Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Serge (2016-03-28 09:02:54) Running from C:\Users\Serge\Desktop Windows 7 Professional Service Pack 1 (X64) (2014-01-20 02:27:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1606463160-1528309087-3068095059-500 - Administrator - Disabled) Guest (S-1-5-21-1606463160-1528309087-3068095059-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1606463160-1528309087-3068095059-1002 - Limited - Enabled) Serge (S-1-5-21-1606463160-1528309087-3068095059-1000 - Administrator - Enabled) => C:\Users\Serge ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated) Allway Sync version 9.2.15 (HKLM-x32\...\Allway Sync_is1) (Version: - Usov Lab) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.1.7 - SlySoft) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.6.22 - AuthenTec, Inc.) Backup Thunderbird (HKLM-x32\...\{FA212C5D-FE18-4A8B-9A45-B2E62A20D4CA}_is1) (Version: - backupthunderbird.com) Bigasoft YouTube Downloader Pro 1.2.26.4849 (HKLM-x32\...\{C7056BA6-D954-42A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation) Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.14(T) - TOSHIBA CORPORATION) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) ChromecastApp (HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) CloneCD (HKLM-x32\...\CloneCD) (Version: - Elaborate Bytes) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.2.8 - Elaborate Bytes) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden Everything 1.4.0.713b (x64) (HKLM\...\Everything) (Version: 1.4.0.713b (x64) - David Carpenter) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation) Glary Utilities PRO 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.8 - Intel) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{AB67B5F9-B19A-42F4-A57D-46114D71060E}) (Version: 13.05.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.1.1001 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) LocK-A-FoLdeR (HKLM-x32\...\LocK-A-FoLdeR) (Version: 2.0 - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{9011040C-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation) Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 fr)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.6.0 - Mozilla) Mozilla Thunderbird 38.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.1 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.1 - NEC Electronics Corporation) Hidden PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version: - ) PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.) Remove Empty Directories version 2.2 (Admin Editon) (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 (Admin Editon) - Jonas John) Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Stickies 8.0c (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software) TFPU (Version: 1.0.0 - TOSHIBA) Hidden TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation) TOSHIBA ConfigFree (HKLM-x32\...\{B73A66DB-7804-46EC-9A2F-BD534FDB6AD5}) (Version: 8.0.30 - TOSHIBA CORPORATION) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.12.64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.27 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.7.64 - TOSHIBA CORPORATION) TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.2.64 - TOSHIBA Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation) TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.8 - TOSHIBA) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA) TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.12.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.13 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.00 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.6 - win.rar GmbH) Wisdom-soft ScreenHunter 4.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 4.0 Free) (Version: - Wisdom Software Inc.) YT Downloader 3 (HKLM-x32\...\YT Downloader_is1) (Version: - Youtomato) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Serge\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {151F63EC-A8C2-4A0C-813D-8390AA979083} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-13] (Piriform Ltd) Task: {181FAEF7-6F6F-47D9-AF37-DDAF80231BF9} - System32\Tasks\{3B39F232-6917-425D-90EC-203C0F1DE61A} => pcalua.exe -a "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup\SetupCloneCD.exe" -d "C:\Users\Serge\Desktop\CloneCD 5.3.1.4 F\Setup" Task: {20EAF6F7-EE5C-404A-8DFC-D2061BDE4A16} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe Task: {267AB0A4-F9B8-4F26-BAAA-77D4F49823F6} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-05-07] (TOSHIBA CORPORATION) Task: {34F59E9A-51E6-4349-8AFD-884317795EA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.) Task: {45095E64-2F59-4E44-AA7D-79034E5C9C80} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.) Task: {59EECC96-B3D4-41FC-8311-04644D54A02F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.) Task: {6E0D70A6-70E2-4332-859D-3E9C17B7766F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-25] (Adobe Systems Incorporated) Task: {70D5DC63-747D-44EA-A62F-CB7AFEBB0199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-04] (Google Inc.) Task: {764A4A39-3E63-41EB-AA82-06B9641B2891} - System32\Tasks\{D90EC510-010F-4E0D-9CA7-425C8ECFB569} => pcalua.exe -a "C:\Users\Serge\Desktop\Office 2007\setup.exe" -d "C:\Users\Serge\Desktop\Office 2007" Task: {785343BA-BB2F-4335-92EC-F9A7004F663B} - System32\Tasks\{FC599D66-F5BA-4FC9-B9B5-4077349FF26A} => pcalua.exe -a "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder\red_red_2.1.0.0_anglais_43422.exe" -d "C:\Users\Serge\2014 - Softs & Utilitaires - PC\2014 - Remove Empty folder" Task: {7894BAF6-0701-4A36-B8F7-8ADE1E5D7E4C} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Serge logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe Task: {79EF017B-D30D-447D-9FDF-80AFBD422AB6} - System32\Tasks\idoo AntiSpyware Pro => C:\Program files\idoo AntiSpyware Pro\idooAS.exe Task: {7C25CA88-0BD2-41D2-926E-053DEB540E19} - System32\Tasks\{C20639E7-C421-430D-AE9E-C4F007207392} => pcalua.exe -a C:\Users\Serge\Desktop\CloneMaster\CloneMaster.exe -d C:\Users\Serge\Desktop\CloneMaster Task: {88D235A3-70F3-4053-BD61-3E316B869479} - System32\Tasks\{89FE94C7-13C1-416C-9BD4-66D3129E627B} => pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix" Task: {892B6748-4D8D-4CA0-9869-01D81C341E77} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule" Task: {8B3EE4B1-3E23-43F7-A77D-EE373A808B88} - System32\Tasks\{EC075323-091C-42C5-AA40-4234D81BC415} => pcalua.exe -a "C:\Users\Serge\1 - A garder - Softs & PW\Screen-hunter.exe" -d C:\Users\Serge\Desktop -c C:\Users\Serge\Desktop\50000021_1920x1080.jpg Task: {9420BCBC-4F35-4061-96E9-FEBABDDE21A3} - System32\Tasks\{3FA07B24-F0BA-456A-88CC-E449F89942A1} => pcalua.exe -a C:\Users\Serge\Desktop\SimpleSetup.exe -d C:\Users\Serge\Desktop Task: {A1B10959-181E-4F44-8D41-6A0E6BA1E53D} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-12] (Dropbox, Inc.) Task: {A672C2BA-4137-4FB1-9850-C098111AAFD4} - System32\Tasks\{98BC10E8-9D2F-4E92-9138-F10D82DDCC9F} => pcalua.exe -a "C:\Program Files (x86)\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPFix" Task: {A889928C-131C-4C9B-8DA4-1D9005DE952E} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe Task: {AEB04494-937C-4396-88E8-BC653FF0C2A2} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe Task: {B9293964-0994-4581-9AD5-39DE7B85927B} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-28] (Glarysoft Ltd) Task: {BE934F16-F3CA-433E-8205-CEAA61568C6A} - System32\Tasks\{2BDC99B7-245F-435B-97A4-8943A4900491} => pcalua.exe -a C:\Users\Serge\Desktop\Install_CopyTrans_Suite.exe -d C:\Users\Serge\Desktop Task: {C852F048-3E98-4033-874E-6896E1E51143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.) Task: {CEA3A963-D48B-4CDA-97F0-A038E21108E8} - System32\Tasks\{019959E6-A3CE-4F8F-8159-8A44D5D587DF} => pcalua.exe -a "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack\TeamViewer 10 Corporate Crack (A.C.H).exe" -d "C:\Users\Serge\Desktop\TeamViewer 10 incl. Corporate Crack (GertiPrenjasi)\Crack" Task: {DE1A7CF4-5818-48E6-8D62-CF6A47B9D262} - System32\Tasks\{F40D585B-AA57-4BA3-8633-F256B787E8F6} => pcalua.exe -a "C:\Users\Serge\Desktop\WRT54GS Setup Wizard.exe" -d C:\Users\Serge\Desktop Task: {ECE045FC-E05F-4740-81F0-CF16F4892765} - System32\Tasks\{13CF6586-D008-4458-B1FD-22F206F1644C} => pcalua.exe -a D:\SimpleSetup.exe -d D:\ Task: {FC3C1B94-A412-4CFC-A73A-D06C559DCB6A} - System32\Tasks\{56989614-F61F-46CA-A7B7-A939B552D2BB} => pcalua.exe -a C:\Users\Serge\Desktop\SharePod\SharePod.exe -d C:\Users\Serge\Desktop\SharePod Task: {FEE3CBCC-5CB4-4BE3-9A3D-3206F2D5E2DA} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-28] (Glarysoft Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000Core.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606463160-1528309087-3068095059-1000UA.job => C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-01-12 14:48 - 2011-01-12 14:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17621620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29441174.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31244304.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32025649.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38708019.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48159720.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\64656363.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70184655.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98684350.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17621620.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29441174.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31244304.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32025649.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38708019.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48159720.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\64656363.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70184655.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98684350.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxp://*.s3.amazonaws.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amazonaws.com -> hxxps://*.s3.amazonaws.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxp://utm.amikay.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\amikay.com -> hxxps://utm.amikay.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\cleverreach.com -> hxxp://novastor.cleverreach.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxp://desk.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\desk.com -> hxxps://desk.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxp://google-analytics.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google-analytics.com -> hxxps://google-analytics.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxp://google.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\google.com -> hxxps://google.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\hola.org -> hxxp://hola.org IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxp://monitor-eqatec.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\monitor-eqatec.com -> hxxps://monitor-eqatec.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxp://netsuite.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\netsuite.com -> hxxps://netsuite.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxp://novabackup.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.com -> hxxps://novabackup.com IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxp://novabackup.de IE trusted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\novabackup.de -> hxxps://novabackup.de There are 5 more sites. IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 11:34 - 2016-03-27 07:24 - 00002178 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us There are 10 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1606463160-1528309087-3068095059-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Serge\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Malwarebytes Anti-Ransomware.lnk => C:\windows\pss\Malwarebytes Anti-Ransomware.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stickies.lnk => C:\windows\pss\Stickies.lnk.CommonStartup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Atomic Alarm Clock => MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CloneCDElbyCDFL => "C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL MSCONFIG\startupreg: Google Update => "C:\Users\Serge\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GoogleChromeAutoLaunch_BDF3F9D6639A585286C93451607D591D => MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: TFPUPWDBankService => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start MSCONFIG\startupreg: TFPUService => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun MSCONFIG\startupreg: Wisdom-soft ScreenHunter 6.0 Free => 0 ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{469DB4CD-65B9-402B-9EA9-58822D77071B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{ED06DF39-4ADB-4F3A-8241-CD7072A66AE7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{744C99C8-37DB-4188-97BF-CF7BB211E671}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5789F857-02C3-4A26-A8BA-43EB7D699319}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E55F66C0-357A-47E4-A364-B3BA29B03055}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9C533751-DADC-4CB9-B8F0-07D6AD4CB679}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{054351B4-35E1-41A3-A834-5A9CEC9146AF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5C09ECE2-2999-4184-8F13-E85E03854343}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe\Bonjour\mDNSResponder.exe FirewallRules: [{A4C70643-1C38-4F42-9A08-FBC0166A7094}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B8B3148F-A3E8-4D5A-9107-A11721CC8005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{92974689-AE69-4335-8ED5-66AED59721B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{37AE1497-1A2D-49E1-A145-9428B7933CA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{C85FFAD4-53A1-4DAC-A255-2871CA5F3C0F}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{66FAEBD4-9D09-48B0-9C43-DAB7127A1814}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{E41E2C9C-3108-43D5-8EAB-411DA079E569}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{747D995D-BEAE-47B3-A0D7-AA1EFD02504D}] => (Allow) C:\Program Files (x86)\Internet Download Manager\IDMan.exe FirewallRules: [{DB08DEA2-8A2B-4601-8ECB-664AF22D4297}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3B6015EA-0A3F-41AA-913D-8D5253BC3419}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{E26C33B2-04F2-4407-920D-ECA23D5D6E81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0725C266-E083-44D8-879F-9A3AC94FB2E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF4A3690-C0D2-474B-8CF8-127E6CBABB89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DE6B25F6-9DB4-474E-9634-3208F5B4D5C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EC84FE6A-2578-4B12-8B9A-EFEA449A10C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9EF823D2-1CA1-44E7-AA27-66F9A2CD354F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Youtomato\YT Downloader\YTDownloader.exe] => Enabled:YT Downloader ==================== Restore Points ========================= 27-03-2016 12:20:33 Windows Update 27-03-2016 12:27:46 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.2.1.1043 28-03-2016 08:58:26 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Malwarebytes Anti-Exploit Description: Malwarebytes Anti-Exploit Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ESProtectionDriver Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/27/2016 03:54:12 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={D52A4801-BFAB-4CFA-AC69-77F1ECA6AED9}: The user Serge-PC\Serge dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0. Error: (03/27/2016 03:53:25 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={28748C63-1B65-4C49-B85F-E3976AAAEA38}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 0. Error: (03/27/2016 03:52:27 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={8FDB63FA-4938-4E98-8C68-CB7FEA6BE41C}: The user Serge-PC\Serge dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 651. Error: (03/27/2016 12:27:44 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {ba6f4f1a-82c0-4ee5-96b0-697b3b82d2e3} Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error: (03/27/2016 12:20:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV. System Error: The system cannot find the file specified. . Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error: (03/27/2016 12:10:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASDIFSV. System Error: The system cannot find the file specified. . Error: (03/27/2016 12:10:23 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {aa2ca70e-8ec6-40b0-a25e-151cd3fd84f6} Error: (03/27/2016 12:00:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . System errors: ============= Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: %%1053 Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: %%1053 Error: (03/28/2016 08:49:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect. Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Intel(R) Management & Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error: %%1053 Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: %%1053 Error: (03/28/2016 08:48:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect. Error: (03/28/2016 08:48:38 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068UNS{80C25488-192B-4DE2-8150-5B2D2A2F835E} Error: (03/28/2016 08:47:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: ESProtectionDriver UimBus Uim_DEVIM Uim_IM Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: %%1053 Error: (03/28/2016 08:47:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect. CodeIntegrity: =================================== Date: 2015-01-15 15:32:13.935 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:32:13.862 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:32:01.989 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:32:01.958 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:32:01.927 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:32:01.880 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:29:20.627 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:29:20.549 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:29:08.896 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-15 15:29:08.864 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\pcouffin64a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz Percentage of memory in use: 34% Total physical RAM: 3824.43 MB Available physical RAM: 2496.87 MB Total Virtual: 7647.06 MB Available Virtual: 6314.9 MB ==================== Drives ================================ Drive b: (SERGIO USB) (Removable) (Total:14.71 GB) (Free:13.42 GB) FAT32 Drive c: (TI105901W0D) (Fixed) (Total:107.37 GB) (Free:31.83 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 3FA93059) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=107.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17) ======================================================== Disk: 1 (Size: 14.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================