Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Serge (2016-03-28 09:02:54)
Running from C:\Users\Serge\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-01-20 02:27:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1606463160-1528309087-3068095059-500 - Administrator - Disabled)
Guest (S-1-5-21-1606463160-1528309087-3068095059-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1606463160-1528309087-3068095059-1002 - Limited - Enabled)
Serge (S-1-5-21-1606463160-1528309087-3068095059-1000 - Administrator - Enabled) => C:\Users\Serge
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Allway Sync version 9.2.15 (HKLM-x32\...\Allway Sync_is1) (Version: - Usov Lab)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.7 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.6.22 - AuthenTec, Inc.)
Backup Thunderbird (HKLM-x32\...\{FA212C5D-FE18-4A8B-9A45-B2E62A20D4CA}_is1) (Version: - backupthunderbird.com)
Bigasoft YouTube Downloader Pro 1.2.26.4849 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.14(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version: - Elaborate Bytes)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Everything 1.4.0.713b (x64) (HKLM\...\Everything) (Version: 1.4.0.713b (x64) - David Carpenter)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Glary Utilities PRO 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{AB67B5F9-B19A-42F4-A57D-46114D71060E}) (Version: 13.05.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{9011040C-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.6.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{B73A66DB-7804-46EC-9A2F-BD534FDB6AD5}) (Version: 8.0.30 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.27 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.)
YT Downloader 3 (HKLM-x32\...\YT Downloader_is1) (Version: - Youtomato)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {151F63EC-A8C2-4A0C-813D-8390AA979083} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd)
Task: {181FAEF7-6F6F-47D9-AF37-DDAF80231BF9} - System32\Tasks\{3B39F232-6917-425D-90EC-203C0F1DE61A} => pcalua.exe -a "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup\SetupCloneCD.exe" -d "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup"
Task: {20EAF6F7-EE5C-404A-8DFC-D2061BDE4A16} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe
Task: {267AB0A4-F9B8-4F26-BAAA-77D4F49823F6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-05-07] (TOSHIBA CORPORATION)
Task: {34F59E9A-51E6-4349-8AFD-884317795EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {45095E64-2F59-4E44-AA7D-79034E5C9C80} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.)
Task: {59EECC96-B3D4-41FC-8311-04644D54A02F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {6E0D70A6-70E2-4332-859D-3E9C17B7766F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-25] (Adobe Systems Incorporated)
Task: {70D5DC63-747D-44EA-A62F-CB7AFEBB0199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {764A4A39-3E63-41EB-AA82-06B9641B2891} - System32\Tasks\{D90EC510-010F-4E0D-9CA7-425C8ECFB569} => pcalua.exe -a "C:\Users\Serge\Desktop\Office 2007\setup.exe" -d "C:\Users\Serge\Desktop\Office 2007"
Task: {785343BA-BB2F-4335-92EC-F9A7004F663B} - System32\Tasks\{FC599D66-F5BA-4FC9-B9B5-4077349FF26A} => pcalua.exe -a "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder\red_red_2.1.0.0_anglais_43422.exe" -d "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder"
Task: {7894BAF6-0701-4A36-B8F7-8ADE1E5D7E4C} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Serge logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
Task: {79EF017B-D30D-447D-9FDF-80AFBD422AB6} - System32\Tasks\idoo AntiSpyware Pro => C:\Program files\idoo AntiSpyware Pro\idooAS.exe
Task: {7C25CA88-0BD2-41D2-926E-053DEB540E19} - System32\Tasks\{C20639E7-C421-430D-AE9E-C4F007207392} => pcalua.exe -a C:\Users\Serge\Desktop\CloneMaster\CloneMaster.exe -d C:\Users\Serge\Desktop\CloneMaster
Task: {88D235A3-70F3-4053-BD61-3E316B869479} - System32\Tasks\{89FE94C7-13C1-416C-9BD4-66D3129E627B} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {892B6748-4D8D-4CA0-9869-01D81C341E77} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {8B3EE4B1-3E23-43F7-A77D-EE373A808B88} - System32\Tasks\{EC075323-091C-42C5-AA40-4234D81BC415} => pcalua.exe -a "C:\Users\Serge\1 - A garder - Softs & PW\Screen-hunter.exe" -d C:\Users\Serge\Desktop -c C:\Users\Serge\Desktop\50000021_1920x1080.jpg
Task: {9420BCBC-4F35-4061-96E9-FEBABDDE21A3} - System32\Tasks\{3FA07B24-F0BA-456A-88CC-E449F89942A1} => pcalua.exe -a C:\Users\Serge\Desktop\SimpleSetup.exe -d C:\Users\Serge\Desktop
Task: {A1B10959-181E-4F44-8D41-6A0E6BA1E53D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.)
Task: {A672C2BA-4137-4FB1-9850-C098111AAFD4} - System32\Tasks\{98BC10E8-9D2F-4E92-9138-F10D82DDCC9F} => pcalua.exe -a "C:\Program Files (x86)\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPFix"
Task: {A889928C-131C-4C9B-8DA4-1D9005DE952E} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {AEB04494-937C-4396-88E8-BC653FF0C2A2} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe
Task: {B9293964-0994-4581-9AD5-39DE7B85927B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-28] (Glarysoft Ltd)
Task: {BE934F16-F3CA-433E-8205-CEAA61568C6A} - System32\Tasks\{2BDC99B7-245F-435B-97A4-8943A4900491} => pcalua.exe -a C:\Users\Serge\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Serge\Desktop
Task: {C852F048-3E98-4033-874E-6896E1E51143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {CEA3A963-D48B-4CDA-97F0-A038E21108E8} - System32\Tasks\{019959E6-A3CE-4F8F-8159-8A44D5D587DF} => pcalua.exe -a "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack\TeamViewer 10 Corporate Crack (A.C.H).exe" -d "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack"
Task: {DE1A7CF4-5818-48E6-8D62-CF6A47B9D262} - System32\Tasks\{F40D585B-AA57-4BA3-8633-F256B787E8F6} => pcalua.exe -a "C:\Users\Serge\Desktop\WRT54GS Setup Wizard.exe" -d C:\Users\Serge\Desktop
Task: {ECE045FC-E05F-4740-81F0-CF16F4892765} - System32\Tasks\{13CF6586-D008-4458-B1FD-22F206F1644C} => pcalua.exe -a D:\SimpleSetup.exe -d D:\
Task: {FC3C1B94-A412-4CFC-A73A-D06C559DCB6A} - System32\Tasks\{56989614-F61F-46CA-A7B7-A939B552D2BB} => pcalua.exe -a C:\Users\Serge\Desktop\SharePod\SharePod.exe -d C:\Users\Serge\Desktop\SharePod
Task: {FEE3CBCC-5CB4-4BE3-9A3D-3206F2D5E2DA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-28] (Glarysoft Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-01-12 14:48 - 2011-01-12 14:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17621620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29441174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31244304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32025649.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38708019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48159720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64656363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70184655.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98684350.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17621620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29441174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31244304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32025649.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38708019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48159720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64656363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70184655.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98684350.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxp://*.s3.amazonaws.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxps://*.s3.amazonaws.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxp://utm.amikay.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxps://utm.amikay.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\cleverreach.com -> hxxp://novastor.cleverreach.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxp://desk.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxps://desk.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxp://google-analytics.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxps://google-analytics.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxp://google.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxps://google.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxp://monitor-eqatec.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxps://monitor-eqatec.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxp://netsuite.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxps://netsuite.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxp://novabackup.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxps://novabackup.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxp://novabackup.de
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxps://novabackup.de
There are 5 more sites.
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 11:34 - 2016-03-27 07:24 - 00002178 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
There are 10 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Malwarebytes Anti-Ransomware.lnk => C:\windows\pss\Malwarebytes Anti-Ransomware.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\windows\pss\Stickies.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Atomic Alarm Clock =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CloneCDElbyCDFL => "C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
MSCONFIG\startupreg: Google Update => "C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BDF3F9D6639A585286C93451607D591D =>
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TFPUPWDBankService => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
MSCONFIG\startupreg: TFPUService => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: Wisdom-soft ScreenHunter 6.0 Free => 0
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{469DB4CD-65B9-402B-9EA9-58822D77071B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED06DF39-4ADB-4F3A-8241-CD7072A66AE7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{744C99C8-37DB-4188-97BF-CF7BB211E671}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5789F857-02C3-4A26-A8BA-43EB7D699319}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E55F66C0-357A-47E4-A364-B3BA29B03055}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C533751-DADC-4CB9-B8F0-07D6AD4CB679}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{054351B4-35E1-41A3-A834-5A9CEC9146AF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5C09ECE2-2999-4184-8F13-E85E03854343}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{A4C70643-1C38-4F42-9A08-FBC0166A7094}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B8B3148F-A3E8-4D5A-9107-A11721CC8005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{92974689-AE69-4335-8ED5-66AED59721B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{37AE1497-1A2D-49E1-A145-9428B7933CA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C85FFAD4-53A1-4DAC-A255-2871CA5F3C0F}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{66FAEBD4-9D09-48B0-9C43-DAB7127A1814}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{E41E2C9C-3108-43D5-8EAB-411DA079E569}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{747D995D-BEAE-47B3-A0D7-AA1EFD02504D}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{DB08DEA2-8A2B-4601-8ECB-664AF22D4297}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3B6015EA-0A3F-41AA-913D-8D5253BC3419}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E26C33B2-04F2-4407-920D-ECA23D5D6E81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0725C266-E083-44D8-879F-9A3AC94FB2E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF4A3690-C0D2-474B-8CF8-127E6CBABB89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE6B25F6-9DB4-474E-9634-3208F5B4D5C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC84FE6A-2578-4B12-8B9A-EFEA449A10C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EF823D2-1CA1-44E7-AA27-66F9A2CD354F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Youtomato\YT Downloader\YTDownloader.exe] => Enabled:YT Downloader
==================== Restore Points =========================
27-03-2016 12:20:33 Windows Update
27-03-2016 12:27:46 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
28-03-2016 08:58:26 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2016 03:54:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D52A4801-BFAB-4CFA-AC69-77F1ECA6AED9}: The user Serge-PC\Serge dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (03/27/2016 03:53:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={28748C63-1B65-4C49-B85F-E3976AAAEA38}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 0.
Error: (03/27/2016 03:52:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8FDB63FA-4938-4E98-8C68-CB7FEA6BE41C}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 651.
Error: (03/27/2016 12:27:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ba6f4f1a-82c0-4ee5-96b0-697b3b82d2e3}
Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {aa2ca70e-8ec6-40b0-a25e-151cd3fd84f6}
Error: (03/27/2016 12:00:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
Error: (03/28/2016 08:48:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068UNS{80C25488-192B-4DE2-8150-5B2D2A2F835E}
Error: (03/28/2016 08:47:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver
UimBus
Uim_DEVIM
Uim_IM
Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
CodeIntegrity:
===================================
Date: 2015-01-15 15:32:13.935
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:13.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.989
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.958
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:20.627
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:20.549
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:08.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:08.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 34%
Total physical RAM: 3824.43 MB
Available physical RAM: 2496.87 MB
Total Virtual: 7647.06 MB
Available Virtual: 6314.9 MB
==================== Drives ================================
Drive b: (SERGIO USB) (Removable) (Total:14.71 GB) (Free:13.42 GB) FAT32
Drive c: (TI105901W0D) (Fixed) (Total:107.37 GB) (Free:31.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 3FA93059)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)
========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Ran by Serge (2016-03-28 09:02:54)
Running from C:\Users\Serge\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-01-20 02:27:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1606463160-1528309087-3068095059-500 - Administrator - Disabled)
Guest (S-1-5-21-1606463160-1528309087-3068095059-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1606463160-1528309087-3068095059-1002 - Limited - Enabled)
Serge (S-1-5-21-1606463160-1528309087-3068095059-1000 - Administrator - Enabled) => C:\Users\Serge
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Allway Sync version 9.2.15 (HKLM-x32\...\Allway Sync_is1) (Version: - Usov Lab)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.7 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.6.22 - AuthenTec, Inc.)
Backup Thunderbird (HKLM-x32\...\{FA212C5D-FE18-4A8B-9A45-B2E62A20D4CA}_is1) (Version: - backupthunderbird.com)
Bigasoft YouTube Downloader Pro 1.2.26.4849 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.14(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
ChromecastApp (HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version: - Elaborate Bytes)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Everything 1.4.0.713b (x64) (HKLM\...\Everything) (Version: 1.4.0.713b (x64) - David Carpenter)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Glary Utilities PRO 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{AB67B5F9-B19A-42F4-A57D-46114D71060E}) (Version: 13.05.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{9011040C-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.6.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - )
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{B73A66DB-7804-46EC-9A2F-BD534FDB6AD5}) (Version: 8.0.30 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.27 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH)
Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.)
YT Downloader 3 (HKLM-x32\...\YT Downloader_is1) (Version: - Youtomato)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {151F63EC-A8C2-4A0C-813D-8390AA979083} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd)
Task: {181FAEF7-6F6F-47D9-AF37-DDAF80231BF9} - System32\Tasks\{3B39F232-6917-425D-90EC-203C0F1DE61A} => pcalua.exe -a "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup\SetupCloneCD.exe" -d "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup"
Task: {20EAF6F7-EE5C-404A-8DFC-D2061BDE4A16} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe
Task: {267AB0A4-F9B8-4F26-BAAA-77D4F49823F6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-05-07] (TOSHIBA CORPORATION)
Task: {34F59E9A-51E6-4349-8AFD-884317795EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {45095E64-2F59-4E44-AA7D-79034E5C9C80} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.)
Task: {59EECC96-B3D4-41FC-8311-04644D54A02F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {6E0D70A6-70E2-4332-859D-3E9C17B7766F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-25] (Adobe Systems Incorporated)
Task: {70D5DC63-747D-44EA-A62F-CB7AFEBB0199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.)
Task: {764A4A39-3E63-41EB-AA82-06B9641B2891} - System32\Tasks\{D90EC510-010F-4E0D-9CA7-425C8ECFB569} => pcalua.exe -a "C:\Users\Serge\Desktop\Office 2007\setup.exe" -d "C:\Users\Serge\Desktop\Office 2007"
Task: {785343BA-BB2F-4335-92EC-F9A7004F663B} - System32\Tasks\{FC599D66-F5BA-4FC9-B9B5-4077349FF26A} => pcalua.exe -a "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder\red_red_2.1.0.0_anglais_43422.exe" -d "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder"
Task: {7894BAF6-0701-4A36-B8F7-8ADE1E5D7E4C} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Serge logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
Task: {79EF017B-D30D-447D-9FDF-80AFBD422AB6} - System32\Tasks\idoo AntiSpyware Pro => C:\Program files\idoo AntiSpyware Pro\idooAS.exe
Task: {7C25CA88-0BD2-41D2-926E-053DEB540E19} - System32\Tasks\{C20639E7-C421-430D-AE9E-C4F007207392} => pcalua.exe -a C:\Users\Serge\Desktop\CloneMaster\CloneMaster.exe -d C:\Users\Serge\Desktop\CloneMaster
Task: {88D235A3-70F3-4053-BD61-3E316B869479} - System32\Tasks\{89FE94C7-13C1-416C-9BD4-66D3129E627B} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"
Task: {892B6748-4D8D-4CA0-9869-01D81C341E77} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {8B3EE4B1-3E23-43F7-A77D-EE373A808B88} - System32\Tasks\{EC075323-091C-42C5-AA40-4234D81BC415} => pcalua.exe -a "C:\Users\Serge\1 - A garder - Softs & PW\Screen-hunter.exe" -d C:\Users\Serge\Desktop -c C:\Users\Serge\Desktop\50000021_1920x1080.jpg
Task: {9420BCBC-4F35-4061-96E9-FEBABDDE21A3} - System32\Tasks\{3FA07B24-F0BA-456A-88CC-E449F89942A1} => pcalua.exe -a C:\Users\Serge\Desktop\SimpleSetup.exe -d C:\Users\Serge\Desktop
Task: {A1B10959-181E-4F44-8D41-6A0E6BA1E53D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.)
Task: {A672C2BA-4137-4FB1-9850-C098111AAFD4} - System32\Tasks\{98BC10E8-9D2F-4E92-9138-F10D82DDCC9F} => pcalua.exe -a "C:\Program Files (x86)\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPFix"
Task: {A889928C-131C-4C9B-8DA4-1D9005DE952E} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {AEB04494-937C-4396-88E8-BC653FF0C2A2} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe
Task: {B9293964-0994-4581-9AD5-39DE7B85927B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-28] (Glarysoft Ltd)
Task: {BE934F16-F3CA-433E-8205-CEAA61568C6A} - System32\Tasks\{2BDC99B7-245F-435B-97A4-8943A4900491} => pcalua.exe -a C:\Users\Serge\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Serge\Desktop
Task: {C852F048-3E98-4033-874E-6896E1E51143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {CEA3A963-D48B-4CDA-97F0-A038E21108E8} - System32\Tasks\{019959E6-A3CE-4F8F-8159-8A44D5D587DF} => pcalua.exe -a "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack\TeamViewer 10 Corporate Crack (A.C.H).exe" -d "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack"
Task: {DE1A7CF4-5818-48E6-8D62-CF6A47B9D262} - System32\Tasks\{F40D585B-AA57-4BA3-8633-F256B787E8F6} => pcalua.exe -a "C:\Users\Serge\Desktop\WRT54GS Setup Wizard.exe" -d C:\Users\Serge\Desktop
Task: {ECE045FC-E05F-4740-81F0-CF16F4892765} - System32\Tasks\{13CF6586-D008-4458-B1FD-22F206F1644C} => pcalua.exe -a D:\SimpleSetup.exe -d D:\
Task: {FC3C1B94-A412-4CFC-A73A-D06C559DCB6A} - System32\Tasks\{56989614-F61F-46CA-A7B7-A939B552D2BB} => pcalua.exe -a C:\Users\Serge\Desktop\SharePod\SharePod.exe -d C:\Users\Serge\Desktop\SharePod
Task: {FEE3CBCC-5CB4-4BE3-9A3D-3206F2D5E2DA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-28] (Glarysoft Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-01-12 14:48 - 2011-01-12 14:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17621620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29441174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31244304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32025649.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38708019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48159720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64656363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70184655.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98684350.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17621620.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29441174.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31244304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32025649.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38708019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48159720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64656363.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70184655.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98684350.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxp://*.s3.amazonaws.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxps://*.s3.amazonaws.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxp://utm.amikay.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxps://utm.amikay.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\cleverreach.com -> hxxp://novastor.cleverreach.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxp://desk.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxps://desk.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxp://google-analytics.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxps://google-analytics.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxp://google.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxps://google.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxp://monitor-eqatec.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxps://monitor-eqatec.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxp://netsuite.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxps://netsuite.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxp://novabackup.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxps://novabackup.com
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxp://novabackup.de
IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxps://novabackup.de
There are 5 more sites.
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 11:34 - 2016-03-27 07:24 - 00002178 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
There are 10 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Malwarebytes Anti-Ransomware.lnk => C:\windows\pss\Malwarebytes Anti-Ransomware.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\windows\pss\Stickies.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Atomic Alarm Clock =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CloneCDElbyCDFL => "C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
MSCONFIG\startupreg: Google Update => "C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BDF3F9D6639A585286C93451607D591D =>
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: TFPUPWDBankService => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
MSCONFIG\startupreg: TFPUService => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
MSCONFIG\startupreg: Wisdom-soft ScreenHunter 6.0 Free => 0
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{469DB4CD-65B9-402B-9EA9-58822D77071B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ED06DF39-4ADB-4F3A-8241-CD7072A66AE7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{744C99C8-37DB-4188-97BF-CF7BB211E671}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5789F857-02C3-4A26-A8BA-43EB7D699319}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E55F66C0-357A-47E4-A364-B3BA29B03055}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C533751-DADC-4CB9-B8F0-07D6AD4CB679}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{054351B4-35E1-41A3-A834-5A9CEC9146AF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5C09ECE2-2999-4184-8F13-E85E03854343}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe
FirewallRules: [{A4C70643-1C38-4F42-9A08-FBC0166A7094}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B8B3148F-A3E8-4D5A-9107-A11721CC8005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{92974689-AE69-4335-8ED5-66AED59721B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{37AE1497-1A2D-49E1-A145-9428B7933CA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C85FFAD4-53A1-4DAC-A255-2871CA5F3C0F}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{66FAEBD4-9D09-48B0-9C43-DAB7127A1814}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{E41E2C9C-3108-43D5-8EAB-411DA079E569}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{747D995D-BEAE-47B3-A0D7-AA1EFD02504D}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
FirewallRules: [{DB08DEA2-8A2B-4601-8ECB-664AF22D4297}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3B6015EA-0A3F-41AA-913D-8D5253BC3419}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E26C33B2-04F2-4407-920D-ECA23D5D6E81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0725C266-E083-44D8-879F-9A3AC94FB2E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF4A3690-C0D2-474B-8CF8-127E6CBABB89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE6B25F6-9DB4-474E-9634-3208F5B4D5C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC84FE6A-2578-4B12-8B9A-EFEA449A10C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9EF823D2-1CA1-44E7-AA27-66F9A2CD354F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Youtomato\YT Downloader\YTDownloader.exe] => Enabled:YT Downloader
==================== Restore Points =========================
27-03-2016 12:20:33 Windows Update
27-03-2016 12:27:46 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
28-03-2016 08:58:26 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2016 03:54:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D52A4801-BFAB-4CFA-AC69-77F1ECA6AED9}: The user Serge-PC\Serge dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (03/27/2016 03:53:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={28748C63-1B65-4C49-B85F-E3976AAAEA38}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 0.
Error: (03/27/2016 03:52:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8FDB63FA-4938-4E98-8C68-CB7FEA6BE41C}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 651.
Error: (03/27/2016 12:27:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {ba6f4f1a-82c0-4ee5-96b0-697b3b82d2e3}
Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV.
System Error:
The system cannot find the file specified.
.
Error: (03/27/2016 12:10:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {aa2ca70e-8ec6-40b0-a25e-151cd3fd84f6}
Error: (03/27/2016 12:00:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
System Error:
The system cannot find the file specified.
.
System errors:
=============
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
%%1053
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
Error: (03/28/2016 08:48:38 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068UNS{80C25488-192B-4DE2-8150-5B2D2A2F835E}
Error: (03/28/2016 08:47:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver
UimBus
Uim_DEVIM
Uim_IM
Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
%%1053
Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
CodeIntegrity:
===================================
Date: 2015-01-15 15:32:13.935
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:13.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.989
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.958
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:32:01.880
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:20.627
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:20.549
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:08.896
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-15 15:29:08.864
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
Percentage of memory in use: 34%
Total physical RAM: 3824.43 MB
Available physical RAM: 2496.87 MB
Total Virtual: 7647.06 MB
Available Virtual: 6314.9 MB
==================== Drives ================================
Drive b: (SERGIO USB) (Removable) (Total:14.71 GB) (Free:13.42 GB) FAT32
Drive c: (TI105901W0D) (Fixed) (Total:107.37 GB) (Free:31.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 3FA93059)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)
========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================