Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-12-2015 Ran by ivalis (2015-12-10 20:09:39) Running from C:\Users\ivalis.FR269\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-11-07 10:39:17) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3394175927-1063334883-3861082287-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-3394175927-1063334883-3861082287-501 - Limited - Disabled) ivalis (S-1-5-21-3394175927-1063334883-3861082287-1000 - Administrator - Enabled) => C:\Users\ivalis.FR269 master (S-1-5-21-3394175927-1063334883-3861082287-1001 - Limited - Enabled) UF269 (S-1-5-21-3394175927-1063334883-3861082287-1023 - Administrator - Enabled) => C:\Users\UF269 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Intune Endpoint Protection (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Microsoft Intune Endpoint Protection (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.04 alpha (HKLM\...\7-Zip) (Version: - ) Ad-Aware Antivirus (HKLM\...\{56FDBD41-0B9B-4CEA-B2A4-8DBAAB0F7318}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft) AdAwareInstaller (Version: 11.9.696.8769 - Lavasoft) Hidden AdAwareUpdater (Version: 11.9.696.8769 - Lavasoft) Hidden Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Aiseesoft PDF Convertisseur Ultimate 3.2.20 (HKLM\...\{96C9E2FD-9434-453e-9EF3-67E1E39D7CCE}_is1) (Version: 3.2.20 - Aiseesoft Studio) AntiCryptoWall (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.10.60 - Bitdefender) Antidote 8 (HKLM\...\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}) (Version: 8.05.1877 - Druide informatique inc.) AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version: - A-PDF Solution) Apple Application Support (32 bits) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Appload 1.23 (HKLM\...\Appload) (Version: 1.23 - Opticon Sensors Europe B.V.) Assistant de téléchargement (HKLM\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.) AuthenTec Fingerprint Software (Version: 8.4.4.20 - AuthenTec, Inc.) Hidden BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) Cisco Systems VPN Client 5.0.02.0090 (HKLM\...\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}) (Version: 5.0.2 - Cisco Systems, Inc.) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.) DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.142 - Dell Inc.) eM Client (HKLM\...\{F3D4FF28-2C9E-45E5-B983-CE8BF449ECEC}) (Version: 6.0.23421.0 - eM Client Inc.) FileZilla Server (remove only) (HKLM\...\FileZilla Server) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Chrome (HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Chrome (HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.) Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1134 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) IRIScan 2 (HKLM\...\{98A71574-2CEF-4348-8857-654A9F02F12B}) (Version: 2.03.0003 - ) IRIScan Scanner (HKLM\...\{77A0D715-8509-45E9-A39E-691F19666FD7}) (Version: V4.3.0 - ) iTunes (HKLM\...\{8862F11A-A9A0-4899-9F50-B5A79F12F3C2}) (Version: 12.3.1.23 - Apple Inc.) Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle) Java(TM) 6 Update 4 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160040}) (Version: 1.6.0.40 - Sun Microsystems, Inc.) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Intune Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-GB)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.2.0 - Mozilla) NetO32 2.06 (HKLM\...\NetO32) (Version: 2.06 - Opticon Sensors Europe B.V.) O2Micro Flash Memory Card Windows Driver (HKLM\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.23 - O2Micro International LTD.) Hidden O2Micro OZ776 SCR Driver (HKLM\...\InstallShield_{77FDE44F-3564-4E90-B054-68D1A00FEB6D}) (Version: 1.1.4.210GS - O2Micro) O2Micro OZ776 SCR Driver (Version: 1.1.4.210GS - O2Micro) Hidden OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org) OpenOffice.org 3.3 Language Pack (French) (HKLM\...\{0FA7C671-1916-41C2-8D10-FA1626004C1B}) (Version: 3.3.9567 - OpenOffice.org) PC-CCID (Version: 2.0.0 - Gemalto) Hidden Readiris Pro 11 (HKLM\...\{E9E9734C-2EE2-4381-ACCA-AC9B8D372DCC}) (Version: 11.00.5295 - I.R.I.S.) SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Star Micronics Printer Software (HKLM\...\{59FEEE22-8B12-4019-AE21-6A7C6B84F39A}) (Version: 1.2.0 - Star Micronics Co., Ltd.) System Center 2012 - Operations Manager Agent (Version: 7.0.9538.0 - Microsoft Corporation) Hidden TightVNC (HKLM\...\{1ACD399C-7F26-43A6-9F16-3AB28F63FDC7}) (Version: 2.5.2.0 - GlavSoft LLC.) Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.6 - Transmission) Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2410 - Broadcom Corporation) Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows Mobile Device Center Driver Update (HKLM\...\{CB8CA439-DA83-419C-A4CF-5A0A50025144}) (Version: 6.0.6783.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe (Druide informatique inc.) CustomCLSID: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files\Druide\Antidote 8\Programmes32\AgentAntidote.exe (Druide informatique inc.) ==================== Restore Points ========================= 10-12-2015 18:35:32 AA11 10-12-2015 19:41:53 Nettoyeur (Spybot - Search & Destroy 2.4, privilèges administrat 10-12-2015 19:42:22 Nettoyeur (Spybot - Search & Destroy 2.4, privilèges administrat 10-12-2015 19:43:14 Nettoyeur (Spybot - Search & Destroy 2.4, privilèges administrat ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2015-12-10 18:55 - 00450909 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com 127.0.0.1 123simsen.com There are 15466 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E125658-B71B-42A1-92B4-C70DF81522BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.) Task: {4332083A-AFE7-4087-B4E1-03A188F785FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {50C0F88C-0BD4-4959-87F6-58CE85A16215} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {5BBCA080-367C-443A-A01D-329760347B8F} - \GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-386108228798033463-3831979910-1000Core -> No File <==== ATTENTION Task: {6046D8BD-6C8F-4846-84E6-927850450B54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-01] (Google Inc.) Task: {6A61F300-DA86-4889-8826-03E19552FF8B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {6C942465-34CB-48E0-9782-AC68C9E2E964} - \GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-386108228798033463-3831979910-1004UA -> No File <==== ATTENTION Task: {6E5397DC-2DBF-4F4E-9A0D-285B8920D3E6} - \GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-386108228798033463-3831979910-1004Core -> No File <==== ATTENTION Task: {70CF3826-9EF1-483F-8C20-5B7618DCC466} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {740433C8-2F57-4692-8DB4-2055D8991AA3} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe [2015-12-10] () Task: {819C4F23-ACEE-4171-A9B6-8DD172166C81} - \GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-386108228798033463-3831979910-1000UA -> No File <==== ATTENTION Task: {B851C86C-A203-4B54-AB20-AEE3B1E75614} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-3861082287-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.) Task: {BDAE6187-2827-4A5F-B55D-9CB69884DB18} - System32\Tasks\Microsoft\OnlineManagement\Microsoft.OnlineManagement.UpdateTask => C:\Program Files\Microsoft\OnlineManagement\Updates\Bin\omupdclt.exe [2015-07-17] (Microsoft Corporation) Task: {CD47099E-07B8-467D-8E25-28D653D64D9A} - System32\Tasks\ThinPrint AutoConnect component for 32 bit applications => C:\Users\Public\Documents\Microsoft\Assistance\Tools\TPAutoConnect32.exe Task: {FC0F356F-467E-47BB-8529-A7A30C844115} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {FC935727-20C9-4DB5-B3AC-FB36D83A47D8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-3861082287-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-20] (Google Inc.) Task: {FED2AB52-58A9-4AB7-A535-FF3A12BCC0D2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-27] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-3861082287-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394175927-1063334883-3861082287-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-1000Core.job => C:\Users\IVALIS\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-1000UA.job => C:\Users\IVALIS\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-1004Core.job => C:\Users\tes\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-1004UA.job => C:\Users\tes\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4250933609-2898033463-3831979910-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-12-29 16:24 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll 2012-08-08 08:45 - 2011-04-02 15:03 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL 2012-08-08 08:45 - 2011-04-02 15:03 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL 2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2007-10-26 23:28 - 2007-10-26 23:28 - 00197408 _____ () C:\Windows\system32\vpnapi.dll 2015-08-14 13:14 - 2015-08-14 13:14 - 01055952 _____ () C:\Program Files\Microsoft\OnlineManagement\Monitoring\IntuneConnector.dll 2015-12-09 17:55 - 2015-12-09 17:55 - 00659872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe 2015-12-09 17:57 - 2015-12-09 17:57 - 00023296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_system-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00047368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_date_time-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_filesystem-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 08870136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareServiceKernel.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 02372816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\RCF.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00634624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_regex-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00089344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_thread-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00032000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_chrono-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00567024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareActivation.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00377088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareApplicationUpdater.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00679664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareGamingMode.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00084712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareReset.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00102624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTime.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00821504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdater.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00729872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdaterScheduler.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00897264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIgnoreList.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00205552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareQuarantine.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01250048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiMalwareEngine.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00169728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiRootkitEngine.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00902392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerHistory.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01082088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScanner.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00032512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_timer-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00812280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerScheduler.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00940288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtection.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 02035960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIncompatibles.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01164520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiSpam.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01119472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiPhishing.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 02519288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareParentalControl.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 02708728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareWebProtection.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01045752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareEmailProtection.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00048392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_iostreams-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01451264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNetworkProtection.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00810728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePromo.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00297704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareFeedback.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 02280192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareThreatWorkAlliance.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01017576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePinCode.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00810728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNotice.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01228016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAvcEngine.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00955664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtectionHistory.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00381680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareStatistics.dll 2011-11-15 01:52 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\system32\srvany.exe 2015-12-10 18:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2015-12-10 18:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2015-12-10 18:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2015-12-10 18:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2015-12-10 18:44 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2015-12-10 18:29 - 2015-12-10 16:48 - 01329064 _____ () C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDAntiCryptoWall.exe 2015-12-10 18:29 - 2015-08-14 13:49 - 00504320 _____ () C:\Program Files\Bitdefender\Tools\AntiCryptoWall\BDMetrics.dll 2008-09-02 20:55 - 2008-09-02 20:55 - 02323120 _____ () C:\Program Files\iriscn2i\bmanm12.exe 2007-09-12 01:51 - 2007-09-12 01:51 - 00385024 _____ () C:\Program Files\iriscn2i\irscncolw.dll 2011-09-01 04:13 - 2011-09-01 04:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2012-09-23 20:43 - 2012-09-23 20:43 - 00010240 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\locale\fr_fr\acrotray.fra 2014-04-04 17:46 - 2014-04-04 17:46 - 00091976 _____ () C:\Program Files\Druide\Antidote 8\Programmes32\libwebsocketsDruide_8.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 08001760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe 2015-12-09 17:57 - 2015-12-09 17:57 - 00386816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_locale-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 01731304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\HtmlFramework.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 00867576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTrayDefaultSkin.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00132608 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Collecti#\f721ea35a89bd9b00c1a3044898afc6d\MailClient.Collections.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00492544 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Mail\89b5060590e779ef59adb60daf3b69e2\MailClient.Mail.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00942592 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HTMLEditorControl\7b7b4bd05ea25d8667e129c8d999a474\HTMLEditorControl.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00625664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Common.UI\c4dcb092513f6b3e56aebd9a17027609\MailClient.Common.UI.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00022016 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Interop\831bb0c0ffed27c713eae4cb09b81581\MailClient.Interop.ni.dll 2015-11-17 14:54 - 2015-11-17 14:54 - 01599488 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsAPICodePack\8c8c0fcf41d816bbff9eb5e7a4e514ad\WindowsAPICodePack.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00244224 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Imap.Base\9e66ae4ac264debd7b1121c7f33b7839\MailClient.Imap.Base.ni.dll 2015-11-17 14:54 - 2015-11-17 14:54 - 00377856 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\RtfToHtml\40c08e2b3de131cd589755b132780d94\RtfToHtml.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00571392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\LinqBridge\aeb33b26821d0cd4190f06f639eb5cc4\LinqBridge.ni.dll 2015-09-23 14:19 - 2015-09-23 14:19 - 00642016 _____ () C:\Program Files\eM Client\SQLite\x86\sqlite3.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00674816 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\HtmlInterop\1e8a8c312da399333f2ea88f3b9b863c\HtmlInterop.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00081408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\SystemCoreTimeZone\2006eec712726a3ea42313ed8225368e\SystemCoreTimeZone.ni.dll 2015-11-17 14:53 - 2015-11-17 14:53 - 00099328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MailClient.Sasl\cc030d72d8f48315aae89cfc01473519\MailClient.Sasl.ni.dll 2015-10-19 21:00 - 2015-10-19 21:00 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2011-01-17 16:19 - 2011-11-17 22:23 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 13928168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDesktop.exe 2015-12-09 17:57 - 2015-12-09 17:57 - 00350480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_program_options-vc120-mt-1_57.dll 2015-12-09 17:57 - 2015-12-09 17:57 - 07431424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDesktopDefaultSkin.dll 2015-11-16 15:23 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll 2015-11-16 15:23 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com There are 7866 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3394175927-1063334883-3861082287-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3394175927-1063334883-3861082287-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3394175927-1063334883-3861082287-1023\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3394175927-1063334883-3861082287-1023-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-3394175927-1063334883-3861082287-500\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-3394175927-1063334883-3861082287-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.8.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{ABE203E6-D7DC-4DBF-9EB4-D9DA877876DD}] => (Allow) LPort=48113 FirewallRules: [{FF97C497-74EB-4E36-940D-301A8B4103AC}] => (Allow) LPort=48113 FirewallRules: [TCP Query User{51FEBF77-E8C9-42A4-B81D-40E93CD704FA}C:\pcc2\referentiel\mmj\mmj.exe] => (Allow) C:\pcc2\referentiel\mmj\mmj.exe FirewallRules: [UDP Query User{801FD6ED-9A4F-4061-8E5C-0FD4E10E4BEC}C:\pcc2\referentiel\mmj\mmj.exe] => (Allow) C:\pcc2\referentiel\mmj\mmj.exe FirewallRules: [{288692B2-6A6F-42B1-B058-6CD60EDDC7D5}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{7D577D57-90C7-438C-91D3-F3684B78D9CE}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe FirewallRules: [{3BF2C363-0D40-4EF2-8426-AEB606E2BD41}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{B7A391B0-F6EE-4577-888E-03217B1CCDC9}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE FirewallRules: [{2C847825-FF70-4E21-9891-0B1F605C6E63}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{60DDA9CC-F875-40F0-95A3-9547AC2602FD}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe FirewallRules: [{C0E69D5D-7C5F-4EE7-98A2-E0379EB44CD6}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{972468DB-52B8-4150-B08C-C89056DD8412}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{5C6E0192-EAB9-493A-A970-7B730502B8C4}] => (Allow) LPort=48113 FirewallRules: [{E4FC0950-5967-4962-9AA9-B35ECC38E203}] => (Allow) LPort=48113 FirewallRules: [{B60346AB-4E0E-4974-902F-69B77CE039ED}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{9A447868-D9C6-4E94-BB50-D107964E68CF}] => (Allow) C:\Program Files\ma-config.com\maconfservice.exe FirewallRules: [{41E3236F-B211-4ED1-BEC1-B87315A14F23}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe FirewallRules: [{0FC8C63C-F89E-4CC6-A902-F07CFB983D2D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{004C3FA7-01E7-440A-A585-306099E57C07}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{89C6A194-1BB2-4088-A3B7-FFBDDE2AF49C}] => (Allow) C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{9A79DD6D-D908-43B9-BE55-9A7F08459B54}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{F682934B-DA8B-47AC-A82D-1786F87CAC06}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{443D29A9-2EE0-4009-B0A2-26B80086EDA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EC7057C0-74CD-484E-BF05-CC3FA83F21B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{607E5652-9C49-4A24-80E4-E7F59549A869}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{8E77C862-7E87-4C80-9C6E-5F82E36DEC48}] => (Allow) C:\Users\Public\Documents\Microsoft\Assistance\Tools\TPAutoConnect32.exe FirewallRules: [{0B791160-B615-4296-AF20-7F54AE25CC36}] => (Allow) C:\Users\ivalis.FR269\Documents\Downloads\A-PDF Restrictions Remover\A-PDF Restrictions Remover.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: MpKslc15cc671 Description: MpKslc15cc671 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKslc15cc671 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2015 07:43:14 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:43:12 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:42:22 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:42:22 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:41:53 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:41:51 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {31073c2d-c464-463c-b19d-fc866a6a1776} Error: (12/10/2015 07:41:51 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {f4d0bd21-d5be-4e78-8978-a457d9951cab} Error: (12/10/2015 07:39:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OmniCryptoFinder.vshost.exe, version: 11.0.50727.1, time stamp: 0x5011d445 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6 Exception code: 0xe0434352 Fault offset: 0x0000812f Faulting process id: 0x578 Faulting application start time: 0xOmniCryptoFinder.vshost.exe0 Faulting application path: OmniCryptoFinder.vshost.exe1 Faulting module path: OmniCryptoFinder.vshost.exe2 Report Id: OmniCryptoFinder.vshost.exe3 Error: (12/10/2015 07:39:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: OmniCryptoFinder.vshost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException Stack: at Microsoft.VisualStudio.HostingProcess.EntryPoint.Main() Error: (12/10/2015 06:35:32 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3394175927-1063334883-3861082287-1006.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {3ae0bda5-3d6f-4850-b3b5-83db0fde4451} System errors: ============= Error: (12/10/2015 06:55:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (12/10/2015 06:42:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (12/10/2015 06:41:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (12/10/2015 06:10:53 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 07:35:36 on ‎10/‎12/‎2015 was unexpected. Error: (12/09/2015 07:41:37 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: ) Description: %Trojan:Win32/Miuref.B60 has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: %Trojan:Win32/Miuref.B603 Name: Trojan:Win32/Miuref.B ID: 2147685038 Severity: %Trojan:Win32/Miuref.B600 Category: %Trojan:Win32/Miuref.B602 Path: 4.8.0204.02 Detection Origin: 4.8.0204.04 Detection Type: 4.8.0204.08 Detection Source: %Trojan:Win32/Miuref.B608 User: {EE820E44-B666-49ED-907A-5B5FB038A865}9 Process Name: %Trojan:Win32/Miuref.B609 Action: {EE820E44-B666-49ED-907A-5B5FB038A865}1 Action Status: {EE820E44-B666-49ED-907A-5B5FB038A865}8 Error Code: {EE820E44-B666-49ED-907A-5B5FB038A865}3 Error description: {EE820E44-B666-49ED-907A-5B5FB038A865}4 Signature Version: 2015-12-09T18:40:57.597Z1 Engine Version: 2015-12-09T18:40:57.597Z2 Error: (12/09/2015 07:39:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.211.1724.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (12/09/2015 07:06:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (12/09/2015 07:06:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (12/09/2015 06:56:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 01:17:35 on ‎09/‎12/‎2015 was unexpected. Error: (12/09/2015 12:39:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.211.1724.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Percentage of memory in use: 90% Total physical RAM: 3483.25 MB Available physical RAM: 334.07 MB Total Virtual: 6964.8 MB Available Virtual: 3745.01 MB ==================== Drives ================================ Drive c: (system) (Fixed) (Total:234.19 GB) (Free:189.4 GB) NTFS Drive d: (DATA) (Fixed) (Total:63.81 GB) (Free:31.47 GB) NTFS Drive f: () (Removable) (Total:1.84 GB) (Free:1.66 GB) FAT Drive g: (Bouygues Telecom) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C969173) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=234.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=63.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================