Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have been infected with win32.tssd. (windows 7)


  • This topic is locked This topic is locked
14 replies to this topic

#1 pond511

pond511

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 18 June 2015 - 06:20 AM

I am using windows 7 and was surfing the internet and then shutdown my computer normally. everything work just fine but then I'm started the computer next day something unusual  happen. First, the boot process take very long (longer than usual) and when the windows start everything was slow and the light that show hard disk that is running is stay on all the time (usually its just a blink). I cannot run task manager and cannot open most of the programs, my internet wont connect (nothing seem wrong with the connection because other device that not infected can connect to the internet) and I cannot run any antivirus or malware(my kaspersky says that 0 object have been scan and keep pending it others just wont open ). ccleaner can do nothing about it and accessing file in my computer take ages to respond. So, I just restart and working in safe mode with internet connection and then everything work perfectly. My internet connection has came back and work just fine. I can accessing file and folder so I remove and backup an important data. I can run taskmanager and other commnd I also can run malwarebytes and have it scan my computer. Found something (not much and fix it) but when I run spybot search and destroy it keep stuck at win32.tssd. ___ (sometimes .cl sometimes .rtk ) and wont continue. my Kaspersky also cannot run and show exact same error.  tssdkiller wont scan and just freeze even if  I rename it to something else. I try rebooting but everything stay just the same normal mode just freeze but in safe mode its looking better. any advice how to fix this.
 
Thank you for help
pond511
 
this is my log file form farbar 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by iNTeL (administrator) on INTEL-PC on 18-06-2015 17:38:58
Running from C:\Users\iNTeL\Desktop
Loaded Profiles: iNTeL (Available Profiles: iNTeL)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(LINE Corporation) C:\Program Files\Naver\LINE\Line.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9874024 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [BuffaloTools] => C:\Program Files\BUFFALO\BuffaloTools\BuffaloTools.exe [175176 2011-08-18] (BUFFALO INC.)
HKLM\...\Run: [tpcexTray] => C:\Program Files\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe [138312 2011-07-20] (BUFFALO INC.)
HKLM\...\Run: [TC2Tray] => C:\Windows\system32\TC2Tray.exe [416840 2011-07-14] (BUFFALO INC.)
HKLM\...\Run: [Backup Utility TaskTray Tool] => C:\Program Files\BUFFALO\Backup_Utility\BUTray.exe [3603528 2011-09-06] (BUFFALO INC.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Run: [Google Update] => C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1261472 2012-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Run: [GoogleChromeAutoLaunch_93144E425F7F487B3F972F5BF8A80BCA] => C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-05-23] (Google Inc.)
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\MountPoints2: {78b20357-ac89-11e0-b4a1-415645000030} - L:\MINNIE.exe
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-05-31]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\iNTeL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\iNTeL\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-09-27] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-04-28] (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.th/?gws_rd=cr,ssl&ei=lXhtVNnKM4WxmAXa0oHADA
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKLM - Default Value = {74198672-5F7D-4FE9-A611-4AC1D5A66A15}
URLSearchHook: HKLM - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup)
URLSearchHook: HKU\S-1-5-21-149558531-2800396231-1507067438-1000 - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll (SimilarGroup)
SearchScopes: HKU\S-1-5-21-149558531-2800396231-1507067438-1000 -> DefaultScope {1704B68F-96B0-42D8-966B-50FFC4C6B81F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-149558531-2800396231-1507067438-1000 -> {1704B68F-96B0-42D8-966B-50FFC4C6B81F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-149558531-2800396231-1507067438-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06] (Yahoo! Inc.)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-03-03] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-11] (Oracle Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2015-05-14] (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-03-03] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-11] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-03-03] (Kaspersky Lab ZAO)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-10-06] (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06] (Yahoo! Inc.)
Toolbar: HKLM - SimilarWeb - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files\SimilarWeb\SimilarWeb.dll [2013-01-28] (SimilarGroup)
DPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://thaisquare.thaiairways.co.th/AirCrewsCrewWeb/crystalreportviewers/ActiveXControls/PrintControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.144.206.49 203.144.206.29
 
FireFox:
========
FF ProfilePath: C:\Users\iNTeL\AppData\Roaming\Mozilla\Firefox\Profiles\o3qqd40r.default-1411799748677
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [2014-01-29] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-11] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-25] ( )
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-10-16] (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-20] (Pando Networks)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-05-14] (Perfect World Entertainment Inc)
FF Plugin: @photodex.com/PhotodexPresenter -> C:\Program Files\Photodex Presenter\npPxPlay.dll [2014-08-17] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-149558531-2800396231-1507067438-1000: @tools.google.com/Google Update;version=3 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-149558531-2800396231-1507067438-1000: @tools.google.com/Google Update;version=9 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-149558531-2800396231-1507067438-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-03-20] (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-06-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-06-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-06-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-06-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-06-01] (Apple Inc.)
FF Extension: Start Page - C:\Users\iNTeL\AppData\Roaming\Mozilla\Firefox\Profiles\o3qqd40r.default-1411799748677\Extensions\{2bc72c53-9bde-4db2-8479-eda9a5e71f4e} [2015-03-23]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-10]
FF HKLM\...\Firefox\Extensions: [fbdownloader@KMcore] - 
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-03]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-03]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-03]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-03]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-10]
 
Chrome: 
=======
CHR Profile: C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-11-23]
CHR Extension: (HD for YouTube™) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-23]
CHR Extension: (YouTube) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Download FB Album mod) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-08-19]
CHR Extension: (Google Search) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Search by Image (by Google)) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-11-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-05-08]
CHR Extension: (AutoCAD 360) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2014-11-23]
CHR Extension: (SimilarWebLite) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpicgdnjfnbkibnicdnnpkkpklkjkki [2014-11-23]
CHR Extension: (Pixlr-o-matic) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2014-11-23]
CHR Extension: (PicMonkey) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-11-23]
CHR Extension: (Hola Better Internet) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-29]
CHR Extension: (Pixlr Editor) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2014-11-23]
CHR Extension: (Album Downloader for Facebook™) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcheapnmfbmcccnbjhhkmleoiljgpmkl [2014-08-19]
CHR Extension: (Autodesk Homestyler) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-11-23]
CHR Extension: (Little Alchemy) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-11-23]
CHR Extension: (Cube - A game about Google Maps) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbcoijfpdfchaihokncghkbplhiiehko [2014-11-23]
CHR Extension: (Sketchpad) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp [2014-11-23]
CHR Extension: (Google Wallet) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Deezer) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2014-11-23]
CHR Extension: (piZap Photo Editor) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2014-11-23]
CHR Extension: (Psykopaint) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-11-23]
CHR Extension: (Gmail) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]
CHR Extension: (Anti-Banner) - C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-05-08]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-16]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-16]
StartMenuInternet: Google Chrome - C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-05-14] (Perfect World Entertainment Inc)
S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-16] (Kaspersky Lab ZAO)
S2 BFBackupUtilityService; C:\Program Files\BUFFALO\Backup_Utility\BUService.exe [320888 2010-08-20] (BUFFALO INC.)
S2 BFBackupUtilityVSSService; C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe [247160 2010-04-28] (BUFFALO INC.)
S2 bufssvr; C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe [95608 2010-03-16] (BUFFALO INC.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-01-29] (Intel Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-09-23] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [954368 2012-07-20] (Wireless) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [184840 2012-07-25] (Nitro PDF Software)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-07] (Pandora.TV)
S3 Program Manager; C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [952984 2015-05-28] (Spigot, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
S2 ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [186760 2014-08-17] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1373480 2007-09-07] (Wacom Technology, Corp.)
S2 TC2Service; C:\Windows\system32\TC2Service.exe [224328 2011-07-12] (BUFFALO INC.)
S2 tpcexdccs; C:\Program Files\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [134216 2011-07-20] (BUFFALO INC.)
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-04-01] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2013-10-10] (Cisco Systems, Inc.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [98280 2011-01-27] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [304616 2011-01-27] (ASMedia Technology Inc)
R0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [38264 2010-03-10] (BUFFALO INC.)
R0 bftpdskc; C:\Windows\System32\drivers\bftpdskc.sys [41856 2011-07-07] (BUFFALO INC.) [File not signed]
S3 bftpusbx; C:\Windows\System32\drivers\bftpusbx.sys [11776 2010-09-22] (BUFFALO INC.) [File not signed]
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice.sys [471808 2007-07-20] (eMPIA Technology, Inc.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2014-05-05] (DT Soft Ltd)
S3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter.sys [201216 2007-06-14] (eMPIA Technology Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [77808 2014-01-31] (FTDI Ltd.)
U0 gpdpy; C:\Windows\System32\drivers\pjqcaia.sys [52440 2015-06-18] (Malwarebytes Corporation)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-03-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-25] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-16] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-03-03] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-16] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-03-03] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [29184 2006-05-30] (http://libusb-win32.sourceforge.net) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [23112 2011-07-15] (Aventail Corporation)
S3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [27208 2011-07-15] (Aventail Corporation)
S3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [81480 2011-07-15] (Aventail Corporation)
S3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [25160 2011-07-15] (Aventail Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation                           )
S3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan.sys [6656 2007-07-23] (eMPIA Technology, Inc.)
S1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2014-03-11] (Power Software Ltd)
S1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2012-06-04] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452432 2012-06-04] (Paragon)
S1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283344 2012-06-04] (Paragon)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43376 2013-10-10] (Cisco Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-18 17:37 - 2015-06-18 17:38 - 00000000 ____D C:\FRST
2015-06-18 17:37 - 2015-06-18 17:38 - 00000000 _____ C:\Users\iNTeL\Desktop\FRST.txt
2015-06-18 17:37 - 2015-06-18 17:37 - 00000324 _____ C:\Users\iNTeL\Desktop\Addition.txt
2015-06-18 17:36 - 2015-06-18 17:36 - 01148416 _____ (Farbar) C:\Users\iNTeL\Desktop\FRST.exe
2015-06-18 11:49 - 2015-06-18 11:49 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\iNTeL\Desktop\yaga.exe
2015-06-18 11:45 - 2015-06-18 11:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\iNTeL\Desktop\tdsskiller.exe
2015-06-18 11:44 - 2015-06-18 11:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-06-18 11:43 - 2015-06-18 11:43 - 02351936 _____ (Kaspersky Lab) C:\Users\iNTeL\Desktop\kis15.0.1.415en_es_pt_fr_de_it_ru_6887.exe
2015-06-18 09:10 - 2015-06-18 09:10 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\pjqcaia.sys
2015-06-10 23:24 - 2015-06-10 23:24 - 00000318 _____ C:\Users\iNTeL\Desktop\swiss.txt
2015-06-10 22:59 - 2015-06-10 22:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-06 10:06 - 2014-08-17 22:01 - 00001178 _____ C:\Windows\system32\Drivers\etc\hosts.20150606-100634.backup
2015-06-06 09:00 - 2015-06-18 12:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-06 08:59 - 2015-06-06 08:59 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-06 08:59 - 2015-06-06 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-06 08:59 - 2015-06-06 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-06 08:59 - 2015-06-06 08:59 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-06 08:59 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-06 08:59 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 08:59 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 08:58 - 2015-06-06 09:59 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-06-06 08:58 - 2015-06-06 08:58 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-06-06 08:58 - 2015-06-06 08:58 - 00002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-06-06 08:58 - 2015-06-06 08:58 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-06-06 08:58 - 2015-06-06 08:58 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-06-06 08:58 - 2015-06-06 08:58 - 00000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-06-06 08:58 - 2015-06-06 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-06-06 08:58 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-06-02 17:40 - 2015-06-05 16:35 - 00000000 ____D C:\Users\iNTeL\AppData\Roaming\Adobe
2015-06-02 17:40 - 2015-06-05 16:35 - 00000000 ____D C:\Users\iNTeL\AppData\Local\Adobe
2015-06-02 17:40 - 2015-06-05 11:39 - 00000000 ____D C:\ProgramData\Adobe
2015-06-02 17:16 - 2015-06-02 17:16 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-01 10:07 - 2015-06-01 10:07 - 00000000 ____D C:\Users\iNTeL\AppData\Local\GWX
2015-06-01 09:59 - 2015-06-01 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-06-01 09:57 - 2015-06-01 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-06-01 09:57 - 2015-06-01 09:57 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-06-01 09:57 - 2015-06-01 09:57 - 00000000 ____D C:\Program Files\iTunes
2015-06-01 09:57 - 2015-06-01 09:57 - 00000000 ____D C:\Program Files\iPod
2015-06-01 09:52 - 2015-06-01 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-06-01 09:52 - 2015-06-01 09:52 - 00000000 ____D C:\Program Files\QuickTime
2015-06-01 09:34 - 2015-06-18 09:10 - 00000000 ____D C:\Program Files\YTD Toolbar
2015-06-01 09:34 - 2015-06-01 09:34 - 00000000 ____D C:\Program Files\Common Files\ProgramManager
2015-05-24 14:08 - 2015-05-24 14:08 - 00000049 _____ C:\Users\iNTeL\Documents\sub.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-18 12:22 - 2013-10-19 22:16 - 00001113 _____ C:\Windows\wininit.ini
2015-06-18 09:10 - 2014-10-11 10:59 - 00000000 ____D C:\ProgramData\APN
2015-06-18 09:10 - 2012-10-09 14:27 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-06-18 09:10 - 2011-08-07 10:08 - 00000000 ____D C:\ProgramData\YouTube Downloader
2015-06-18 09:10 - 2011-05-02 11:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-16 08:38 - 2013-12-05 14:09 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2015-06-16 08:33 - 2011-04-29 15:30 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000UA.job
2015-06-16 08:29 - 2014-11-03 08:38 - 00000000 ____D C:\Users\iNTeL\AppData\Roaming\WTablet
2015-06-16 08:29 - 2012-02-19 20:02 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-16 08:28 - 2015-02-05 12:15 - 00030944 _____ C:\Windows\setupact.log
2015-06-16 08:28 - 2011-06-04 11:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-16 08:27 - 2011-04-28 20:28 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-16 08:27 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-15 15:27 - 2011-05-03 19:00 - 00000000 ____D C:\Users\iNTeL\AppData\Roaming\uTorrent
2015-06-15 13:59 - 2014-02-14 22:19 - 00000000 ___RD C:\Users\iNTeL\Dropbox
2015-06-15 13:59 - 2014-02-14 22:17 - 00000000 ____D C:\Users\iNTeL\AppData\Roaming\Dropbox
2015-06-15 13:40 - 2013-01-19 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 13:34 - 2011-04-28 20:23 - 01168194 _____ C:\Windows\WindowsUpdate.log
2015-06-14 18:23 - 2011-10-21 19:04 - 05641216 ___SH C:\Users\iNTeL\Desktop\Thumbs.db
2015-06-14 14:06 - 2011-04-28 20:23 - 00000000 ____D C:\Users\iNTeL
2015-06-14 14:05 - 2012-12-01 09:22 - 00000000 ___SD C:\Users\iNTeL\Google ไดรฟ์
2015-06-14 11:47 - 2011-04-28 20:28 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 17:01 - 2012-06-12 18:32 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-06-11 17:01 - 2012-06-12 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-06-11 11:18 - 2014-01-24 21:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-08 10:38 - 2012-10-01 19:51 - 00000000 ____D C:\Users\iNTeL\Desktop\Waiting List
2015-06-08 08:55 - 2011-07-12 21:18 - 00000000 ____D C:\Users\iNTeL\Desktop\FCKAN
2015-06-07 10:44 - 2009-07-14 11:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-07 10:03 - 2012-03-24 18:11 - 00007628 _____ C:\Users\iNTeL\AppData\Local\Resmon.ResmonCfg
2015-06-06 15:54 - 2015-02-05 12:15 - 00047454 _____ C:\Windows\PFRO.log
2015-06-06 10:27 - 2011-10-14 18:25 - 00000000 ____D C:\Users\iNTeL\Desktop\Backup for picture at 14102554
2015-06-05 20:39 - 2014-11-18 11:39 - 00000000 ____D C:\WTablet
2015-06-05 17:59 - 2011-07-11 09:50 - 00033792 ___SH C:\Users\iNTeL\Documents\Thumbs.db
2015-06-05 13:15 - 2011-06-04 11:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-05 11:39 - 2011-05-02 10:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-05 10:38 - 2009-07-14 11:34 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-05 10:38 - 2009-07-14 11:34 - 00023568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 17:57 - 2013-03-27 18:07 - 00000000 ____D C:\ProgramData\PhotoStitch
2015-06-02 17:16 - 2011-06-04 11:31 - 00000000 ____D C:\Program Files\Google
2015-06-01 09:57 - 2013-12-02 11:06 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-06-01 09:57 - 2012-10-14 09:03 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-06-01 09:57 - 2011-04-30 12:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-06-01 09:52 - 2012-11-19 20:58 - 00001815 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-06-01 09:50 - 2011-04-30 12:11 - 00000000 ____D C:\ProgramData\Apple
2015-05-28 18:45 - 2011-04-29 15:30 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000Core.job
2015-05-26 17:16 - 2012-08-05 10:45 - 00000000 ____D C:\Users\iNTeL\AppData\Roaming\Nitro PDF
2015-05-26 17:16 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-05-25 22:02 - 2011-04-29 16:13 - 00000000 ___RD C:\Program Files\Skype
2015-05-20 13:16 - 2015-04-04 12:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 11:58 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2013-04-09 15:07 - 2013-04-09 15:09 - 0000132 _____ () C:\Users\iNTeL\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2013-05-14 19:06 - 2014-12-26 10:55 - 0000132 _____ () C:\Users\iNTeL\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-06-26 10:43 - 2013-04-23 16:30 - 0000167 _____ () C:\Users\iNTeL\AppData\Roaming\PLGComp.ini
2011-10-28 14:02 - 2014-10-30 21:51 - 0033280 _____ () C:\Users\iNTeL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-24 18:11 - 2015-06-07 10:03 - 0007628 _____ () C:\Users\iNTeL\AppData\Local\Resmon.ResmonCfg
2012-02-19 17:39 - 2012-02-19 17:39 - 0017408 _____ () C:\Users\iNTeL\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-05 10:52
 
==================== End of log ============================
 
Ps. I somehow cannot find the way to attach a file so this is addition 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by iNTeL at 2015-06-18 17:48:32
Running from C:\Users\iNTeL\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-149558531-2800396231-1507067438-500 - Administrator - Disabled)
Guest (S-1-5-21-149558531-2800396231-1507067438-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-149558531-2800396231-1507067438-1002 - Limited - Enabled)
iNTeL (S-1-5-21-149558531-2800396231-1507067438-1000 - Administrator - Enabled) => C:\Users\iNTeL
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
A.F.5 Rename your files 1.1 (HKLM\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)
ACDSee Pro 4 (HKLM\...\{2971F7C2-6272-446B-B15A-E347D5FC4CAD}) (Version: 4.0.93 - ACD Systems International Inc.)
ACDSee Pro 5 (HKLM\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.2.157 - ACD Systems International Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Professional CS5 (HKLM\...\{CFC9F871-7C40-40B6-BE4A-B98A5B309716}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop (HKLM\...\Adobe Photoshop_is1) (Version:  - www.g1wholesale.com)
Adobe Photoshop Lightroom 5.3 (HKLM\...\{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Pixel Bender Toolkit 2 (HKLM\...\{D5CC77BE-BC5B-424E-8E45-DF60AFF7BE9C}) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
AHD Subtitles Maker Professional (HKLM\...\{59AAAD98-7A16-48EE-BAB6-44225701886C}) (Version: 4.0.987.176 - AHD)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9642 - Perfect World Entertainment)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS nVidia Driver (Version: 1.00.0000 - ASUSTek) Hidden
Aventail Connect (HKLM\...\{A2A78788-2792-49BF-AF22-5E9296E568F3}) (Version: 10.53.55 - SonicWALL Aventail)
Batch Picture Protector 3.0 (HKLM\...\Batch Picture Protector_is1) (Version: 3.0 - SoftOrbits)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BUFFALO Backup Utility (HKLM\...\UN091222) (Version:  - )
BUFFALO BuffaloTools Launcher (HKLM\...\UN091201) (Version:  - )
Buffalo RAMDISK Utility (HKLM\...\Buffalo BFRD4G) (Version:  - )
BUFFALO SecureLockManagerEasy for HD (HKLM\...\UN090430) (Version:  - )
BUFFALO TurboPC EX (HKLM\...\UN110613) (Version:  - )
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.7.0.6 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.5.0.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Digital Photo Professional 3.11 (HKLM\...\DPP) (Version: 3.11.4.10 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.9.1.0 - Canon Inc.)
Canon Utilities Original Data Security Tools (HKLM\...\Original Data Security Tools) (Version: 1.9.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.8.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.4.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
ClassicsOnline (HKLM\...\Classicsonline_DLM) (Version:  - )
Common (Version: 14.1.0.150 - Corel Corporation) Hidden
Contents (Version: 14.1.0.150 - Corel Corporation) Hidden
Copy (HKLM\...\{92AA1305-04A1-4931-9B08-52FF52B171AE}) (Version: 1.37.546.0 - Barracuda Networks, Inc.)
Corel VideoStudio Pro X4 (HKLM\...\_{AA902C31-B49D-4608-BCCF-2519EB77722D}) (Version: 14.1.0.150 - Corel Corporation)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.2330 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.3.0.0359 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
DeviceIO (Version: 14.1.0.150 - Corel Corporation) Hidden
Dropbox (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DxO FilmPack 3 (HKLM\...\{730807CC-8D94-486C-9DFC-E242A423B918}) (Version: 3.4.94.0 - DxO Labs)
EasyBits GO (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Game Organizer) (Version:  - EasyBits Media)
Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden
FastStone Photo Resizer 3.2 (HKLM\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
Focus Magic 3.02 (HKLM\...\Focus Magic_is1) (Version:  - Acclaim Software Ltd)
FormatFactory 3.2.1.0 (HKLM\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
Fotobounce (HKLM\...\{37B8D870-B5B6-4772-8B9A-95EA110BDC62}) (Version: 3.5.1 - Applied Recognition)
Freecorder 7 Applications (7.0.0.48) (HKLM\...\Freecorder 7 Applications) (Version: 7.0.0.48 - Applian Technologies) <==== ATTENTION
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Graph 4.3 (HKLM\...\Graph_is1) (Version:  - Ivan Johansen)
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
Horizon v2.7.9.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
ICA (Version: 14.1.0.150 - Corel Corporation) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
iExplorer 3.1.0.1 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
Image Resizer for Windows (HKLM\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Image Resizer for Windows (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
IPM_VS_Pro (Version: 13.0 - Corel Corporation) Hidden
ISCOM (Version: 14.1.0.150 - Corel Corporation) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.260 - Oracle)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.1.0.0 - Lightworks)
LINE (HKLM\...\LINE) (Version: 4.0.3.367 - LINE Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F8AFEA7D-77BD-43F3-ADF7-EF71300BEFD2}) (Version: 16.4.1620.0719 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Publisher 2010 (HKLM\...\Office14.PUBLISHER) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{B4C0A315-07FB-39F9-85CD-8CE20C019350}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
MKVtoolnix 2.2.0 (HKLM\...\MKVtoolnix) (Version: 2.2.0 - Moritz Bunkus)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3MyMP3 3.1 (HKLM\...\MP3MyMP3_is1) (Version:  - Bruce McArthur)
MPC-HC 1.6.5.6366 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.5.6366 - MPC-HC Team)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (HKLM\...\MSDN Library for Microsoft Visual Studio 2008 Express Editions) (Version:  - Microsoft Corporation)
MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\MyFreeCodec) (Version:  - )
Nitro Pro 7 (HKLM\...\{C3860DD6-64DD-412B-B5F9-10E1D4249767}) (Version: 7.5.0.22 - Nitro PDF Software)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.48 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.48 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM\...\{D18925CE-5AF9-4394-8EF7-1081FFE7E98B}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM\...\{F46A29FE-DF5B-43C5-BF7B-F9E8A8CD286C}) (Version: 1.2.1 - OLYMPUS IMAGING CORP.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
Paragon Backup & Recovery™ 2012 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - Photodex Corporation)
Photomatix Pro version 4.2.6 (HKLM\...\PhotomatixPro42x32_is1) (Version: 4.2.6 - HDRsoft Ltd)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PicPick (HKLM\...\PicPick) (Version: 3.3.1 - NTeWORKS)
Picture Collage Maker Pro 3.3.6 (HKLM\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 3.3.6 - PearlMountain Technology Co., Ltd)
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
PowerISO (HKLM\...\PowerISO) (Version: 5.9 - Power Software Ltd)
ProShow Gold (HKLM\...\ProShow Gold) (Version:  - Photodex Corporation)
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
PureHD (Version: 14.1.0.150 - Corel Corporation) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
RescuePRO 3.5 (HKLM\...\{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1) (Version:  - LC Technology International, Inc.)
RescuePRO Deluxe 4.0 (HKLM\...\RescuePRO-Deluxe) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Music (HKLM\...\Samsung Music) (Version: 32.2013.0524.11 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKU\S-1-5-21-149558531-2800396231-1507067438-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHER_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (Version: 14.1.0.150 - Corel Corporation) Hidden
Share (Version: 14.1.0.150 - Corel Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SimilarWeb (HKLM\...\SimilarWeb) (Version: 0.0.0.1 - SimilarWeb)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 8 (HKLM\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.7 - SmartSound Software Inc.) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
Topaz Adjust (HKLM\...\{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}) (Version: 2.5 - Topaz Labs)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
TP-LINK TL-WN725N_WN723N Driver (HKLM\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VIO (Version: 14.1.0.150 - Corel Corporation) Hidden
VLC media player 1.1.9 (HKLM\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VOCALOID2 VSTi V2.0.2.0 (HKLM\...\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}) (Version: 0.0.0.1 - Yamaha Corporation)
VSClassic (Version: 14.1.0.150 - Corel Corporation) Hidden
VSPro (Version: 14.1.0.150 - Corel Corporation) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version:  - Wacom Technology Corp.)
WD Drive Utilities (HKLM\...\{C093AD5D-29E9-4777-AAAC-28C02FCC2A51}) (Version: 1.0.4.11 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{CA5859CA-D9A7-40BE-8318-3B514D6E4924}) (Version: 1.0.4.11 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{ED80B64B-FFAE-43D7-9E21-225F94221239}) (Version: 2.0.1.2 - Western Digital Technologies, Inc.)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Sony PSP Type B (11/20/2005 20051120) (HKLM\...\87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF) (Version: 11/20/2005 20051120 - Sony)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812SEA}_is1) (Version:  - Wargaming.net)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
YTD Toolbar v21.4 (HKLM\...\{4249AA3D-A884-4192-AC22-1E645F9BCC1D}) (Version: 21.4 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
การสนับสนุนแอปพลิเคชั่นของ Apple (32 บิต) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
ชุดตัวแปลงสัญญาณกล้องของ Microsoft (HKLM\...\{90B9976B-EC26-4DE7-AA78-80E4F097F63F}) (Version: 16.0.0652.0621 - Microsoft Corporation)
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\43.0.2357.81\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No Filepath
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Google\Update\1.3.27.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-149558531-2800396231-1507067438-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-09-28 20:00 - 2015-06-06 10:06 - 00451065 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 209-34-83-73.ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com
127.0.0.1 wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 photodex.com
127.0.0.1 www.photodex.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B9EAEBF-FCA0-4DA0-BBC2-9709DEF7A0A9} - System32\Tasks\{6DD6E315-EAE9-4200-ADBA-020E4406F24F} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {1067A424-9B4C-49DA-8F8E-FC38A53F1330} - System32\Tasks\Program Manager => C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [2015-05-28] (Spigot, Inc.)
Task: {1BF4B659-752F-441F-BE0D-36137FD0387D} - \EPUpdater No Task File <==== ATTENTION
Task: {1D62A523-6C66-4AE4-B4B0-0DA1D89B9D0F} - System32\Tasks\{D785FAF3-300B-45A3-A75D-AF6D2EF461DE} => C:\Users\iNTeL\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
Task: {296C6BD9-3D55-4D41-9531-CC0B34594B01} - System32\Tasks\{A2999E75-6CD4-4576-816D-636EA4BA71CC} => C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {34108A39-EB57-4038-B233-6A7D41D815E7} - System32\Tasks\{32090CF0-B393-462B-8B58-6EA906E37C63} => pcalua.exe -a "C:\Program Files\psp\PSP Type B USB Driver Install.exe" -d "C:\Program Files\psp"
Task: {37B21CF5-8D2C-4114-B0EE-1B0690562CE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {39429A26-3907-461F-9D83-62A5455BC91B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000Core => C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {3F1D4ECD-138F-411A-BC6F-78E57CFA3222} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {42316AE1-5867-4F5B-9C21-B85224944633} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {5A3A7802-F081-4CC9-9D71-019538111230} - System32\Tasks\ShdUpdate => C:\Users\iNTeL\AppData\Local\ShdUpdate\shupd.exe [2015-04-13] (Visual Tools)
Task: {69AC7212-0FE9-4863-8052-C41519165081} - System32\Tasks\FCBfan => C:\Users\iNTeL\AppData\Roaming\FCBfan\fcbfan.exe [2015-02-22] (FCB Update)
Task: {6B453179-C00B-44A0-893B-EB688D09E367} - \RocketTab No Task File <==== ATTENTION
Task: {7F9BDD5C-1396-4E79-9C52-F3861CFC061F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {86B18412-1EDD-482C-88E0-16228D139561} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {914E634F-2229-4864-9CCA-93AC94E30014} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {94DD8069-DDA3-48A3-A62A-591646B0FE62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {9FC6EAD6-B587-4DB0-8781-C190D5213C4D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-21] (Piriform Ltd)
Task: {A167E62C-A414-4A10-98E4-254068644EF4} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {C4A7521E-5335-4053-A95D-2DBB66893543} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {CE104295-6CEE-40AD-AF24-2D4BC06C815D} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {D1E56A0D-5642-4614-A896-4FFBFCA7F9EB} - System32\Tasks\{578D51DB-0001-4F1E-86FF-E2BDA08E3DBC} => pcalua.exe -a C:\Users\iNTeL\AppData\Local\Temp\Rar$EX66.696\software\install\common\install.exe -d C:\Users\iNTeL\AppData\Local\Temp\Rar$EX66.696
Task: {D92535C0-98A2-4271-B14C-B7FDDB9C6383} - System32\Tasks\{DAD6C922-F69A-43E0-A764-3A382E27EC72} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.111.259&amp;LastError=12002
Task: {D9FCBF25-1B44-43A2-B75D-951E4400CC73} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {E27EF317-5A86-4E09-AA0F-3FB9A1006C04} - System32\Tasks\{336A06DD-CEB5-471F-AA3F-AE6E551494AB} => pcalua.exe -a C:\Users\iNTeL\Desktop\QuickTimeInstaller.exe -d C:\Users\iNTeL\Desktop
Task: {EE94CEBD-A59D-4ECE-98D3-DD636B4CD29B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000UA => C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {FBDF2004-B92F-4D42-873E-2067B112C06E} - System32\Tasks\{F2FBCDFF-2D98-409F-80AC-35FF4C4D4807} => pcalua.exe -a C:\Users\iNTeL\Desktop\focusmagic302.exe -d C:\Users\iNTeL\Desktop
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000Core.job => C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-149558531-2800396231-1507067438-1000UA.job => C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-12-31 18:56 - 2014-12-31 18:56 - 00081056 _____ () C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2012-01-08 20:41 - 2012-01-08 20:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-05-06 11:32 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-06 08:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-06 08:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-07-25 21:19 - 2012-07-25 21:19 - 00094728 _____ () C:\Program Files\Nitro PDF\Professional 7\NPShellExtension.dll
2013-09-27 17:52 - 2013-09-27 17:52 - 05474304 _____ () C:\Users\iNTeL\AppData\Roaming\Copy\overlay\Brt.dll
2014-05-22 20:53 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-05-22 20:53 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\iNTeL\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-06-10 15:35 - 2015-06-10 15:35 - 03129368 _____ () C:\Program Files\Naver\LINE\ampkit_windows.dll
2015-06-10 09:57 - 2015-06-10 09:57 - 00123928 _____ () C:\Program Files\Naver\LINE\PlayerHelper.dll
2015-06-06 08:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-06 08:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-06 08:58 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files\Spybot - Search & Destroy 2\NotificationSpreader.dll
2015-05-26 13:41 - 2015-05-23 03:22 - 14982472 _____ () C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:054B9966
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\iNTeL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 203.144.206.49 - 203.144.206.29
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aventail VPN Connection.lnk => C:\Windows\pss\Aventail VPN Connection.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO RAMDISK Tray Utility.lnk => C:\Windows\pss\BUFFALO RAMDISK Tray Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO RAMDISK Utility.lnk => C:\Windows\pss\BUFFALO RAMDISK Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^iNTeL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^iNTeL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: ACPW05EN => "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Camfrog => "C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Copy => "C:\Users\iNTeL\AppData\Roaming\Copy\CopyAgent.exe"
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\iNTeL\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FileHunter Check for updates => C:\Users\iNTeL\AppData\Roaming\FileHunter\update.exe
MSCONFIG\startupreg: Google Update => "C:\Users\iNTeL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_93144E425F7F487B3F972F5BF8A80BCA => "C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Onboard => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
MSCONFIG\startupreg: OV3_Monitor => "C:\Program Files\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe" /OS
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung => "C:\Program Files\Samsung Music\SamsungMusic.exe" -auto
MSCONFIG\startupreg: SansaDispatch => C:\Users\iNTeL\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: SearchSettings => "C:\Program Files\Common Files\Spigot\Preferences Manager\PreferencesManager.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\iNTeL\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{0F759F1E-9606-4539-83BC-DC7B9984304A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8A5EC214-42D0-4B53-912C-7C10AD0E3A4F}] => (Allow) LPort=9486
FirewallRules: [{3E1E0F95-9039-4037-BCA9-FFACFF34B8D4}] => (Allow) LPort=9486
FirewallRules: [{B1264803-56C2-45B1-B7FA-09EF6D0FE4AB}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1C373694-41F5-4BCA-A1E8-F4970BD9F1A7}] => (Allow) LPort=2869
FirewallRules: [{C1B9F246-A0F2-4263-A781-286B95BF4C58}] => (Allow) LPort=1900
FirewallRules: [{AE5EB81D-2F48-4016-9DE3-27044378FA2F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A4CB053C-D1CC-4CAA-B67C-C7329E01EFC3}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{2A58EF2E-70F2-4F48-A11A-C063ABE53166}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{C43BE60D-2C60-487B-853C-4D1A100A4A66}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{ED44D27A-2C31-4554-9BAB-56D7629624E6}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{0884E423-CBEB-4C74-8974-5A077495AF8B}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [{5E1878D3-45CE-4C33-8FE8-39192B654B4E}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE
FirewallRules: [{F073334B-0408-4B77-ABDE-1B9617D7ECBD}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{50246FD9-61FF-48BA-B25A-9F1C705F6022}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{E4806CB6-C0D4-4548-9A2C-AAA50DCDB9F2}C:\users\intel\appdata\roaming\filehunter\pumpa.exe] => (Block) C:\users\intel\appdata\roaming\filehunter\pumpa.exe
FirewallRules: [UDP Query User{63560430-D822-488E-B062-71F22B07C261}C:\users\intel\appdata\roaming\filehunter\pumpa.exe] => (Block) C:\users\intel\appdata\roaming\filehunter\pumpa.exe
FirewallRules: [TCP Query User{C447EA2B-F022-4DEF-B9EE-F02B0059438E}C:\program files\fotobounce\fbengine.exe] => (Allow) C:\program files\fotobounce\fbengine.exe
FirewallRules: [UDP Query User{F1BB6054-77BD-4857-BC20-50C38B16DE54}C:\program files\fotobounce\fbengine.exe] => (Allow) C:\program files\fotobounce\fbengine.exe
FirewallRules: [{7430FB40-F5EE-4365-B8ED-87E398E242D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3515F328-E5CB-4A3D-BC51-6FC95A1F0FBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7B600B90-E60E-49B6-B494-8FBF9EDC435D}] => (Allow) LPort=9511
FirewallRules: [{E0DB2272-3CCA-4616-8C39-0B05200029F4}] => (Allow) LPort=9511
FirewallRules: [{A174B33D-80B9-4331-BD0D-D71562861972}] => (Allow) LPort=25364
FirewallRules: [{F272A030-E8A0-4E81-9B5E-9561380D642A}] => (Allow) LPort=25364
FirewallRules: [{C8B81364-AD16-4615-90FA-8B1C15873B12}] => (Allow) LPort=10563
FirewallRules: [{70D5A678-42A7-4506-B767-6917B5E3E6F1}] => (Allow) LPort=10563
FirewallRules: [{123F8D58-69A2-49B9-B4CE-2A044E7FA35E}] => (Allow) LPort=22491
FirewallRules: [{FA82FB73-674E-4EA0-ADB6-ED380D68D9B8}] => (Allow) LPort=22491
FirewallRules: [{2688CDB0-67BC-485E-98B0-11DCEF24F2C1}] => (Allow) LPort=15825
FirewallRules: [{C643F68F-2433-4BE6-A2E5-C85C3F64EF26}] => (Allow) LPort=15825
FirewallRules: [{416DB026-047F-4DBF-8DF4-04A692950CF6}] => (Allow) LPort=7754
FirewallRules: [{B60518DB-3AA5-431F-BC9B-F3A36679C828}] => (Allow) LPort=7754
FirewallRules: [{F7256E81-5AEB-47AA-81F7-C4D6E8872F28}] => (Allow) LPort=26527
FirewallRules: [{22DE36F3-1FB1-4B71-9BF6-3C9F93DA80B6}] => (Allow) LPort=26527
FirewallRules: [{9135A0E7-C9B5-4266-B526-2C39A2FC41F6}] => (Allow) LPort=8047
FirewallRules: [{46DCE8FB-1C51-45BD-AE5C-6D8ED8449F37}] => (Allow) LPort=8047
FirewallRules: [{05155029-8425-4643-92C6-2C13B127E380}] => (Allow) LPort=16520
FirewallRules: [{96D5D9A7-CDF6-4BF7-ADEA-BF29698A7827}] => (Allow) LPort=16520
FirewallRules: [{6EA1C7C7-CA5B-4F1D-9829-55C8B11D6F9E}] => (Allow) LPort=9956
FirewallRules: [{DE7A8B27-C8C9-4723-9AB0-A75D7ABB35D4}] => (Allow) LPort=9956
FirewallRules: [{0B3B3DEC-26E2-4573-ACC0-C6EE51C05AF2}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{4428CD52-4645-4FEE-B8E9-F7682DD1D23E}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Block) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{F8743E90-EAB1-40D0-9E09-CD2AC0630A1E}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe] => (Block) C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe
FirewallRules: [{B30D1A57-BEC3-409D-96FB-C4589FA75FE3}] => (Allow) LPort=11076
FirewallRules: [{9B133E9D-CCD9-409C-903F-D3D17A653EA8}] => (Allow) LPort=11076
FirewallRules: [{FD196926-5D5A-461D-B1BD-283C286DD68B}] => (Allow) LPort=21485
FirewallRules: [{E282A60A-7B51-4783-9FA1-32C4E71F1045}] => (Allow) LPort=21485
FirewallRules: [{CE86F0AC-0001-435E-9D48-B7997CA765F2}] => (Allow) LPort=10510
FirewallRules: [{A7ED9089-E977-42DF-9E54-DB3EFCC3C9AD}] => (Allow) LPort=10510
FirewallRules: [{61196279-7A06-4024-8F45-8CDB23A63A7D}] => (Allow) LPort=18861
FirewallRules: [{4490A841-1710-42EB-A7D7-2C6A20A31C6C}] => (Allow) LPort=18861
FirewallRules: [{D60FCC2B-3819-42FD-9BEE-CAEE6EBB7CE9}] => (Allow) LPort=14163
FirewallRules: [{F90E1389-5896-41C6-A001-D11F0A26CEFB}] => (Allow) LPort=14163
FirewallRules: [{101A0D27-8022-4763-A58D-1A5D047D18CB}] => (Allow) LPort=18234
FirewallRules: [{CC43E82F-F93A-4738-A56D-DFDA92B8E91B}] => (Allow) LPort=18234
FirewallRules: [{83705021-6404-4C13-9F80-81F7CF3D5A79}] => (Allow) LPort=7880
FirewallRules: [{D6ABE709-BE97-4F22-B443-AEB11DEB8015}] => (Allow) LPort=7880
FirewallRules: [{242BBF16-735E-4A99-9D10-21029E38AF6E}] => (Allow) LPort=20610
FirewallRules: [{A5D76824-E0F3-4179-ABCD-021EA8470488}] => (Allow) LPort=20610
FirewallRules: [{9B7A6725-6F03-4D5C-97F7-6F01D6582DCE}] => (Allow) LPort=24773
FirewallRules: [{03D98FE1-19A4-4829-83CE-9B159BCBA5A5}] => (Allow) LPort=24773
FirewallRules: [{FA1E3013-17E5-4E6A-B31E-01A58F19938E}] => (Allow) LPort=7752
FirewallRules: [{25A1EB86-FD1C-42B1-95E4-CCC988E71145}] => (Allow) LPort=7752
FirewallRules: [{FEB9FD26-5819-497E-B62B-4B4EBBB466C3}] => (Allow) LPort=16252
FirewallRules: [{1F7F33E1-1721-4764-BAC5-B6470AA5EAFB}] => (Allow) LPort=16252
FirewallRules: [{770C9260-2F67-4DBC-90E4-22B3A9C0CE90}] => (Allow) LPort=18466
FirewallRules: [{005988B2-064C-4E44-942E-AA13D78A212B}] => (Allow) LPort=18466
FirewallRules: [{D3999C75-CAAC-47B4-8958-BEEF659D7EB6}] => (Allow) LPort=7610
FirewallRules: [{363B2BBC-CBC1-4AC5-B256-15A5CF22A07F}] => (Allow) LPort=7610
FirewallRules: [{BC1A2755-4138-4352-A951-E03E16760E78}] => (Allow) LPort=16791
FirewallRules: [{6437E53C-AF1E-4455-921D-A35F8124C2B6}] => (Allow) LPort=16791
FirewallRules: [{2D9076B5-E5AE-41ED-BF60-01B12891DA72}] => (Allow) LPort=23464
FirewallRules: [{70D7A655-81A8-49AF-A852-F015131A8001}] => (Allow) LPort=23464
FirewallRules: [{BBF1F75E-BF19-4191-BFBB-F42E0D599A7B}] => (Allow) LPort=7867
FirewallRules: [{65834131-A088-4518-8F12-8E023B5B9002}] => (Allow) LPort=7867
FirewallRules: [{4A99D8CD-3A32-4BF9-8C8A-0553E026AAE4}] => (Allow) LPort=9484
FirewallRules: [{DF712168-67AD-42D6-A1F8-BBE64C51C057}] => (Allow) LPort=9484
FirewallRules: [{14FB53EB-01EC-48CA-ADCB-7ABB357533DE}] => (Allow) LPort=13449
FirewallRules: [{716E85F2-125F-41FE-9C20-42DB34B5D900}] => (Allow) LPort=13449
FirewallRules: [{C7DF87AE-E63E-4DED-B546-34253F9C7F58}] => (Allow) LPort=7441
FirewallRules: [{6A89C341-E3FD-4FC8-BE34-7129E28385A9}] => (Allow) LPort=7441
FirewallRules: [{7AE07562-9445-40E2-8549-103F646746AC}] => (Allow) LPort=17744
FirewallRules: [{ECDA0626-E044-4D70-89ED-650FC7E1EB60}] => (Allow) LPort=17744
FirewallRules: [{A67C402F-F237-4AD0-9140-B9E806665596}] => (Allow) LPort=19094
FirewallRules: [{81BD025E-4A11-4CFC-BFE7-E68D7871896F}] => (Allow) LPort=19094
FirewallRules: [{5F75336C-3779-4B0C-AF2A-5D308CC32395}] => (Allow) LPort=11294
FirewallRules: [{C7E39EA3-984B-417B-933A-85ABEDEB3EB5}] => (Allow) LPort=11294
FirewallRules: [{E9CDBDD6-8619-45ED-B58D-8D3119799A51}] => (Allow) LPort=26711
FirewallRules: [{32403763-F6A3-49D8-838E-26EB0697B357}] => (Allow) LPort=26711
FirewallRules: [{AB3A515A-88B9-4EC0-BA22-4CE84146E1C6}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{B1372D44-8C5B-4C49-9657-6DCDACA72F6E}] => (Allow) C:\Program Files\Naver\LINE\Line.exe
FirewallRules: [{9251CF5A-7B65-497E-BDCE-6FCAE1D829B9}] => (Allow) LPort=23032
FirewallRules: [{212D3428-A6A8-42D2-99B3-C43E52CFA74A}] => (Allow) LPort=23032
FirewallRules: [{677F4CB4-E6B1-4A2D-AB82-43F53A542490}] => (Allow) LPort=21136
FirewallRules: [{CA82AD6A-A259-4BA2-8A7D-95A1BD6215A7}] => (Allow) LPort=21136
FirewallRules: [{6A42CDDF-12C7-4880-A9A7-B78B1AAA2242}] => (Allow) LPort=19853
FirewallRules: [{0952BCD7-D844-4789-BFB7-63EE2C0F528F}] => (Allow) LPort=19853
FirewallRules: [{DE622CD2-CFD2-47CA-92A6-E3CE0E572474}] => (Allow) LPort=21047
FirewallRules: [{355D46A3-38EE-4D35-93CA-3F2B062CD0C6}] => (Allow) LPort=21047
FirewallRules: [{DD73E0A1-651D-4A19-9A9A-DED84BD80016}] => (Allow) LPort=18941
FirewallRules: [{4AFE53DE-1726-4721-8787-1E10C4D165DE}] => (Allow) LPort=18941
FirewallRules: [{CC769A51-5DE3-49A0-A27F-1C9EA73F7603}] => (Allow) LPort=11976
FirewallRules: [{D2229C4C-C3B2-4327-B77A-7173B3BEB01F}] => (Allow) LPort=11976
FirewallRules: [{940CACB1-2B45-447D-88C2-E7607D067152}] => (Allow) LPort=11368
FirewallRules: [{E02B28B3-7E80-4E17-BEDD-47FC75494970}] => (Allow) LPort=11368
FirewallRules: [{84E3E63D-2436-4A66-B884-7D0BEBB801AF}] => (Allow) LPort=16514
FirewallRules: [{6E2EBFB0-D525-4C0D-8B85-693E32E4B1AC}] => (Allow) LPort=16514
FirewallRules: [{161D0A2B-D7E4-4E11-BEC7-FF70624E24D3}] => (Allow) LPort=22900
FirewallRules: [{C9D2DA01-A0AD-4AA2-A5FB-BAF483CDFA23}] => (Allow) LPort=22900
FirewallRules: [{809EE87B-E581-4E89-AF91-EF9E7108702E}] => (Allow) LPort=8837
FirewallRules: [{0747220D-8955-41ED-9BFD-5B13DA357149}] => (Allow) LPort=8837
FirewallRules: [{471B6A25-3C07-4BF7-9337-CEBF4D2E3E24}] => (Allow) LPort=11328
FirewallRules: [{546F47B5-ED4E-4E0E-9189-30507E32331A}] => (Allow) LPort=11328
FirewallRules: [{9B86DAA1-F0C2-46C6-A5F0-0E9C280DA431}] => (Allow) LPort=13692
FirewallRules: [{9DE20B8E-A725-45E2-B99A-60A953D08182}] => (Allow) LPort=13692
FirewallRules: [{E1C5B5BB-414D-496C-A8FC-55AD417868D2}] => (Allow) LPort=21215
FirewallRules: [{02BA4C6B-0D1E-4805-8A37-9711B5CEFF93}] => (Allow) LPort=21215
FirewallRules: [{45897D0F-E86D-4079-91A9-7D9DEA397111}] => (Allow) LPort=9110
FirewallRules: [{72E3ADC8-AC63-4E00-9FAB-E21C7DB5A707}] => (Allow) LPort=9110
FirewallRules: [{9A3B864E-F1B5-4F3A-912F-C4E417984650}] => (Allow) LPort=12789
FirewallRules: [{654E45BC-DDA5-4F12-B12C-5325EEEB8FD2}] => (Allow) LPort=12789
FirewallRules: [{68DCCC7A-3D08-4928-925F-4AB3FDAC0687}] => (Allow) LPort=25100
FirewallRules: [{DAB3FEB1-F6D6-4C6D-BE9C-0A7037AEDC75}] => (Allow) LPort=25100
FirewallRules: [{C9F44E96-7DDC-499D-9980-7D9234DB12D0}] => (Allow) LPort=21813
FirewallRules: [{8437FCF6-A45F-4ECC-B1B1-CC0F8C47BB22}] => (Allow) LPort=21813
FirewallRules: [{3B5A6345-6C67-4A3F-A2B0-D422B2428F9D}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{64B1CA9F-AC01-4DC8-864C-A6EA9C3E165C}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{26FF32B3-83B1-4230-A68B-BD66D438945F}] => (Allow) LPort=21813
FirewallRules: [{F62BAB24-B7F0-4896-82DE-DA999697593F}] => (Allow) LPort=21813
FirewallRules: [{A46C6FBB-0E9B-4A3B-AD7A-D4F51F68C0BF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AA375BB4-8DCF-49E6-8490-B8227A18E39E}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{C5B96788-6F29-47E5-85FB-0952AE202F64}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FEBE410C-21D0-4CB9-8661-3402CBDC3E75}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{A82FCCF9-65CB-49B9-B95F-C46C45490FDB}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F724F357-D2A8-4B02-83CA-9E49BC81DFF8}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{19ED960B-CE21-4986-8093-63416130D489}C:\program files\naver\line\line.exe] => (Allow) C:\program files\naver\line\line.exe
FirewallRules: [UDP Query User{0591C6D1-049D-40AC-92B3-F77E1B868242}C:\program files\naver\line\line.exe] => (Allow) C:\program files\naver\line\line.exe
FirewallRules: [TCP Query User{94BF8CA2-1E23-4F50-BE6C-6150540EFB99}C:\users\intel\appdata\roaming\copy\copyagent.exe] => (Block) C:\users\intel\appdata\roaming\copy\copyagent.exe
FirewallRules: [UDP Query User{B58097F6-C551-40D6-AD2B-E8B0B066F325}C:\users\intel\appdata\roaming\copy\copyagent.exe] => (Block) C:\users\intel\appdata\roaming\copy\copyagent.exe
FirewallRules: [{84A77AF5-B54D-4AD4-A1DE-365B102449E5}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{FA730A99-2985-4995-978A-CA990749D69B}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{32BFE829-3AE1-4BAC-BF3C-1CB445AFA3D1}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{F510D255-7DAA-478E-B83E-0F29397C0F17}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{E9B0B86B-9D83-4635-8638-42822B356DD0}C:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Block) C:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [UDP Query User{8605A8F1-0E17-40C1-946B-20BE7CFB9072}C:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe] => (Block) C:\program files\perfect world entertainment\star trek online_en\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{F02C070E-8412-4F88-9603-4DF5D8CF4CB0}C:\program files\fotobounce\fbengine.exe] => (Allow) C:\program files\fotobounce\fbengine.exe
FirewallRules: [UDP Query User{A52888CD-9555-4C9D-B8B2-2BABE8B90A62}C:\program files\fotobounce\fbengine.exe] => (Allow) C:\program files\fotobounce\fbengine.exe
FirewallRules: [{554F0188-F571-4E65-936D-A2C524576C05}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3399FF74-72E2-47D0-BAF4-9F043195A0A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CA448ED8-780E-48C0-988A-A640D58E9DFE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{39B9000A-4C39-4094-94E2-289E4B76400D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{665A414F-50C7-4922-9BE1-60C52AD37BDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D6A5DDCD-2A70-4CAF-A7FA-B2D7EFC38895}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4E023A1B-B2A6-437E-87AC-7B2AE49CC1D5}] => (Allow) C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CD797723-519A-4504-AE7C-63BF4CAD7001}] => (Allow) C:\Users\iNTeL\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{27A398EC-D227-43F3-8500-6867B6D9F22D}] => (Allow) C:\Users\iNTeL\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7F83DF9-BE73-43D1-9B04-F1F65DBE9233}] => (Allow) C:\Users\iNTeL\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{424C849B-DB7C-49C0-802F-BE57F071DA66}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{0BF5F613-776D-440E-8E7B-E2E96B64CB0D}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{BA9A24D7-77F2-443B-9B75-1D4C3297972E}C:\users\intel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\intel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AAB254BA-6B58-40EF-9E0C-CCD8DCC3A55E}C:\users\intel\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\intel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{52857906-13B2-4C51-93A0-5BF1C3724CC4}] => (Allow) C:\Users\iNTeL\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{485A2BA2-F813-490D-8F40-654973B5E484}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D80BB493-FCF3-496F-AA5A-674F4FBFAE4B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FF97732B-1893-4CA4-A21B-DC01DC7E94DE}] => (Allow) C:\Users\iNTeL\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{C2A9C359-1B7A-41B2-AA49-4E4FDB2206A2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CB6CC42C-B3EC-41FC-B538-745B1AEAA757}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{7F31B0AD-67A9-405B-9040-04C0BA2A3208}] => (Allow) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/18/2015 05:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 13.6.2015.0, time stamp: 0x557c46ea
Faulting module name: FRST.exe, version: 13.6.2015.0, time stamp: 0x557c46ea
Exception code: 0xc0000005
Fault offset: 0x0001f09e
Faulting process id: 0x174
Faulting application start time: 0xFRST.exe0
Faulting application path: FRST.exe1
Faulting module path: FRST.exe2
Report Id: FRST.exe3
 
Error: (06/16/2015 07:34:21 AM) (Source: PandoraService.exe) (EventID: 0) (User: )
Description: Socket Error # 11001
Host not found.
 
Error: (06/11/2015 11:22:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/11/2015 11:22:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/10/2015 10:08:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/10/2015 10:06:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/10/2015 10:06:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/07/2015 00:17:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/06/2015 10:48:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/06/2015 10:48:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
 
System errors:
=============
Error: (06/18/2015 05:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:45:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:45:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:45:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/18/2015 05:38:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (06/18/2015 05:38:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe13.6.2015.0557c46eaFRST.exe13.6.2015.0557c46eac00000050001f09e17401d0a9b2b9010c8dC:\Users\iNTeL\Desktop\FRST.exeC:\Users\iNTeL\Desktop\FRST.exe1cf818f7-15a6-11e5-b085-f46d040f8868
 
Error: (06/16/2015 07:34:21 AM) (Source: PandoraService.exe) (EventID: 0) (User: )
Description: Socket Error # 11001
Host not found.
 
Error: (06/11/2015 11:22:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/11/2015 11:22:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/10/2015 10:08:10 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/10/2015 10:06:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/10/2015 10:06:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/07/2015 00:17:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/06/2015 10:48:35 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/06/2015 10:48:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-23 23:09:41.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-23 23:09:41.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-23 23:09:41.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-23 23:09:41.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-23 23:01:41.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-23 23:01:41.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-16 09:57:52.384
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-16 09:57:52.325
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-16 09:57:52.310
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-16 09:57:52.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 79%
Total physical RAM: 3573.23 MB
Available physical RAM: 716.5 MB
Total Pagefile: 7144.77 MB
Available Pagefile: 4330.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.32 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:345.48 GB) (Free:210.25 GB) NTFS
Drive d: (Data) (Fixed) (Total:585.94 GB) (Free:258.88 GB) NTFS
Drive f: (PICTURE Bank) (Fixed) (Total:232.88 GB) (Free:98.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4F8F91FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=345.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 874CCD68)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 02AC7AA3)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

Edited by computerxpds, 18 June 2015 - 06:27 AM.
Moved to MRL from AII


BC AdBot (Login to Remove)

 


m

#2 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 19 June 2015 - 10:16 PM

Somebody please help. I don't know what to do to fix this problems

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 21 June 2015 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove Programs applet.

Freecorder 7 Applications (7.0.0.48) (HKLM\...\Freecorder 7 Applications) (Version: 7.0.0.48 - Applian Technologies) <==== ATTENTION
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1C01}) (Version: 12.28.1.169 - APN, LLC) <==== ATTENTION
YTD Toolbar v21.4 (HKLM\...\{4249AA3D-A884-4192-AC22-1E645F9BCC1D}) (Version: 21.4 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 4.8.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-149558531-2800396231-1507067438-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-149558531-2800396231-1507067438-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06] (Yahoo! Inc.)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2011-10-06] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Extension: Start Page - C:\Users\iNTeL\AppData\Roaming\Mozilla\Firefox\Profiles\o3qqd40r.default-1411799748677\Extensions\{2bc72c53-9bde-4db2-8479-eda9a5e71f4e} [2015-03-23]
FF HKLM\...\Firefox\Extensions: [fbdownloader@KMcore] -
S3 Program Manager; C:\Program Files\Common Files\ProgramManager\ProgramManager.exe [952984 2015-05-28] (Spigot, Inc.)
U0 gpdpy; C:\Windows\System32\drivers\pjqcaia.sys [52440 2015-06-18] (Malwarebytes Corporation)
Task: {1BF4B659-752F-441F-BE0D-36137FD0387D} - \EPUpdater No Task File <==== ATTENTION
Task: {6B453179-C00B-44A0-893B-EB688D09E367} - \RocketTab No Task File <==== ATTENTION
Task: {CE104295-6CEE-40AD-AF24-2D4BC06C815D} - \RocketTab Update Task No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:054B9966
C:\Users\iNTeL\AppData\Roaming\Mozilla\Firefox\Profiles\o3qqd40r.default-1411799748677\Extensions\{2bc72c53-9bde-4db2-8479-eda9a5e71f4e}
 C:\Program Files\Common Files\ProgramManager

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 21 June 2015 - 11:56 PM

Thank you for your help. This is the 2 log file you were asked for. Now I'm running computer in safe mode and everything work perfectly I will try to boot in normal mode and let you know what happens.

 

Thanks again for your help    

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 22 June 2015 - 07:37 AM

Keep me posted.

#6 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 22 June 2015 - 11:02 AM

Thank you nasdaq, you help me a lot.

 

It's looking very  good right now. My computer can boot up normally, fast as usual, no more hard disk light working all the time. All antivirus and anti malware are now working just fine, can update and scan as usual. I will try to test other thing and will keep you updated but right now I think that everything is back to normal. could you please explain to me that what happens with my computer  so I can be more careful about it next time.

 

A lots of thank again          



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 22 June 2015 - 01:11 PM


Probably programs that were installed without you consent.
These are installed by free 3rd party programs.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 22 June 2015 - 11:02 PM

I got a new problem

Everythings work just fine yesterday but today I start my computer again. It said that it has to run checkdiskfor drive G (it's one of my storage drive nothing important on that drive) this drive is 1TB large and had a little on it so, I let it run Chkdsk. Its detect a lot of bad sector and done some repairing but in the ends it stuck at "CHKDSK is verifying usn journal..." and sit here like an hours. Is it normal? Should I wait for more?

Thanks again

#9 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 22 June 2015 - 11:15 PM

By the way, I forgot to mention that all of the time since the problem occured this drive seem to disappeared completely from my computer I cannot find it even from explorer like it was removed (its physically connected all the time) and Bamm, it come back yesterday. So that might be some problems right? This drive is the oldest and ith from my old computer. Might be a drive failure?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 23 June 2015 - 07:38 AM

Run the CHKDSK on the driver with the /p /r swithches
https://technet.microsoft.com/en-us/library/bb491051.aspx

I searched Google with this string verifying usn journal most are saying the the drive may be going bad.

===

#11 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 June 2015 - 08:53 AM

It's suddenly get from good to bad. No bloody things work. The normal boot up process just stuck at the logo forever,safe mode now boot and stuck at process BFRD4G.sys again but now its going nowhere. I wait for 2 hours but nothing happens So I turn it of. any suggestion what to do next.

I just seem to working again. Thanks for help again

#12 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 23 June 2015 - 10:14 PM

Today I found a solution. I just remove the faulty hard drive(unplug it from my computer) and everything went back to normal again.I guess that this hard drive caused me a trouble. My questions is is there anyway to access it again, I mean recover some of it data or even wipe it out clean with out having to boot it up in the first place, like have some cable or adapter like some sort of plug and play???

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 24 June 2015 - 08:09 AM

This is not malware and not my forte.

I suggest you get suggestions from this forum.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

#14 pond511

pond511
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 24 June 2015 - 08:53 AM

OK, so this became a hardware problems not a malware as I thought. Thanks for all of your help again nasdaq you really save my days. I will make another topic in the forum you suggest.  

I think this topic can now be closed.  



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 29 June 2015 - 07:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users