14:55 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-13 14:55 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-13 14:55 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-13 14:55 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-11-13 13:26 - 2014-11-13 13:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2013-11-06 17:13 - 2013-05-15 19:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-12-11 15:28 - 2014-12-05 17:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-11 15:27 - 2014-12-05 17:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-11 15:28 - 2014-12-05 17:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-11 15:27 - 2014-12-05 17:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll 2014-12-11 15:28 - 2014-12-05 17:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\William\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "UMonit64" HKLM\...\StartupApproved\Run: => "OnekeyStudio" HKLM\...\StartupApproved\Run32: => "BDRegion" HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "Advanced SystemCare 7" HKU\S-1-5-21-1787851555-3533030999-402119898-1002\...\StartupApproved\Run: => "BitTorrent" ========================= Accounts: ========================== Administrator (S-1-5-21-1787851555-3533030999-402119898-500 - Administrator - Disabled) Guest (S-1-5-21-1787851555-3533030999-402119898-501 - Limited - Disabled) William (S-1-5-21-1787851555-3533030999-402119898-1002 - Administrator - Enabled) => C:\Users\William ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a6c Start Time: 01d0177404c620fd Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: f83d7b12-8367-11e4-bf4f-00c2c61df9f1 Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6 Faulting package-relative application ID: App Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA) Description: Product: Adobe Reader XI (11.0.09) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: [url]http://go.microsoft.com/fwlink/?LinkId=23127[/url] Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1758 Start Time: 01d0053d1f9d27e5 Termination Time: 4294967295 Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe Report Id: 131a3849-7131-11e4-bf4c-00c2c61df9f1 Faulting package full name: 36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6 Faulting package-relative application ID: App Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorIcon.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ObjectDisposedException Stack: Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen() at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit() at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() System errors: ============= Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/15/2014 00:41:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/15/2014 00:41:30 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (12/13/2014 02:22:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (12/13/2014 02:21:50 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:37:59 AM on 12/13/2014 was unexpected. Error: (12/11/2014 10:05:34 PM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6S-1-15-2-1108376887-844143325-746510479-3280071419-2016386969-2294150450-2155870708 Error: (11/22/2014 03:57:42 AM) (Source: DCOM) (EventID: 10016) (User: FLORENCIA) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}FlorenciaWilliamS-1-5-21-1787851555-3533030999-402119898-1002LocalHost (Using LRPC)36114Feras.RedditReddHubV2_1.2.2.0_neutral__f4gsjrqj9hqv6S-1-15-2-1148596783-594735828-1081024010-608906154-3600108251-3105977856-1419927739 Microsoft Office Sessions: ========================= Error: (12/15/2014 00:44:42 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (12/14/2014 02:45:43 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [18] Error: (12/14/2014 00:05:31 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.163841a6c01d0177404c620fd4294967295C:\WINDOWS\system32\backgroundTaskHost.exef83d7b12-8367-11e4-bf4f-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App Error: (12/12/2014 00:47:26 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: -2147024883 Error: (12/11/2014 03:28:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: FLORENCIA) Description: Adobe Reader XI (11.0.09){AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL) Error: (11/21/2014 01:41:04 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (11/21/2014 01:20:20 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (11/21/2014 00:00:54 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcCan continue stopping. [1008] Error: (11/20/2014 07:47:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: backgroundTaskHost.exe6.3.9600.16384175801d0053d1f9d27e54294967295C:\WINDOWS\system32\backgroundTaskHost.exe131a3849-7131-11e4-bf4c-00c2c61df9f136114Feras.ReddHub_5.13.0.0_neutral__f4gsjrqj9hqv6App Error: (11/20/2014 05:36:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: IAStorIcon.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ObjectDisposedException Stack: Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen() at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) at IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit() at IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() CodeIntegrity Errors: =================================== Date: 2014-10-19 15:41:11.531 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-12 10:43:02.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 46% Total physical RAM: 8104.27 MB Available physical RAM: 4367.52 MB Total Pagefile: 12690.27 MB Available Pagefile: 8617.21 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:889.47 GB) (Free:823.58 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 22.4 GB) (Disk ID: EA3E1B9D) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: EA3E1B9E) Partition: GPT Partition Type. ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
