Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Errors?


  • This topic is locked This topic is locked
6 replies to this topic

#1 iTzVolty

iTzVolty

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 18 January 2015 - 08:14 PM

I use Ccleaner and on the registry fixing I always kept getting the same errors. I dont know what they are, or what does it mean. Instead of looking at all that you can also look at the text file.

 

ActiveX/COM Issue ColorMediaLib.DataContainer - {915B2100-E6BC-43DA-B76E-C1CF7688EA9A} HKCR\ColorMediaLib.DataContainer
ActiveX/COM Issue ColorMediaLib.DataContainer.1 - {915B2100-E6BC-43DA-B76E-C1CF7688EA9A} HKCR\ColorMediaLib.DataContainer.1
ActiveX/COM Issue ColorMediaLib.DataController - {9A62967F-FE99-459B-A7E8-312E5127D057} HKCR\ColorMediaLib.DataController
ActiveX/COM Issue ColorMediaLib.DataController.1 - {9A62967F-FE99-459B-A7E8-312E5127D057} HKCR\ColorMediaLib.DataController.1
ActiveX/COM Issue ColorMediaLib.DataTable - {C0866F6F-38D2-44C5-8785-DC17B8EA2506} HKCR\ColorMediaLib.DataTable
ActiveX/COM Issue ColorMediaLib.DataTable.1 - {C0866F6F-38D2-44C5-8785-DC17B8EA2506} HKCR\ColorMediaLib.DataTable.1
ActiveX/COM Issue ColorMediaLib.DataTableFields - {533403E2-6E21-4615-9E28-43F4E97E977B} HKCR\ColorMediaLib.DataTableFields
ActiveX/COM Issue ColorMediaLib.DataTableFields.1 - {533403E2-6E21-4615-9E28-43F4E97E977B} HKCR\ColorMediaLib.DataTableFields.1
ActiveX/COM Issue ColorMediaLib.DataTableHolder - {E1F7A7A4-5709-4199-86BF-00A0EF84CDB6} HKCR\ColorMediaLib.DataTableHolder
ActiveX/COM Issue ColorMediaLib.DataTableHolder.1 - {E1F7A7A4-5709-4199-86BF-00A0EF84CDB6} HKCR\ColorMediaLib.DataTableHolder.1
ActiveX/COM Issue ColorMediaLib.LSPLogic - {D874E991-09C7-402F-8FAF-77F85FBD678A} HKCR\ColorMediaLib.LSPLogic
ActiveX/COM Issue ColorMediaLib.LSPLogic.1 - {D874E991-09C7-402F-8FAF-77F85FBD678A} HKCR\ColorMediaLib.LSPLogic.1
ActiveX/COM Issue ColorMediaLib.ReadOnlyManager - {89AB38EC-0365-436E-B2F5-BFFFE4D4DA3D} HKCR\ColorMediaLib.ReadOnlyManager
ActiveX/COM Issue ColorMediaLib.ReadOnlyManager.1 - {89AB38EC-0365-436E-B2F5-BFFFE4D4DA3D} HKCR\ColorMediaLib.ReadOnlyManager.1
ActiveX/COM Issue ColorMediaLib.WatchDog - {7BA60DCD-3964-44AA-9732-2521B0C880CB} HKCR\ColorMediaLib.WatchDog
ActiveX/COM Issue ColorMediaLib.WatchDog.1 - {7BA60DCD-3964-44AA-9732-2521B0C880CB} HKCR\ColorMediaLib.WatchDog.1
ActiveX/COM Issue ColorMediaLib.WFPController - {56BDF6C2-AD9C-40A9-AE64-C7178DAD106A} HKCR\ColorMediaLib.WFPController
ActiveX/COM Issue ColorMediaLib.WFPController.1 - {56BDF6C2-AD9C-40A9-AE64-C7178DAD106A} HKCR\ColorMediaLib.WFPController.1
________________________________________________________________________________________
Also i cant remove cmwf or cmwr.sys, using the Farbar Recovery Tool. The Text file is the same as the copy and pasted
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 03
Ran by Volty at 2015-01-18 16:52:59 Run:1
Running from C:\Users\Jake\Downloads
Loaded Profiles: Volty (Available profiles: Volty & subvi_000 & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binpif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binexe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bincom <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Binscr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKU\S-1-5-21-3805180030-359751056-14507808-1000\...\Firefox\Extensions: [{09A29523-659E-5B10-EA0A-1632B50980B3}] - C:\Program Files (x86)\ver0SpeeditUp\186.xpi
C:\Program Files (x86)\ver0SpeeditUp
CHR HKU\S-1-5-21-3805180030-359751056-14507808-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
R2 webinstrNHKT; C:\Windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-16] (Corsica)
C:\Windows\system32\Drivers\webinstrNHKT.sys
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [60376 2015-01-06] (Cherimoya Ltd)
C:\Windows\System32\drivers\cherimoya.sys
Task: {2679E88C-673D-434A-961D-662F9D93C991} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat
Task: {36A7E3A1-A2C7-4EFB-AB39-737021D8D719} - System32\Tasks\PAJPOO => C:\Users\Jeremy\AppData\Roaming\PAJPOO.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPNWPFB.job => C:\Users\Jeremy\AppData\Roaming\HPNWPFB.exe <==== ATTENTION
Task: C:\Windows\Tasks\PAJPOO.job => C:\Users\Jeremy\AppData\Roaming\PAJPOO.exe <==== ATTENTION
Task: {ABEA357E-002D-452D-A92A-53E5C9FB41C7} - System32\Tasks\{FE6C16A6-5CD2-4294-BC49-42F933F70462} => pcalua.exe -a C:\Zip\unrarw32.exe -d C:\Zip
Task: {C2328268-1579-4A7B-B9D1-E01ABB642722} - System32\Tasks\NNYOXBV => C:\ProgramData\3a8e94626c7e455eab9ee6b45c18d0d0\3a8e94626c7e455eab9ee6b45c18d0d0.exe
 
 
*****************
 
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3805180030-359751056-14507808-1000\Software\Mozilla\Firefox\Extensions\\{09A29523-659E-5B10-EA0A-1632B50980B3} => Value not found.
"C:\Program Files (x86)\ver0SpeeditUp" => File/Directory not found.
HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found. 
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service
Could not move "C:\Windows\system32\Drivers\cmwf.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\Drivers\cmwr.sys" => Scheduled to move on reboot.
webinstrNHKT => Service not found.
"C:\Windows\system32\Drivers\webinstrNHKT.sys" => File/Directory not found.
cherimoya => Unable to stop service
cherimoya => Service deleted successfully.
C:\Windows\System32\drivers\cherimoya.sys => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2679E88C-673D-434A-961D-662F9D93C991} => Key not found. 
C:\Windows\System32\Tasks\gtaUpt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A7E3A1-A2C7-4EFB-AB39-737021D8D719} => Key not found. 
C:\Windows\System32\Tasks\PAJPOO not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PAJPOO => Key not found. 
C:\Windows\Tasks\HPNWPFB.job not found.
C:\Windows\Tasks\PAJPOO.job not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABEA357E-002D-452D-A92A-53E5C9FB41C7} => Key not found. 
C:\Windows\System32\Tasks\{FE6C16A6-5CD2-4294-BC49-42F933F70462} not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE6C16A6-5CD2-4294-BC49-42F933F70462} => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2328268-1579-4A7B-B9D1-E01ABB642722} => Key not found. 
C:\Windows\System32\Tasks\NNYOXBV => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NNYOXBV" => Key deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-18 16:55:16)<=
 
"C:\Windows\system32\Drivers\cmwf.sys" => File could not move.
"C:\Windows\system32\Drivers\cmwr.sys" => File could not move.
 
==== End of Fixlog 16:55:16 ====

Attached Files


Edited by hamluis, 19 January 2015 - 10:01 AM.
Moved from Win 8 to Malware Removal Logs - Hamluis


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 19 January 2015 - 12:55 PM

Hi iTzVolty :)
 
My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.
 
In the meantime, can you please tell me if you've noticed any operational issues with your computer? Is it slow? Does it freeze up? Does your browser work efficiently? If you had not run the FRST program, would you have noticed this problem?
 

I use Ccleaner and on the registry fixing I always kept getting the same errors.

Do you mean these kind of errors?
 

"C:\Program Files (x86)\ver0SpeeditUp" => File/Directory not found.
HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found. 
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service

Do you also get error messages displayed (perhaps a popup window) when your computer is going through its normal operations?

 

Finally, please rerun the FRST64 program. The directions are below.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure the box for Addition.txt is checked.
  • Press Scan button.
  • It will produce a log called FRST.txt and Addition.txt in the same directory from which the tool is run.
  • Please copy and paste those logs in your next reply to me. (There is no need to attach them.)

Let me know if you have any questions.

polskamachina



#3 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 24 January 2015 - 07:26 PM

Hi iTzVolty :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#4 iTzVolty

iTzVolty
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 28 January 2015 - 02:39 AM

Oh sorry, I was busy doing schoolwork.

FRST Text:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Volty (administrator) on ITZ on 27-01-2015 23:37:44
Running from C:\Users\Jake\Downloads
Loaded Profiles: Volty (Available profiles: Volty & subvi_000 & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-07-01] (Alcor Micro Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5256336 2012-07-10] (VIA)
HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Jake\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: GoSave -> {8ccefc18-d7fd-4438-ac73-8855dc377e46} ->  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\WINDOWS\system32\npOGPPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3966931427-2845340407-1120486737-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jake\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-18]
CHR Extension: (Google Docs) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-18]
CHR Extension: (Google Drive) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-18]
CHR Extension: (YouTube) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-18]
CHR Extension: (Adblock Plus) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-18]
CHR Extension: (Google Search) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-18]
CHR Extension: (Google Sheets) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-18]
CHR Extension: (Google Wallet) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18]
CHR Extension: (Listen on Repeat Youtube Video Repeater) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjcgpbffennccofdpganblbjiglnbip [2015-01-22]
CHR Extension: (Gmail) - C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 FanChkService; C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [45696 2012-01-20] (ASUSTek Computer Inc.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-10-27] (Freemake) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-07-06] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cmwf; C:\WINDOWS\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed]
R1 cmwr; C:\WINDOWS\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed]
S3 hxsyol; C:\WINDOWS\system32\hxsy64.sys [86352 2014-11-12] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-11-11] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN2; C:\Windows\system32\DRIVERS\Neo_VPN2.sys [28768 2014-11-11] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [38240 2014-11-11] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38368 2014-11-11] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files (x86)\Ask4PC_KMS\WinDivert.sys [35376 2014-11-12] (Basil Projects)
S2 CMWFP; \??\C:\WINDOWS\system32\Drivers\CMWFP64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 X6va021; \??\C:\WINDOWS\SysWOW64\Drivers\X6va021 [X]
S3 X6va027; \??\C:\WINDOWS\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\WINDOWS\SysWOW64\Drivers\X6va028 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 23:36 - 2015-01-27 23:36 - 00000000 ____D () C:\Users\Jake\Downloads\FRST-OlderVersion
2015-01-23 04:43 - 2015-01-23 04:43 - 00000123 _____ () C:\Users\Jake\Desktop\RELOOK.txt
2015-01-19 05:01 - 2015-01-19 05:01 - 00000179 _____ () C:\Users\Jake\Documents\p.txt
2015-01-19 01:03 - 2015-01-19 05:03 - 00000000 ____D () C:\Users\Jake\AppData\Local\CrashDumps
2015-01-18 18:06 - 2015-01-18 18:06 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-18 17:22 - 2015-01-18 17:22 - 00001189 _____ () C:\Users\Jake\Desktop\Auslogics DiskDefrag.lnk
2015-01-18 17:09 - 2015-01-18 17:09 - 00004374 _____ () C:\Users\Jake\Desktop\registry.txt
2015-01-18 16:45 - 2015-01-27 23:37 - 00018816 _____ () C:\Users\Jake\Downloads\FRST.txt
2015-01-18 16:45 - 2015-01-27 23:37 - 00000000 ___DC () C:\FRST
2015-01-18 16:45 - 2015-01-18 16:46 - 00030479 _____ () C:\Users\Jake\Downloads\Addition.txt
2015-01-18 16:44 - 2015-01-18 16:44 - 00002050 _____ () C:\Users\Jake\Desktop\JRT.txt
2015-01-18 16:41 - 2015-01-18 16:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 16:40 - 2015-01-27 23:36 - 02129920 ____C (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2015-01-18 16:40 - 2015-01-18 16:40 - 01707939 _____ (Thisisu) C:\Users\Jake\Downloads\JRT.exe
2015-01-18 14:32 - 2015-01-18 14:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 14:32 - 2015-01-18 14:32 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 14:32 - 2015-01-18 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 14:32 - 2015-01-18 14:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 14:32 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 14:32 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 14:32 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 14:27 - 2015-01-26 16:32 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 14:27 - 2015-01-18 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-18 14:26 - 2015-01-27 23:31 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 14:26 - 2015-01-27 20:12 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 14:26 - 2015-01-18 15:36 - 00000000 ____D () C:\Users\Jake\AppData\Local\Google
2015-01-18 14:26 - 2015-01-18 14:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-18 14:26 - 2015-01-18 14:26 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-18 14:26 - 2015-01-18 14:26 - 00003640 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-18 04:37 - 2015-01-18 04:37 - 00003090 _____ () C:\WINDOWS\System32\Tasks\{BA9B4338-1F7A-424A-9FF7-E9965A49E5A7}
2015-01-18 04:27 - 2015-01-18 04:30 - 00000000 ____D () C:\Users\Public\Documents\Stronghold AntiMalware
2015-01-18 02:30 - 2015-01-18 02:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 02:23 - 2015-01-18 02:23 - 00000000 ____D () C:\Users\Jake\Desktop\adobe
2015-01-18 02:10 - 2015-01-18 02:10 - 00000428 _____ () C:\Users\Jake\Documents\sadasdsa.txt
2015-01-18 02:08 - 2015-01-18 02:08 - 02186752 _____ () C:\Users\Jake\Desktop\adwcleaner_4.108.exe
2015-01-18 02:00 - 2015-01-18 02:00 - 00002104 _____ () C:\WINDOWS\patsearch.bin
2015-01-18 02:00 - 2015-01-07 21:07 - 00045216 _____ () C:\WINDOWS\system32\Drivers\cmwr.sys
2015-01-18 02:00 - 2015-01-07 21:07 - 00033952 _____ () C:\WINDOWS\system32\Drivers\cmwf.sys
2015-01-18 00:15 - 2015-01-18 00:15 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-17 23:17 - 2015-01-17 23:17 - 00003492 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vip9x1000@hotmail.com
2015-01-17 22:53 - 2015-01-17 22:53 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CC 2014.lnk
2015-01-17 22:50 - 2015-01-18 00:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-17 22:48 - 2015-01-18 00:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-16 22:25 - 2015-01-16 22:25 - 00000000 ____D () C:\Users\Jake\AppData\Local\Line
2015-01-16 22:24 - 2015-01-16 22:24 - 00001083 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-01-16 22:24 - 2015-01-16 22:24 - 00001077 _____ () C:\Users\Public\Desktop\LINE.lnk
2015-01-16 22:24 - 2015-01-16 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-01-16 22:24 - 2015-01-16 22:24 - 00000000 ____D () C:\Program Files (x86)\Naver
2015-01-15 23:49 - 2015-01-15 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-15 23:49 - 2015-01-15 23:49 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-15 14:56 - 2015-01-15 14:59 - 00671744 _____ () C:\Users\Jake\Desktop\appeal completed.form.xls
2015-01-15 11:56 - 2010-05-13 17:34 - 00014232 _____ () C:\WINDOWS\SysWOW64\sh4native.exe
2015-01-15 01:57 - 2015-01-18 14:00 - 00000000 ____D () C:\WINDOWS\AF54923662584AC6A0435B5B89C6EB61.TMP
2015-01-15 01:44 - 2015-01-15 01:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\X86
2015-01-15 01:44 - 2015-01-15 01:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\AMD64
2015-01-15 00:30 - 2015-01-15 00:30 - 00000000 ____C () C:\autoexec.bat
2015-01-13 14:32 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 14:32 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 14:32 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 14:32 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 14:32 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 14:32 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 14:32 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 14:32 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 14:32 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 14:32 - 2014-10-28 20:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 14:32 - 2014-10-28 20:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 14:32 - 2014-10-28 19:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 14:32 - 2014-10-28 19:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 14:32 - 2014-10-28 19:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 14:32 - 2014-10-28 19:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 14:32 - 2014-10-28 19:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 14:32 - 2014-10-28 19:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 14:32 - 2014-10-28 19:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 14:32 - 2014-10-28 19:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 14:32 - 2014-10-28 19:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 14:32 - 2014-10-28 18:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 14:32 - 2014-10-28 17:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 14:32 - 2014-10-28 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 14:32 - 2014-10-28 17:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 14:32 - 2014-10-28 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-12 22:31 - 2015-01-18 04:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ソ睾メメヨ 2014
2015-01-12 22:29 - 2015-01-12 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ソ睾メKク
2015-01-12 22:16 - 2015-01-12 22:17 - 00000135 _____ () C:\WINDOWS\SysWOW64\debug.log
2015-01-12 22:15 - 2015-01-12 22:15 - 00000000 __SHD () C:\Users\Jake\AppData\Local\EmieBrowserModeList
2015-01-12 22:15 - 2014-12-01 23:56 - 00151096 _____ (Tencent) C:\WINDOWS\SysWOW64\MMInstaller.dll
2015-01-12 22:14 - 2015-01-12 22:19 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent
2015-01-12 22:12 - 2015-01-12 22:13 - 00808800 _____ () C:\Users\Jake\AppData\Roaming\TXQBINST.DLL
2015-01-12 22:06 - 2015-01-12 22:08 - 00000000 ____D () C:\Users\Public\Documents\Tencent
2015-01-12 22:05 - 2015-01-12 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-01-12 21:21 - 2015-01-12 21:21 - 00724992 _____ (Indigo Rose Corporation) C:\WINDOWS\iun6002.exe
2015-01-11 22:13 - 2015-01-11 22:13 - 00000000 ___RD () C:\Users\Jake\Creative Cloud Files
2015-01-11 22:04 - 2015-01-14 23:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-11 21:52 - 2015-01-18 20:07 - 00000000 ____D () C:\Users\Jake\Desktop\DATA-FILES
2015-01-10 16:46 - 2015-01-10 16:46 - 00000000 ____D () C:\Users\Jake\AppData\Local\Unity
2015-01-07 11:28 - 2015-01-07 11:29 - 00000000 ____D () C:\Users\Jake\AppData\Local\Amazon
2015-01-04 18:59 - 2015-01-04 19:00 - 00000000 ____D () C:\Users\Jake\Desktop\DungeonNightmaresIIDemo_v071-64bit
2015-01-02 01:52 - 2015-01-02 01:52 - 00043614 _____ () C:\Users\Jake\Documents\cc_20150102_015245.reg
2014-12-28 20:19 - 2015-01-23 21:53 - 00000000 ____D () C:\Users\Jake\Desktop\J-RPG Stuff
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-27 23:23 - 2014-10-24 13:55 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Skype
2015-01-27 23:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-27 21:38 - 2014-11-09 20:54 - 00004938 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for iTz-Volty iTz
2015-01-27 20:12 - 2014-12-02 11:45 - 00000476 ____H () C:\WINDOWS\Tasks\PortFinale-S-1487226751.job
2015-01-27 20:12 - 2014-10-31 18:08 - 00000000 __RDO () C:\Users\Jake\OneDrive
2015-01-27 20:12 - 2014-10-26 16:21 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Copy
2015-01-27 20:10 - 2014-10-31 17:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-27 20:10 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-27 14:43 - 2014-10-23 21:55 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3966931427-2845340407-1120486737-1002
2015-01-27 03:55 - 2014-10-27 00:03 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-27 03:54 - 2014-10-27 00:03 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 02:58 - 2014-12-14 05:47 - 00000639 _____ () C:\Users\Jake\Desktop\EpisodeList.txt
2015-01-27 02:00 - 2014-10-23 23:16 - 00000000 ____D () C:\Users\Jake\AppData\Local\Adobe
2015-01-26 20:52 - 2014-12-25 04:06 - 00000000 ____D () C:\Users\Jake\Desktop\PDF Stuff
2015-01-26 03:32 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 16:40 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-24 03:21 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-22 14:12 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 11:37 - 2014-09-29 22:19 - 00000000 ____D () C:\Users\Jake\Documents\Philosophy
2015-01-20 03:04 - 2014-10-26 20:42 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Azureus
2015-01-19 13:32 - 2014-09-24 01:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 13:32 - 2014-09-24 01:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 22:35 - 2014-10-23 21:45 - 00000000 ____D () C:\Users\Jake\AppData\Local\Packages
2015-01-18 17:50 - 2014-10-31 17:44 - 00000000 ____D () C:\Users\Jake
2015-01-18 17:22 - 2014-10-24 03:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-01-18 17:22 - 2014-10-24 03:57 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-01-18 16:49 - 2014-12-23 17:01 - 00000000 ___DC () C:\AdwCleaner
2015-01-18 03:01 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-01-18 00:30 - 2014-10-23 23:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-18 00:15 - 2014-10-23 21:46 - 00000000 ____D () C:\Users\Jake\AppData\Roaming\Adobe
2015-01-17 22:48 - 2012-08-21 21:06 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 21:22 - 2014-11-11 01:23 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-01-15 01:28 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\TAPI
2015-01-15 00:10 - 2014-12-05 20:21 - 00000000 ____D () C:\Users\Jake\Desktop\HS
2015-01-13 15:50 - 2014-10-24 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 15:46 - 2014-10-24 00:02 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-12 00:48 - 2014-10-23 21:45 - 00000000 ____D () C:\Users\Jake\AppData\Local\VirtualStore
2015-01-10 20:50 - 2014-10-26 17:00 - 00000600 _____ () C:\Users\Jake\AppData\Roaming\winscp.rnd
2015-01-07 16:42 - 2013-08-26 17:37 - 00000000 ____D () C:\Users\Jake\Documents\Anime Stuffs
2015-01-07 16:24 - 2014-10-23 23:21 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-07 02:04 - 2014-12-01 22:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-31 03:50 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-31 03:14 - 2014-10-24 00:04 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2014-12-16 21:21 - 2014-12-26 18:18 - 0000004 _____ () C:\Users\Jake\AppData\Roaming\appdataFr2.bin
2014-10-23 21:48 - 2014-11-09 20:52 - 0000380 _____ () C:\Users\Jake\AppData\Roaming\sp_data.sys
2015-01-12 22:12 - 2015-01-12 22:13 - 0808800 _____ () C:\Users\Jake\AppData\Roaming\TXQBINST.DLL
2014-10-26 17:00 - 2015-01-10 20:50 - 0000600 _____ () C:\Users\Jake\AppData\Roaming\winscp.rnd
2014-10-24 17:50 - 2014-10-24 17:50 - 0003584 _____ () C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-26 16:24 - 2014-10-26 16:25 - 0000600 _____ () C:\Users\Jake\AppData\Local\PUTTY.RND
2012-08-21 21:06 - 2012-07-29 22:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-21 21:06 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-21 21:11
 
==================== End Of Log ============================
 
Addition Text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Volty at 2015-01-27 23:38:10
Running from C:\Users\Jake\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Professional CC 2014 (HKLM-x32\...\{AA704223-E11C-11E3-8A38-C09A633B72AF}) (Version: 14.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.142.61507 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.3.142.61507 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask4pc KMS Win Activator version 2.0 (HKLM-x32\...\{1FDFE3EA-5BD0-4CEB-8A46-16BAC1A5417C}_is1) (Version: 2.0 - Ask4pc, Inc.)
ASUS Fan Filter Checker (HKLM-x32\...\{2B0E8920-47D0-4F4D-BE03-76397409B837}) (Version: 1.0.0001 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.018 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Auslogics Boost Speed Patch(ask4pc) version 6.x (HKLM-x32\...\{6BD4EDCE-BA94-48BD-9DB4-362141BA8F3D}_is1) (Version: 6.x - Ask4pc, Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.2.0.0 - Auslogics Labs Pty Ltd)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.0.708 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Copy (HKLM\...\{EE4CEBB9-C0FC-4503-9BC0-1E32B566DE71}) (Version: 1.47.410.0 - Barracuda Networks, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Elsword version v4.1015.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.1015.5.1 - KOGGAMES)
Everlasting Summer (HKLM-x32\...\Steam App 331470) (Version:  - Soviet Games)
Flash Renamer 6.72 (HKLM-x32\...\Flash Renamer_is1) (Version:  - RL Vision)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LINE (HKLM-x32\...\LINE) (Version: 3.9.0.172 - LINE Corporation)
Lost Saga North America (HKLM-x32\...\Steam App 266150) (Version:  - IO Entertainment)
LoveBeat (HKLM-x32\...\{E9EC067C-0CEA-443D-9DDE-D58883400CFD}) (Version: 1.00.0000 - CrazyDiamond)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MicroVolts (HKLM-x32\...\{5E7A8F05-013C-44FD-B450-5434CA581098}_is1) (Version:  - Rock Hippo Productions Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Narcissu 1st & 2nd (HKLM-x32\...\Steam App 264380) (Version:  - stage-nana)
NEKOPARA Vol. 1 Demo (HKLM-x32\...\Steam App 334660) (Version:  - NEKO WORKs)
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Phantasy Star Online 2 (HKLM-x32\...\http://pso2.jp/appid/release/asiasoft_sg_is1) (Version:  - Asiasoft)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.2.8 - Developer Tribe (Pvt) Ltd.)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Unity Web Player (HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-01-2015 04:14:53 Scheduled Checkpoint
11-01-2015 22:04:15 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-01-2015 22:16:03 删除 腾讯QQ。
14-01-2015 23:33:11 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
14-01-2015 23:33:55 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
15-01-2015 23:49:26 Installed 7-Zip 9.20 (x64 edition)
17-01-2015 22:49:32 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
17-01-2015 22:50:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
22-01-2015 14:08:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02AF55FF-BE5A-497C-9B80-A5D2BDA188BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {03FBB110-4E8D-45E9-8AEC-CCBB06AD4A09} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {07957FF6-7D80-48D0-9F26-2B9B22EE624C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0CE084C5-624B-4605-B20E-21D1BB148A1C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0D818483-9504-45EF-8D42-1DA108936868} - \gtaUpt No Task File <==== ATTENTION
Task: {1440C713-7B78-4DEA-9160-F2F94F861A08} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {28B7676E-04C7-4C02-B094-922336AF51FC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {44D9A5FA-84C9-4B4E-9EC3-94F88DA4B1F1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {486D3705-AB70-4DD4-BA4F-283551D19318} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {4B85850D-5D2B-47AD-9B90-5D7293346061} - System32\Tasks\PortFinale-S-1487226751 => c:\programdata\trusted publisher\netplus\PortFinale.exe <==== ATTENTION
Task: {5684632D-609E-4AD8-B4B4-A5FB36BE9DFC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {662B2CB4-08FD-41DB-8EAD-F1384F18DE58} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-13] (Microsoft Corporation)
Task: {6E3D2BDE-C676-4445-865B-B06A49990A78} - System32\Tasks\Ask4pc KMS Daily Restart => C:\Program
Task: {711C2BEF-515E-4182-895A-94BEBF185061} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {73742AAC-B2BF-4EC2-88BD-652064903DA0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {74D77A54-D0D9-407D-9DF1-03D936C794AC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vip9x1000@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {779865BB-42A0-4FA6-BAE0-9525F4878C53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18] (Google Inc.)
Task: {7F67B6FD-F083-43CC-A892-C7B22F9747DD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8AA112CF-07D0-4F89-A14C-075D64E2F497} - \KwSingRunAsStdUser Task14021 No Task File <==== ATTENTION
Task: {99152342-9295-4E45-830E-8A87CB9F2884} - \NNYOXBV No Task File <==== ATTENTION
Task: {9A5D4EA1-DE89-4518-B346-2873F90AFB59} - System32\Tasks\Microsoft Office 15 Sync Maintenance for iTz-Volty iTz => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {9DF61F2E-BF4C-413C-9BD0-CF6FCF6A39D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-18] (Google Inc.)
Task: {B8752940-40C6-410E-AD9D-803098781CCB} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3966931427-2845340407-1120486737-1002
Task: {BE151DD7-0C2D-4033-AF95-D228E35C1C0F} - \KwRunAsStdUser Task14201 No Task File <==== ATTENTION
Task: {C0ECC041-7C6B-48E8-A0FF-9150E7117D28} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-15] (Synaptics Incorporated)
Task: {CCF6E25E-FF2E-4A2D-8F02-5ABA090F6E37} - System32\Tasks\Microsoft\3cd3cb02ed6f01c13f1a1e0e3b35fc94 => C:\Users\Jake\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {D012E9AF-C6F7-4299-A6D4-5DF24509A753} - System32\Tasks\{BA9B4338-1F7A-424A-9FF7-E9965A49E5A7} => pcalua.exe -a "C:\Program Files (x86)\kuwo\kuwomusic\uninstall.exe"
Task: {EAAFB2CF-9402-47E2-A87C-680522F8FFEB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F0848AFC-BEED-445B-8A34-91DBA3C67861} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {F0F78C26-C59F-4A89-98C2-DC81D44E8FDD} - \KwRunAsStdUser Task21335 No Task File <==== ATTENTION
Task: {FC33687D-60F0-41D7-9CCD-A8EE35878F0B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PortFinale-S-1487226751.job => c:\programdata\trusted publisher\netplus\PortFinale.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-31 17:38 - 2014-10-29 18:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-08-04 09:34 - 2012-08-04 09:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-26 16:21 - 2014-10-26 16:21 - 08220192 _____ () C:\Users\Jake\AppData\Roaming\Copy\overlay\Brt.dll
2012-08-31 14:48 - 2012-07-10 23:51 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-08-31 14:48 - 2012-07-10 23:51 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-31 14:47 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-12 21:54 - 2014-11-12 21:54 - 00113664 _____ () C:\Program Files (x86)\Naver\LINE\PlayerHelper.dll
2014-12-17 20:14 - 2014-12-17 20:14 - 03123048 _____ () C:\Program Files (x86)\Naver\LINE\ampkit_windows.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-01-26 16:32 - 2015-01-24 22:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-26 16:32 - 2015-01-24 22:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-26 16:32 - 2015-01-24 22:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Jake\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Jake\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Jake\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\subvi_000\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Copy => "C:\Users\Jake\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: kwmusic => 
MSCONFIG\startupreg: KwSing => 
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "shopperz64"
HKLM\...\StartupApproved\Run: => "shopperz"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "KwSing"
HKLM\...\StartupApproved\Run32: => "kwmusic"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Stronghold AntiMalware"
HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-3966931427-2845340407-1120486737-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3966931427-2845340407-1120486737-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3966931427-2845340407-1120486737-501 - Limited - Disabled)
subvi_000 (S-1-5-21-3966931427-2845340407-1120486737-1009 - Administrator - Enabled) => C:\Users\subvi_000
UpdatusUser (S-1-5-21-3966931427-2845340407-1120486737-1007 - Limited - Enabled)
Volty (S-1-5-21-3966931427-2845340407-1120486737-1002 - Administrator - Enabled) => C:\Users\Jake
 
==================== Faulty Device Manager Devices =============
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther VPN Project
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name:  HL-DT-ST DVDRAM
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2015 08:12:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 08:12:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 08:12:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 08:12:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 08:11:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 02:32:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 F.B.6.7.F.9.9.1.0.9.2.8.C.1.4.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR iTz-2.local.
 
Error: (01/27/2015 02:32:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   11 F.B.6.7.F.9.9.1.0.9.2.8.C.1.4.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR iTz.local.
 
 
System errors:
=============
Error: (01/27/2015 08:10:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/27/2015 02:32:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/27/2015 02:22:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/26/2015 08:22:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/26/2015 02:21:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/26/2015 10:35:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/25/2015 04:27:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CMWFP service failed to start due to the following error: 
%%2
 
Error: (01/25/2015 04:21:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.FreshPaint.
 
Error: (01/25/2015 04:21:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingNews.
 
Error: (01/25/2015 03:49:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.FreshPaint.
 
 
Microsoft Office Sessions:
=========================
Error: (01/27/2015 08:12:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 08:12:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 08:12:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 08:12:00 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 08:11:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 02:32:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (01/27/2015 02:32:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 F.B.6.7.F.9.9.1.0.9.2.8.C.1.4.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR iTz-2.local.
 
Error: (01/27/2015 02:32:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.5:5353   11 F.B.6.7.F.9.9.1.0.9.2.8.C.1.4.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR iTz.local.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-27 14:45:41.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-26 20:59:38.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-24 18:56:45.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.600
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.444
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.288
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:43.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-23 22:59:42.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8144.97 MB
Available physical RAM: 6050.98 MB
Total Pagefile: 9424.97 MB
Available Pagefile: 6812.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:880.17 GB) (Free:645.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CC1AD6D4)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 29 January 2015 - 01:53 AM

Hi iTzyVolty
 
Good job with the FRST logs. :thumbsup:

 

When you get a spare moment, please answer the following questions. It will help me get a better idea of the condition of your system:

  • Have you noticed any operational issues with your computer?
  • Is it slow or does it freeze up?
  • Does your browser work efficiently?
  • If you had not run the FRST program, would you have noticed this problem?
  • Do you also get error messages displayed when your computer is going through its normal operations?

 

You said:

I use Ccleaner and on the registry fixing I always kept getting the same errors.

Do you mean these kind of errors?

"C:\Program Files (x86)\ver0SpeeditUp" => File/Directory not found.
HKU\S-1-5-21-3805180030-359751056-14507808-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found. 
cmwf => Unable to stop service
cmwf => Error deleting Service
cmwr => Unable to stop service
cmwr => Error deleting Service

 

Let me know if you have any questions.

 

polskamachina

 



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 05 February 2015 - 08:04 PM

Hi iTzVolty :)
 
It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:10 PM

Posted 09 February 2015 - 12:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users