Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015 Ran by electrodiag at 2015-07-23 10:21:22 Running from C:\Users\electrodiag\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2541966181-2142765789-2215278153-500 - Administrator - Disabled) electrodiag (S-1-5-21-2541966181-2142765789-2215278153-1000 - Administrator - Enabled) => C:\Users\electrodiag Guest (S-1-5-21-2541966181-2142765789-2215278153-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2541966181-2142765789-2215278153-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2541966181-2142765789-2215278153-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) ÃÍßÇã ÇáÊÌæíÏ - ÇáÅÕÏÇÑ ÇáÃæá (HKLM-x32\...\ÃÍßÇã ÇáÊÌæíÏ_is1) (Version: - linux.man@laposte.net) AMD Catalyst Install Manager (HKLM\...\{0E7CC7BF-3C9A-E6B0-DCBF-D1B602F11791}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.) Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - ) AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG) Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden HP SimplePass PE (HKLM-x32\...\{880B5A98-B242-4B53-BD6F-41EA17495EAD}) (Version: 5.4.0.402 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{98D5A5FA-1AA3-4CBE-B26C-A737E20F8A6D}) (Version: 4.6.10.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{FE3DEA5D-60D7-4C92-A71F-1E1F2F4615FC}) (Version: 14.2.0.0216 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iVocalize Web Conference 4 (HKLM-x32\...\iVocalize Web Conference 4) (Version: - ) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.18.00.03 - Huawei Technologies Co.,Ltd) PdfGrabber 8.0 (64bit) (HKLM\...\{436B31A2-3E3B-4D6D-B589-20E7C238B7C6}) (Version: 8.0.0.26 - PixelPlanet) PixelPlanet PdfPrinter 7 (64bit) (HKLM\...\{000F58F3-A544-4BB5-AF1B-761EA1C8595C}) (Version: 7.0.60 - PixelPlanet) Quran - Searcher 5.0 (HKLM-x32\...\Quran - Searcher 5.0) (Version: - ) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Tolerance Data (HKLM-x32\...\Tolerance Data) (Version: 2009.2 - ) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) أحكام التجويد - الإصدار الأول (HKLM-x32\...\أحكام التجويد_is1) (Version: - linux.man@laposte.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-07-2015 20:23:39 Installed HP Connection Manager. 19-07-2015 20:26:03 Windows Backup 20-07-2015 06:10:48 Windows Update 21-07-2015 06:57:34 Removed HP Connection Manager. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2010-04-30 15:56 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 127.0.0.1 hl2rcv.adobe.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {086E62A4-8B17-434C-8D58-0A39901CB28A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {151EC1FE-7B06-4508-A9FF-F57CD1795B57} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {1B18BD12-D8E9-42C6-B8C6-6022AD203485} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink) Task: {1B1BA253-911E-481E-B502-A05DED5B85F6} - System32\Tasks\{ECFB264F-5808-41E9-807F-1511C829C52A} => pcalua.exe -a K:\Drivers\youcam.exe -d K:\Drivers Task: {24B26A06-9855-4E19-B85B-86F46C4437BF} - System32\Tasks\RNUpgradeHelperResumePrompt_electrodiag => C:\Users\electrodiag\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-15] (RealNetworks, Inc.) Task: {2F1562B0-657C-40F0-930A-511F589D82BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {2FF48AD8-A895-4A0D-B344-1CF9D997EC1F} - System32\Tasks\SPK => C:\Users\electrodiag\AppData\Roaming\SPK\SPK.exe Task: {4C64CE22-CA68-4FEF-958E-591440FEABCC} - System32\Tasks\ReclaimerUpdateFiles_electrodiag => C:\Users\electrodiag\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-15] (RealNetworks, Inc.) Task: {4ECEB9F1-8B17-45B9-8C28-F2BD1EA47519} - System32\Tasks\RNUpgradeHelperLogonPrompt_electrodiag => C:\Users\electrodiag\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-15] (RealNetworks, Inc.) Task: {54E08261-E4EE-4B7F-B536-C8C8BA43D218} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {61851C8B-9EB4-4D82-AA88-A52EE1F622F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {62EABC57-17B7-4D6A-9CEB-4EB64AF357C1} - System32\Tasks\Adsfree => C:\Users\electrodiag\AppData\Roaming\Popper\ChompUpd.exe Task: {66104419-79B6-453C-9E2E-24CAA650EE5B} - System32\Tasks\Opera scheduled Autoupdate 1411435212 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-12] (Opera Software) Task: {683AA088-B071-4CDC-A279-7D4D47153170} - System32\Tasks\RealCreateProcessScheduledTask15836035S-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe [2014-03-31] (RealNetworks, Inc.) Task: {75E644F4-35DF-4F9F-9925-344782A41D55} - System32\Tasks\{0023E363-8D92-4D55-B62D-940DD05A4979} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe" Task: {7F9E9556-944D-4889-96A5-8AC1CD2F3EF6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {83753AEB-B1C1-40D4-B9DE-562E983989CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-17] (Adobe Systems Incorporated) Task: {876F56B9-2F34-4E59-ACEA-E50C400835FF} - System32\Tasks\5FOFD9B73D6C-2CRMOI6 => C:\Users\electrodiag\AppData\Roaming\ARHome\Updater.exe Task: {90F4A0E1-805E-4BFD-87AD-0BDC982B92F3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {A5E8C604-8B9A-411D-8788-83E529561714} - System32\Tasks\{5361F01E-A126-4FDD-8BB8-85982C1FBD12} => pcalua.exe -a D:\shamela\bin\viewer.exe -c C:\Users\electrodiag\AppData\Local\Temp\Temp1_mawsoaat_tafaseer_quran_bok_01.zip\mawsoaat_tafaseer_quran_01.bok Task: {B0607F82-904E-4839-A0D0-081B979BACFE} - System32\Tasks\4CEFD9B73D6C-1CRMOI2 => C:\Users\electrodiag\AppData\Roaming\ARHome\Updater.exe Task: {C3A13432-22AE-4CC1-A7F2-F4CDA09F6856} - System32\Tasks\{10A976CF-4855-4D14-A1E6-274EE14E91F8} => pcalua.exe -a "C:\Program Files (x86)\ÃÍßÇã ÇáÊÌæíÏ\unins000.exe" Task: {D51BA4F1-F567-4A17-9578-88DD462DC7F9} - System32\Tasks\Popper => C:\Users\electrodiag\AppData\Local\diag\Chomp.exe Task: {DC314243-CDED-48EA-AFC1-481F15996E46} - System32\Tasks\{B91D2BF2-8DB0-4037-8E02-79FA7396F163} => pcalua.exe -a C:\Users\electrodiag\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=adks <==== ATTENTION Task: {DD9641A8-6479-406A-8FBE-EFB7E24B30C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {EC01C2E0-1C7C-4A19-8753-AD23A729495B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {F6C88FD6-F345-42F3-A3C1-C3C66EE4E317} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2541966181-2142765789-2215278153-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {FD290EBB-6227-4627-AEF6-C5CFC2A9F4D4} - System32\Tasks\ReclaimerUpdateXML_electrodiag => C:\Users\electrodiag\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-07-15] (RealNetworks, Inc.) Task: {FEAD5690-3D23-4C5F-9092-0370DF6F9F1A} - System32\Tasks\SliderLiner => c:\programdata\{afe455c1-fe9f-cfe2-afe4-455c1fe95707}\74817651860198482b.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SliderLiner.job => c:\programdata\{afe455c1-fe9f-cfe2-afe4-455c1fe95707}\74817651860198482b.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2014-09-23 22:06 - 2012-09-04 01:27 - 00233864 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 22:38 - 2010-03-24 22:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-03-29 20:56 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-04-12 16:09 - 2013-04-12 16:09 - 00638976 _____ () C:\Program Files (x86)\Common Files\BCL Technologies\PixelPlanet7\bepprint.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 22:17 - 2010-03-24 22:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-05-25 23:29 - 2015-05-22 13:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll 2015-05-25 23:29 - 2015-05-22 13:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll 2015-07-14 21:56 - 2015-07-13 10:14 - 16307888 _____ () C:\Users\electrodiag\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Temp:24105FF3 AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\ProgramData\Temp:7CB86D39 AlternateDataStreams: C:\ProgramData\Temp:BF040455 AlternateDataStreams: C:\ProgramData\Temp:EFB09287 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2541966181-2142765789-2215278153-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: avast! Antivirus => 2 MSCONFIG\Services: avast! Firewall => 2 MSCONFIG\Services: avast! Mail Scanner => 3 MSCONFIG\Services: avast! Web Scanner => 3 MSCONFIG\startupreg: avast5 => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{B2412354-916C-46B3-BD19-FBEF051F31D9}] => (Allow) C:\Users\electrodiag\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E89A11A1-4083-44E4-BBD9-E89CD3C0C635}] => (Allow) C:\Users\electrodiag\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BE009BED-7BD5-4748-9F8D-EC7BB8B6AB16}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{09B4DA57-7946-48E0-A9EE-ED200BA8F2AA}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{5897A0EF-0AF4-49F0-B5E5-5944629CC99B}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{7CB1D25D-F17D-4654-996F-EA5FE6FF5EA0}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{9127D4DD-6CB7-44EB-935A-82EC4D8F2BC6}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [TCP Query User{00B9FB31-B543-4004-B05A-D3A17E636965}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{CE2E7EE9-EAD2-4B05-AED0-08F414B3AFD1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{A30B1CD5-2050-4FC2-9649-B331F5CFC409}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{EDA76886-8859-4ADA-B04B-E31857935B85}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [UDP Query User{ACF8FC33-4AE6-4E5F-AF15-018221D23528}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [{B48C0171-08C1-462D-B6E9-149F4907FCAA}] => (Allow) C:\ProgramData\svchost.exe FirewallRules: [{98AAB2FE-5D07-47FD-8430-6CC517C22C89}] => (Allow) C:\ProgramData\svchost.exe FirewallRules: [TCP Query User{779A4E2D-3934-48C3-A999-D5E474A76AE8}C:\users\electrodiag\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\electrodiag\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe FirewallRules: [UDP Query User{A5F15484-A05C-419A-BF16-9AAA52D65C03}C:\users\electrodiag\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\electrodiag\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe FirewallRules: [TCP Query User{31219ABC-A633-479C-BA10-978FDD487E06}C:\users\electrodiag\appdata\local\temp\rar$ex18.604\u1405.exe] => (Allow) C:\users\electrodiag\appdata\local\temp\rar$ex18.604\u1405.exe FirewallRules: [UDP Query User{3C9EB47B-658C-47B1-BC47-91CC9423B27A}C:\users\electrodiag\appdata\local\temp\rar$ex18.604\u1405.exe] => (Allow) C:\users\electrodiag\appdata\local\temp\rar$ex18.604\u1405.exe FirewallRules: [TCP Query User{C1F4D5E6-4EE8-4406-BFE2-B68BC0680BE0}C:\users\electrodiag\appdata\local\temp\rar$ex26.920\u1405.exe] => (Allow) C:\users\electrodiag\appdata\local\temp\rar$ex26.920\u1405.exe FirewallRules: [UDP Query User{4C029539-5755-4D31-BC4E-F900528E0E16}C:\users\electrodiag\appdata\local\temp\rar$ex26.920\u1405.exe] => (Allow) C:\users\electrodiag\appdata\local\temp\rar$ex26.920\u1405.exe FirewallRules: [{743FD195-0A94-4329-B54F-4AFC3ED9B416}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: BCM20702A0 Description: BCM20702A0 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2015 09:40:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0x60c Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 Error: (07/23/2015 09:16:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0x4a0 Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 Error: (07/23/2015 09:16:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 09:55:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0x7e4 Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 Error: (07/21/2015 09:55:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 05:19:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0x72c Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 Error: (07/21/2015 05:19:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 08:18:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0x5fc Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 Error: (07/21/2015 08:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 07:20:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Faulting module name: TouchControl.exe, version: 5.4.0.402, time stamp: 0x4ee46c90 Exception code: 0xc0000005 Fault offset: 0x000154d6 Faulting process id: 0xdc0 Faulting application start time: 0xTouchControl.exe0 Faulting application path: TouchControl.exe1 Faulting module path: TouchControl.exe2 Report Id: TouchControl.exe3 System errors: ============= Error: (07/23/2015 09:41:55 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR4. Error: (07/23/2015 09:41:55 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR4. Error: (07/23/2015 09:41:54 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR4. Error: (07/23/2015 09:41:54 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR4. Error: (07/23/2015 09:16:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Error: (07/21/2015 09:55:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Error: (07/21/2015 05:19:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Error: (07/21/2015 08:18:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Error: (07/21/2015 07:05:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Error: (07/21/2015 06:12:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: iSafeKrnlMon Microsoft Office: ========================= Error: (07/23/2015 09:40:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d660c01d0c56650d47093C:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exe919f23ef-3159-11e5-baeb-ec9a74606861 Error: (07/23/2015 09:16:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d64a001d0c562d66ca83dC:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exe2513c3d2-3156-11e5-baeb-ec9a74606861 Error: (07/23/2015 09:16:13 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 09:55:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d67e401d0c43a9941d660C:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exee8bccc6d-302d-11e5-8f65-582c80139263 Error: (07/21/2015 09:55:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 05:19:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d672c01d0c413fa074891C:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exe492c8d15-3007-11e5-a4d8-582c80139263 Error: (07/21/2015 05:19:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 08:18:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d65fc01d0c3c86d4f8728C:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exebd711d88-2fbb-11e5-a919-ec9a74606861 Error: (07/21/2015 08:18:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 07:20:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: TouchControl.exe5.4.0.4024ee46c90TouchControl.exe5.4.0.4024ee46c90c0000005000154d6dc001d0c3c068552b47C:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Program Files (x86)\HP SimplePass\TouchControl.exea72af424-2fb3-11e5-ab2d-582c80139263 CodeIntegrity Errors: =================================== Date: 2015-07-19 20:16:08.303 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:16:05.083 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:16:02.203 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:59.299 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:56.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:53.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:50.461 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:47.540 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:15:44.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. Date: 2015-07-19 20:08:43.992 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\9041fafa486bb1003d\mrt.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz Percentage of memory in use: 34% Total physical RAM: 6091.86 MB Available physical RAM: 4016.64 MB Total Virtual: 12181.93 MB Available Virtual: 9658.57 MB ==================== Drives ================================ Drive c: (atef 1) (Fixed) (Total:72.46 GB) (Free:12.23 GB) NTFS Drive d: (drs) (Fixed) (Total:39.06 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (mash) (Fixed) (Total:111.58 GB) (Free:32.71 GB) NTFS Drive g: () (Removable) (Total:3.75 GB) (Free:3.75 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BC884C99) Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27) Partition 2: (Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=72.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=111.6 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 6F20736B) No partition Table on disk 1. Disk 1 is a removable device. ==================== End of log ============================