Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016 Ran by b (14-09-2016 17:21:04) Running from C:\Users\b\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-04-09 18:26:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2555542477-2720736690-3888076148-500 - Administrator - Disabled) b (S-1-5-21-2555542477-2720736690-3888076148-1000 - Administrator - Enabled) => C:\Users\b Guest (S-1-5-21-2555542477-2720736690-3888076148-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2555542477-2720736690-3888076148-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Cezurity Antivirus Scanner (Disabled - Out of date) {A69FC709-7FB4-F02C-F902-3F6C9A3AF1C5} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Cezurity Antivirus Scanner (Enabled - Up to date) {1DFE26ED-598E-FFA2-C3B2-041EE1BDBB78} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 8BallClub Billiards (HKLM\...\8BallClub) (Version: - ) 9-lab Removal Tool (HKLM\...\9-lab Removal Tool) (Version: - ) ACDSee Pro 9 (HKLM\...\{10778264-A0EB-4772-A2DE-B8CEE4491686}) (Version: 9.3.0.545 - ACD Systems International Inc.) Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.) Alcor Micro USB Card Reader (Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden Alternate DLL Analyzer 1.460 (HKLM\...\Alternate DLL Analyzer_is1) (Version: - Alternate Tools) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) Avira Scout (HKU\S-1-5-21-2555542477-2720736690-3888076148-1000\...\Avira Scout) (Version: 16.7.2743.1275 - Avira Operations GmbH & Co. KG) AVS Video Editor 7.2.1 (HKLM\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.) Bazooka Scanner (HKLM\...\{CB0888EE-96D8-4713-84DC-36462C33AEB4}) (Version: - Kephyr) BB FlashBack Pro 5 (HKLM\...\BB FlashBack Pro 5) (Version: 5.9.0.3678 - Blueberry) BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender) Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - ) Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender) Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation) CaptureWizPro 5.40 (HKLM\...\CaptureWiz) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) Cezurity Antivirus Scanner (HKLM\...\{fe308455-9535-4959-9cd3-e66083432133}) (Version: 4.2.18845.55821 - Cezurity) Cezurity Antivirus Scanner v4.2 (Version: 4.2.18845.55821 - Cezurity) Hidden Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) DropShots (HKLM\...\{809E9D11-335A-4186-8767-CB8C6F3D7810}) (Version: 6.8.1.1016 - DropShots) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Explorer.Exe Restart v1.0 (HKLM\...\Explorer.Exe Restart_is1) (Version: 1.0.0.0 - site2unblock.com) Flash Cookie Cleaner (HKLM\...\{E4E1D7C7-6561-4462-96B5-E6439488ED41}) (Version: 2.0 - ConsumerSoft) FlashPeak Slimjet (HKLM\...\Slimjet) (Version: 11.0.1.0 - FlashPeak Inc.) Folder Lock (HKLM\...\Folder Lock) (Version: - New Softwares.net) Force Byte Detector version 3.400 (HKLM\...\{6FAB3FA8-2B69-4598-960D-7A8E1D41DC26}_is1) (Version: 3.400 - Forcebyte.nl) Fotor 3.0.0 (HKLM\...\Fotor) (Version: 3.0.0 - Everimaging Co., Ltd.) Free Alarm Clock (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) Globus Privacy (HKLM\...\Globus Privacy) (Version: 1.1.0.35 - Woogable Ltd.) herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) Hot Alarm Clock (HKLM\...\{672C1EE5-D13F-4EDB-A8CA-26711696C040}_is1) (Version: 5.1.1.0 - Comfort Software Group) ImTOO Video Converter Ultimate (HKU\S-1-5-21-2555542477-2720736690-3888076148-1000\...\ImTOO Video Converter Ultimate) (Version: 7.8.17.20160613 - ImTOO) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) IntelĀ® Driver Update Utility (HKLM\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel) Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Live Billiards Demo (HKLM\...\Live Billiards Demo) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Keyboard Layout Creator 1.4 (HKLM\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23824 (HKLM\...\{aa0a3183-d329-4308-b8eb-4ed9fbe0a010}) (Version: 14.0.23824.1 - Microsoft Corporation) Midnight Pool 3D (HKLM\...\BFG-Midnight Pool 3D) (Version: - ) Movavi Photo Editor 3 (HKLM\...\Movavi Photo Editor 3) (Version: 3.2.0 - Movavi) Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) MPC-HC 1.7.10 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team) Opera developer 41.0.2329.0 (HKLM\...\Opera 41.0.2329.0) (Version: 41.0.2329.0 - Opera Software) Opera Stable 39.0.2256.48 (HKLM\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software) Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security) PhoXo (HKLM\...\PhoXo) (Version: 8.3.0.0 - PhoXo) Polarity (HKLM\...\Polarity) (Version: - Stanley Lim) Presentation Assistant V3.0.0 (HKLM\...\Presentation Assistant_is1) (Version: - www.presentation-assistant.com) Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 4.14.4.2057 - Cybertron Software Co., Ltd.) Program4Pc PC Image Editor (HKLM\...\{29A01513-64A8-4543-AF3C-C2E4CD7FFE1A}_is1) (Version: 5.9.0.0 - Program4Pc Inc.) ProxySwitcher Standard (HKLM\...\ProxySwitcher Standard_is1) (Version: 5.19.2 - V-Tech LLC) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.) RegRun Reanimator (HKLM\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software, LLC.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.) SHU (HKLM\...\{DF11DD92-DBB8-4F3F-9564-A8BBDBE986F5}_is1) (Version: 1.0 - ScreenShu Software) Sinonad version 1.3 (HKLM\...\Sinonad_is1) (Version: 1.3 - ) Soft4Boost Photo Studio (HKLM\...\Soft4Boost Photo Studio_is1) (Version: 6.0.1.481 - Sorentio Systems Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com) try (HKLM\...\try) (Version: 1.0.0 - try) UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 8.0.7.0 - Carifred) Virtual Pool 4 Online (HKLM\...\{5A6D5262-319B-4E74-A631-8EBF3D3952AC}) (Version: 4.4.9.0 - Celeris) VVCap 2.4.2 (HKLM\...\{932A5F10-F7EF-4862-AACE-1A8668EDE085}) (Version: 2.4.2 - Deodice Ltd) WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) Win Network Tools v1.0 (HKLM\...\Win Network Tools_is1) (Version: 1.0.0.0 - site2unblock.com) WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.1) (HKLM\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.1.1 - Wondershare Software Co.,Ltd.) Wondershare Filmora(Build 7.5.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare) ZuneClock 1.0 (HKLM\...\ZuneClock_is1) (Version: - Respectsoft Company) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{05F77397-E758-4FF3-8798-FC14C8EFDFF3}\localserver32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\ScoutUpdateOnDemand.exe (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{1BDD187F-B797-4574-96DF-2DAE8E887EBC}\InprocServer32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\npScoutUpdate3.dll (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{352FF80C-E7A8-478D-BF23-B0D7AA77BB0E}\localserver32 -> C:\Users\b\AppData\Local\Avira\Scout Update\ScoutUpdate.exe (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{4553208E-9C27-4CC9-872B-12B6AFB7C208}\InprocServer32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\psuser.dll (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{65A4CBCF-BFFA-4050-898A-ABDC011990E7}\localserver32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\ScoutUpdateOnDemand.exe (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{68A83C1A-B9AD-4958-81DC-29CC3B8FEB5D}\InprocServer32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\psuser.dll (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{7C8D6FAC-A906-489B-897C-0FB4CFEFC8D8}\InprocServer32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\npScoutUpdate3.dll (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{AF32ADA2-D8CD-4E81-A878-2E0BD93E054D}\localserver32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\ScoutUpdateOnDemand.exe (Avira Operations GmbH \u0026 Co. KG) CustomCLSID: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000_Classes\CLSID\{BC349E54-E0B4-416D-85E0-1E51879DDA5C}\localserver32 -> C:\Users\b\AppData\Local\Avira\Scout Update\1.3.29.5\ScoutUpdateOnDemand.exe (Avira Operations GmbH \u0026 Co. KG) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D2E827B-6A6A-42F8-8DAC-1CBCF02582E9} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {0F870748-B780-4478-886D-80249DF70F04} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe Task: {0FB80A30-3F55-441D-8FD3-70A131ECFA33} - System32\Tasks\AviraScoutUpdateTaskUserS-1-5-21-2555542477-2720736690-3888076148-1000Core => C:\Users\b\AppData\Local\Avira\Scout Update\ScoutUpdate.exe [2016-09-08] (Avira Operations GmbH \u0026 Co. KG) Task: {2DA93AA7-C9DC-4ECC-8DF7-4A750D275000} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated) Task: {595E9382-3AA3-429C-BB5A-520DEF888783} - \Microsoft\Windows\NetTrace\Cache updating idle -> No File <==== ATTENTION Task: {5D916590-25A3-4FDD-898A-E533E07E8EE3} - System32\Tasks\Opera scheduled Autoupdate 1469345763 => C:\Program Files\Opera developer\launcher.exe [2016-08-22] (Opera Software) Task: {62507E43-F18B-4201-8ED4-C1CE886313F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {65A4F309-477F-4AE0-BD20-7F1D0F463C65} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC_b => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2016-07-16] (Cybertron Software, Co., Ltd.) Task: {6AF180ED-0A29-46E3-8B69-EFD8577626AC} - \Microsoft\Windows\User Profile Service\Outlook Office 202 -> No File <==== ATTENTION Task: {7F3B4941-F178-4BE1-947D-A1A0433A6A8E} - System32\Tasks\{1353EF40-CB8B-47E4-9CF6-7561377907EE} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Fotor\Fotor.exe" Task: {869D7377-0B10-472B-8FF7-0B885F6DA41F} - System32\Tasks\AviraScoutUpdateTaskUserS-1-5-21-2555542477-2720736690-3888076148-1000UA => C:\Users\b\AppData\Local\Avira\Scout Update\ScoutUpdate.exe [2016-09-08] (Avira Operations GmbH \u0026 Co. KG) Task: {8765466C-1D41-49AB-8F53-BEB51BD99650} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] () Task: {943EB073-000F-4821-AD29-8194E27F8B3B} - System32\Tasks\Cezurity Antivirus Scanner Idle Launcher => C:\Program Files\Cezurity\Antivirus\Cezurity_Antivirus.exe [2016-06-07] (Cezurity) Task: {AFEC3943-F646-4B87-BC35-9A573993DF3F} - System32\Tasks\{46B96245-88EA-4520-9A31-ADEF0225FBB9} => C:\Program Files\Fotor\Fotor.exe [2016-02-19] () Task: {B6AC8843-911E-464B-9716-5EAA0D65FE13} - System32\Tasks\Opera scheduled Autoupdate 1469344953 => C:\Program Files\Opera\launcher.exe [2016-08-03] (Opera Software) Task: {E16FB05B-0625-4250-ACDC-D551DB303748} - \Microsoft\Windows\Multimedia\Adobe Flash 202 -> No File <==== ATTENTION Task: {E9E8C89C-88DB-4D8D-9D38-ADD10820872C} - \Secure PC Tuneup -> No File <==== ATTENTION Task: {F2583481-5C2B-4109-84B0-EDBBADDD5CA5} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AviraScoutUpdateTaskUserS-1-5-21-2555542477-2720736690-3888076148-1000Core.job => C:\Users\b\AppData\Local\Avira\Scout Update\ScoutUpdate.exe Task: C:\Windows\Tasks\AviraScoutUpdateTaskUserS-1-5-21-2555542477-2720736690-3888076148-1000UA.job => C:\Users\b\AppData\Local\Avira\Scout Update\ScoutUpdate.exe Task: C:\Windows\Tasks\Cezurity Antivirus Scanner Idle Launcher.job => C:\Program Files\Cezurity\Antivirus\Cezurity_Antivirus.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\b\Favorites\Fotor for desktop.lnk -> hxxp://www.fotor.com/windows/review.html ShortcutWithArgument: C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\87c06b8e04ccb8cf\Person 2 - Avira Scout.lnk -> C:\Users\b\AppData\Local\Avira\Scout\Application\scout.exe (Avira Operations GmbH & Co. KG) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4242a155fcc27c2b\FlashPeak Slimjet.lnk -> C:\Program Files\Slimjet\slimjet.exe (FlashPeak Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2016-09-08 20:57 - 2016-04-15 17:11 - 00023968 _____ () C:\Program Files\Bitdefender\Tools\BDAntiRansomware\InjectionDll.dll 2016-04-18 04:59 - 2016-06-20 14:48 - 01506304 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2016-04-18 04:59 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2016-06-16 00:50 - 2016-06-16 00:50 - 02972856 _____ () C:\Program Files\ACD Systems\ACDSee Pro\9.0\ACDSeeCommanderPro9.exe 2016-05-12 17:36 - 2016-05-12 17:36 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5d3fdf7962e3a154830b603096be4216\IsdiInterop.ni.dll 2016-04-09 21:32 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2016-09-14 16:37 - 2016-09-14 16:37 - 19588800 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48164560.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\48164560.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2555542477-2720736690-3888076148-1000\...\cezurity.com -> hxxps://vk-local-server.cezurity.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-08-30 06:00 - 2016-09-13 03:51 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2555542477-2720736690-3888076148-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{08C2073B-88E5-4FB2-90A6-B5EFF465DF68}] => (Allow) C:\Program Files\Globus\GlobusService.exe FirewallRules: [{542B834B-90BF-455C-A763-2B10EEFBE351}] => (Allow) C:\Program Files\Globus\GlobusService.exe FirewallRules: [{6FDDF9D8-832E-43E8-B85D-C29C75F2555F}] => (Allow) C:\Program Files\8BallClub\GameDirector.exe FirewallRules: [{B61FC808-FA26-42BA-986D-000DADF822BA}] => (Allow) C:\Program Files\8BallClub\GameDirector.exe FirewallRules: [{9BD882EA-6ECA-4E97-8264-56750AE0A6FC}] => (Allow) C:\Program Files\Cezurity\Antivirus\CzAvSvc.exe FirewallRules: [{9E30CEF8-9410-4BE9-B2FB-FE2C0342DE38}] => (Allow) C:\Program Files\Cezurity\Antivirus\Cezurity_Antivirus.exe FirewallRules: [{7FA96801-E232-4E96-8A6D-BB8F563646C9}] => (Allow) C:\Program Files\Globus\GlobusService.exe FirewallRules: [{B68F3CDE-7951-48B5-BA74-724951535872}] => (Allow) C:\Program Files\Globus\GlobusService.exe StandardProfile\AuthorizedApplications: [C:\Users\b\AppData\Local\Temp\RarSFX2\key.exe] => Enabled:key ==================== Restore Points ========================= 13-09-2016 21:22:05 Scheduled Checkpoint 14-09-2016 03:00:15 Windows Update 14-09-2016 04:35:35 Removed Adblock Plus for IE (32-bit) 14-09-2016 05:39:14 Revo Uninstaller's restore point - Adobe Flash Player 23 ActiveX 14-09-2016 05:40:21 Revo Uninstaller's restore point - Adobe Flash Player 23 NPAPI ==================== Faulty Device Manager Devices ============= Name: Globus TAP-Windows Adapter V9 Description: Globus TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Globus Partners Ltd. Service: tap0903 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom 802.11n Network Adapter Description: Broadcom 802.11n Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/14/2016 04:22:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hmpsched.exe, version: 3.7.0.5, time stamp: 0x571e88e4 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x498 Faulting application start time: 0x01d20e8af8f62d0c Faulting application path: C:\Program Files\HitmanPro\hmpsched.exe Faulting module path: unknown Report Id: 43e9e4f4-7a7e-11e6-b271-60eb69d80f07 Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (09/14/2016 05:03:21 AM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) System errors: ============= Error: (09/14/2016 04:22:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error: (09/14/2016 06:06:50 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. Error: (09/14/2016 05:03:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/14/2016 05:03:22 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. CodeIntegrity: =================================== Date: 2016-09-02 18:15:26.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\b\AppData\Local\temp\7zS8722366B\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:26.985 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\b\AppData\Local\temp\7zS8722366B\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:26.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\b\AppData\Local\temp\7zS8722366B\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:26.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\b\AppData\Local\temp\7zS8722366B\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.421 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.418 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.414 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.411 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.407 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 18:15:25.403 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentage of memory in use: 65% Total physical RAM: 2806.81 MB Available physical RAM: 964.93 MB Total Virtual: 5611.95 MB Available Virtual: 3566.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:117.09 GB) (Free:16.26 GB) NTFS Drive d: () (Fixed) (Total:180.9 GB) (Free:2.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1116A09C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=180.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================