Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31
  1. #1
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Angry DesktopGames virus

    Hi so i recently got infested with the DesktopGames virus Imgur: The most awesome images on the Internet .I got it from here HuniePop v1.2.0 Free Download .When i try to uninstal it just starts instaling other programs.From time to time it start randomly instaling things ( like here : Imgur: The most awesome images on the Internet ) and i can't stop them unless i close them from task manager proceses . ANd it keeps instaling MyStartSearch as my chrome start page. I ran adwcleaner 15 times but it cannot delete 1 file :

    # AdwCleaner v5.003 - Logfile created 25/08/2015 at 11:00:10
    # Updated 20/08/2015 by Xplode
    # Database : 2015-08-20.1 [Local]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Cojocariu - COJOCARIU-PC
    # Running from : C:\Users\Cojocariu\Marian\Programe\adwcleaner_5.003.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
    [-] Key Deleted : HKCU\Software\Tutorials
    [-] Key Deleted : HKLM\SOFTWARE\Tutorials
    [!] Key Not Deleted : [x64] HKCU\Software\Tutorials

    ***** [ Web browsers ] *****


    *************************

    :: Proxy settings cleared
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [973 bytes] ##########




    What can i do to delete that [x64] HKCU\Software\Tutorials ? If i scan again it will give me this Imgur: The most awesome images on the Internet , and again the same thing ...Pls help, i've been at it since 7 am

  2. #2
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Default

    after some more tries i managed to uninstal everything with some help from avg pc tuneup but i still get this after my computer restarts
    # AdwCleaner v5.003 - Logfile created 25/08/2015 at 11:59:26
    # Updated 20/08/2015 by Xplode
    # Database : 2015-08-20.1 [Local]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Cojocariu - COJOCARIU-PC
    # Running from : C:\Users\Cojocariu\Marian\Programe\adwcleaner_5.003.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

    ***** [ Web browsers ] *****


    *************************

    :: Proxy settings cleared
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C10].txt - [838 bytes] #########

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Please download Farbar Recovery Scan Tool and save it to your Desktop. You need the 64 Bit version of FARBER...

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.[/*]
    • Press Scan button.[/*]
    • It will produce a log called FRST.txt in the same directory the tool is run from.[/*]
    • Please copy and paste log back here.[/*]
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/*]


    I'll be back at 4 pm after work to help you. Don't run any more scans.

    Thanks
    Joe

  4. #4
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
    Ran by Cojocariu (2015-08-25 18:29:57)
    Running from C:\Users\Cojocariu\Marian\Programe
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2024464361-3801304151-1858280074-500 - Administrator - Disabled)
    Cojocariu (S-1-5-21-2024464361-3801304151-1858280074-1001 - Administrator - Enabled) => C:\Users\Cojocariu
    Guest (S-1-5-21-2024464361-3801304151-1858280074-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2024464361-3801304151-1858280074-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
    2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
    2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
    4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.1.1770 - Open Media LLC)
    4K YouTube to MP3 2.10 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 2.10.4.1435 - Open Media LLC)
    7.1 GAMING HEADSET (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
    Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
    Announcify (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version: - "") <==== ATTENTION
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
    ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
    Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    AutoHotkey 1.1.22.03 (HKLM\...\AutoHotkey) (Version: 1.1.22.03 - Lexikos)
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
    AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.17 - Echobit, LLC)
    Farm Mania 2 (HKLM-x32\...\{6E09365C-5085-48BC-B97C-EF8F6D68AF1C}) (Version: 1.0.5 - LeeGTs Games)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
    GameRanger (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\GameRanger) (Version: - GameRanger Technologies)
    GamesDesktop 092.005010070 (HKLM-x32\...\gmsd_re_005010070_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
    Gaming Keyboard Driver (HKLM-x32\...\{4D2D3DC8-404C-46E2-B57C-49C45BD110AC}) (Version: 1.0 - LXD)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version: - )
    Life Is Strange Episode 2 (HKLM-x32\...\Life Is Strange Episode 2_is1) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
    Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.88.77.0 - Overwolf Ltd.)
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Streamtip Alerter (HKLM-x32\...\{946E75BA-B3DA-470C-80EC-66AE17107334}_is1) (Version: 0.2.2 - NightDev, LLC)
    SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
    System Requirements Lab Detection (HKLM-x32\...\{8DE77933-6CBE-4E65-8C84-BE5218EA8493}) (Version: 6.1.6.0 - Husdawg, LLC)
    TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
    Unity Web Player (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F0515F-9CE7-450B-BF2C-573FCFB9B51C} - System32\Tasks\Fk8TnM3nMLteRyZ => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe [2015-04-20] () <==== ATTENTION
    Task: {07F0C369-0912-4EF8-9E70-C613372D94E7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
    Task: {108A31DF-E7AF-4D91-BD79-0391C93B53F9} - System32\Tasks\XquZ27VtqL6Ubuf => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe [2015-04-20] () <==== ATTENTION
    Task: {3FFFF5F6-B95A-442A-AE45-8C5F10615F23} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-08-13] (Overwolf LTD)
    Task: {41CEC19F-3CDE-4DE3-BAFB-FD24B6AEB6BA} - System32\Tasks\{E9CFE688-7195-4C92-83F0-59631FF1B1C0} => Chrome.exe Download Skype for Desktop
    Task: {43953CB6-3716-4F8B-8CE3-F8384CCB2430} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
    Task: {4579AF3A-7CA6-49BE-BBD0-440B0EBC298D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
    Task: {495166AB-C8D6-4AC3-B304-2B6D44FD9979} - System32\Tasks\updateTask => c:\task.vbs [2015-08-25] ()
    Task: {5C039082-0491-4665-97F0-6F15832A9356} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
    Task: {7D72CC1F-3ADB-4F40-8965-386C239DC20A} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe
    Task: {802AB4E8-C3E3-4923-AAA0-9BBF278D836C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
    Task: {8D7D736A-3DCD-4534-AC56-11078F302E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
    Task: {9F07C10F-BA12-42CC-85A9-B6D9DC7A7D0C} - System32\Tasks\runTask => %TEMP%/Updater.exe
    Task: {A2AB99E8-2B8E-482B-86DD-BFAFC8019089} - System32\Tasks\{001D88C3-C04F-41AD-A51E-220F79B19063} => Chrome.exe Download Skype for Desktop
    Task: {BD83FEC2-5306-42AA-9D35-B28EE65C2820} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C1B7FE67-4BF9-4B14-AA42-9CF2189E4D14} - System32\Tasks\{085A0E65-BDD3-4CBC-8168-46AEBAD960FB} => pcalua.exe -a C:\Users\Cojocariu\Marian\Jocuri\GameforgeLive\Games\GBR_eng\Metin2\unins000.exe
    Task: {CB89617F-2819-4D72-B3CA-2F312D16E9F5} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
    Task: {D619B234-9D50-419A-A9E2-2CA8CA14606A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
    Task: {F0A9532B-E3A0-40AC-8AEC-3F3DD0A8200A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\Fk8TnM3nMLteRyZ.job => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\XquZ27VtqL6Ubuf.job => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-13 19:37 - 2015-08-18 03:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-08-25 07:04 - 2015-08-25 07:04 - 00137728 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\hnsl49A6.tmp
    2015-08-25 07:04 - 2015-08-25 07:04 - 00227328 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\jnsx33DA.tmp
    2015-08-04 15:26 - 2015-08-04 15:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
    2010-07-15 07:44 - 2010-07-15 07:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-10-21 23:31 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2015-08-25 07:13 - 2015-08-12 00:00 - 00077824 ____H () C:\Program Files (x86)\baidu\pps.exe
    2015-02-24 22:17 - 2012-02-14 17:33 - 00184320 _____ () C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
    2015-08-04 15:26 - 2015-08-04 15:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
    2015-02-24 22:17 - 2011-10-09 16:44 - 00069632 _____ () C:\Program Files (x86)\Gaming Keyboard\OSD.exe
    2015-08-25 12:31 - 2015-08-24 12:51 - 03978896 _____ () C:\Program Files (x86)\gmsd_re_005010070\gmsd_re_005010070.exe
    2015-08-25 17:12 - 2015-08-25 17:12 - 00490496 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\knsy423D.tmp
    2015-04-13 19:18 - 2015-08-18 02:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2014-10-24 21:34 - 2014-10-24 21:11 - 00002048 ____R () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
    2015-02-24 22:17 - 2012-03-06 16:14 - 00057344 _____ () C:\Program Files (x86)\Gaming Keyboard\lan.dll
    2015-08-22 00:41 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
    2015-08-22 00:41 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cojocariu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{44FA5D23-C79A-4627-9BE0-8E9002F04A16}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{02F1E22D-AC07-4A00-8008-25A6E58F686E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{8AD38B8E-4AD1-4C3D-BBEC-78F6554DBD5B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{FB32DB76-C453-446A-BB16-99E8B1C7F2EF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{7129A5AF-3E14-4C61-8619-19AB6FD02039}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{324A5258-FF7A-4E45-8DF0-643AAC8C0CCF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{EA1C5FF8-8E9D-4EB6-9270-7034177A12D0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{C7D4AB18-0470-4984-B404-3A4998AC717E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{8667CDE7-0DA4-4F79-8685-851E920FECFE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [TCP Query User{2964345C-F449-429B-A9BA-FCA7ED19E67C}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{036D8B49-F4D4-48FE-BFB6-2E8A93D88A79}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{7281C0B7-32D9-457B-B8CC-335B7B451681}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{65CDB1D8-2F1C-4376-8BD3-0CFE0696D449}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [TCP Query User{673377E9-05DE-490E-97D7-B460BD83B63E}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe
    FirewallRules: [UDP Query User{E8840742-3254-43EF-AAF5-740A1985ACBE}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe
    FirewallRules: [TCP Query User{B11AE08F-D32F-486A-A004-F485867D5117}C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe
    FirewallRules: [UDP Query User{8BD7C63B-3015-425B-946E-1AEDFA270149}C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe
    FirewallRules: [TCP Query User{87813786-DD86-4A60-A80B-58ACB78E22BF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{BB33E34A-D669-4F86-B457-D3F456B324C1}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [{8EF24B74-F305-4FCD-B58D-092642F7D90B}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\Steam.exe
    FirewallRules: [{22EBC378-6DAC-4ADD-9D98-D28296C3D279}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\Steam.exe
    FirewallRules: [{945211E3-27E8-41EE-82FA-9C794E1E5F64}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4C8A7D69-363C-4F66-807F-98CFD79904DF}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{43D6138F-7B51-46F1-8819-DD4A5E96E67A}C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
    FirewallRules: [UDP Query User{9561C6AC-9836-49BD-8E81-7499A4442FE5}C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
    FirewallRules: [{3451276A-1CCF-4D61-A316-2470AA2C2556}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{DC787286-00D7-4233-8484-6BF470059A5B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [TCP Query User{5B067DD3-2859-4C0F-9FE2-AA226A8A6CE5}C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe
    FirewallRules: [UDP Query User{8715B662-2447-45A5-8BAD-3C0E5B856408}C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe
    FirewallRules: [{5EDCAB3B-3CE9-43FD-B599-37B994ED96C9}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{C3FBC552-6BA4-402D-AF5E-44633C782B2A}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{F3CA71B1-AFAA-4D0C-8196-0175DFAF1B4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C7D6154F-D0CA-45F4-8F8B-AAFAB8EEBA9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9476728-9D1C-415F-8DDF-448A28D9F201}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3CE581A7-C9D4-45A9-8F88-2347215EB757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{87A252FC-5895-454D-9C06-F8D3A364C9BE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6F89B2AF-E19A-4F12-BBB2-CA54DD1E14EB}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{15100587-BCAD-46A4-A0D7-7FAD02963EB7}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{B599D3A1-B673-46BA-9F3A-12775F5830BC}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
    FirewallRules: [{293798D9-6391-4E18-8D21-93330C2E9B17}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
    FirewallRules: [TCP Query User{BAEC1481-B92C-4C14-ABEB-5DAE8C922A7F}C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [UDP Query User{AF9669F0-CA18-48D2-88EA-B887D7870729}C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [{55C8E225-84BB-41DD-AA08-B82A67665602}] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [{8BE12B28-0BC7-4946-B5A4-DFB057A8C2ED}] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [TCP Query User{0E777ECC-E5E1-4C75-B912-F7C4DCDF8177}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe
    FirewallRules: [UDP Query User{19B17ADB-30B4-4A3C-AEC6-6C3A2A591172}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe
    FirewallRules: [{4F98F69E-121D-4D3B-9179-DA32D270AC16}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
    FirewallRules: [TCP Query User{89EC61BD-6315-45CC-9A51-448E5F6E3181}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{F827A45B-A30D-490E-BE4F-94CEB53B10CC}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{18C3D4D6-5D04-45A8-858E-B6D1A17B408A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{7B7EFBBA-6639-467B-AC39-630A7A5E9325}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{AA03E976-B3E9-42D5-BF81-8060137327BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{205ED5AE-3B40-493F-8C3F-2094E2A15E58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{769D1791-6190-401E-A256-745B2CEF95A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{AE8BC0B3-47BA-47A4-B296-11D610843B6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{325AD752-C08A-4041-B14D-303C5940B53F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/25/2015 06:29:58 PM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 06:29:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 12:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Exception code: 0xc0000005
    Fault offset: 0x000b8554
    Faulting process id: 0xd94
    Faulting application start time: 0xrads_user_kernel.exe0
    Faulting application path: rads_user_kernel.exe1
    Faulting module path: rads_user_kernel.exe2
    Report Id: rads_user_kernel.exe3

    Error: (08/25/2015 11:53:14 AM) (Source: ESENT) (EventID: 215) (User: )
    Description: WinMail (2104) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

    Error: (08/25/2015 11:48:12 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:48:12 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:47:36 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:47:36 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:44:12 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:44:12 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator


    System errors:
    =============
    Error: (08/25/2015 01:02:27 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

    Error: (08/25/2015 12:04:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80070422

    Error: (08/25/2015 12:04:32 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80070422

    Error: (08/25/2015 12:04:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (08/25/2015 11:59:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AVG PC TuneUp Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Cool Barcode service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office:
    =========================

    CodeIntegrity:
    ===================================
    Date: 2015-08-11 13:26:48.357
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.301
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.169
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.557
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.505
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.452
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.336
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.283
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
    Percentage of memory in use: 42%
    Total physical RAM: 4087.05 MB
    Available physical RAM: 2345.35 MB
    Total Virtual: 8172.31 MB
    Available Virtual: 5577.26 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:116.03 GB) NTFS
    Drive d: (20150618_1107) (CDROM) (Total:0.78 GB) (Free:0 GB) CDFS
    Drive f: (AGE2_X1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39A4CAA3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of FRST.txt ============================

  5. #5
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
    Ran by Cojocariu (2015-08-25 18:29:57)
    Running from C:\Users\Cojocariu\Marian\Programe
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2024464361-3801304151-1858280074-500 - Administrator - Disabled)
    Cojocariu (S-1-5-21-2024464361-3801304151-1858280074-1001 - Administrator - Enabled) => C:\Users\Cojocariu
    Guest (S-1-5-21-2024464361-3801304151-1858280074-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2024464361-3801304151-1858280074-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
    2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
    2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
    4K Video Downloader 3.6 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.6.1.1770 - Open Media LLC)
    4K YouTube to MP3 2.10 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 2.10.4.1435 - Open Media LLC)
    7.1 GAMING HEADSET (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
    Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Age of Empires II HD The Forgotten (HKLM-x32\...\QWdlb2ZFbXBpcmVzSUlIRFRoZUZvcmdvdHRlbg==_is1) (Version: 1 - )
    Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
    Announcify (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version: - "") <==== ATTENTION
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
    ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
    Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
    AutoHotkey 1.1.22.03 (HKLM\...\AutoHotkey) (Version: 1.1.22.03 - Lexikos)
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
    AVG PC TuneUp 2015 (x32 Version: 15.0.1001.638 - AVG Technologies) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
    DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
    Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.17 - Echobit, LLC)
    Farm Mania 2 (HKLM-x32\...\{6E09365C-5085-48BC-B97C-EF8F6D68AF1C}) (Version: 1.0.5 - LeeGTs Games)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
    GameRanger (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\GameRanger) (Version: - GameRanger Technologies)
    GamesDesktop 092.005010070 (HKLM-x32\...\gmsd_re_005010070_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
    Gaming Keyboard Driver (HKLM-x32\...\{4D2D3DC8-404C-46E2-B57C-49C45BD110AC}) (Version: 1.0 - LXD)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
    GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Life Is Strange (HKLM-x32\...\Life Is Strange_is1) (Version: - )
    Life Is Strange Episode 2 (HKLM-x32\...\Life Is Strange Episode 2_is1) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
    Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
    NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.13.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.13.6 - NVIDIA Corporation)
    NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.88.77.0 - Overwolf Ltd.)
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.13.6 - NVIDIA Corporation) Hidden
    Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Streamtip Alerter (HKLM-x32\...\{946E75BA-B3DA-470C-80EC-66AE17107334}_is1) (Version: 0.2.2 - NightDev, LLC)
    SWF Opener (HKLM-x32\...\{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1) (Version: 1.3 - UnH Solutions)
    System Requirements Lab Detection (HKLM-x32\...\{8DE77933-6CBE-4E65-8C84-BE5218EA8493}) (Version: 6.1.6.0 - Husdawg, LLC)
    TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
    Unity Web Player (HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03F0515F-9CE7-450B-BF2C-573FCFB9B51C} - System32\Tasks\Fk8TnM3nMLteRyZ => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe [2015-04-20] () <==== ATTENTION
    Task: {07F0C369-0912-4EF8-9E70-C613372D94E7} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-08-04] (AVG Technologies)
    Task: {108A31DF-E7AF-4D91-BD79-0391C93B53F9} - System32\Tasks\XquZ27VtqL6Ubuf => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe [2015-04-20] () <==== ATTENTION
    Task: {3FFFF5F6-B95A-442A-AE45-8C5F10615F23} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-08-13] (Overwolf LTD)
    Task: {41CEC19F-3CDE-4DE3-BAFB-FD24B6AEB6BA} - System32\Tasks\{E9CFE688-7195-4C92-83F0-59631FF1B1C0} => Chrome.exe Download Skype for Desktop
    Task: {43953CB6-3716-4F8B-8CE3-F8384CCB2430} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
    Task: {4579AF3A-7CA6-49BE-BBD0-440B0EBC298D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
    Task: {495166AB-C8D6-4AC3-B304-2B6D44FD9979} - System32\Tasks\updateTask => c:\task.vbs [2015-08-25] ()
    Task: {5C039082-0491-4665-97F0-6F15832A9356} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
    Task: {7D72CC1F-3ADB-4F40-8965-386C239DC20A} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe
    Task: {802AB4E8-C3E3-4923-AAA0-9BBF278D836C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
    Task: {8D7D736A-3DCD-4534-AC56-11078F302E55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)
    Task: {9F07C10F-BA12-42CC-85A9-B6D9DC7A7D0C} - System32\Tasks\runTask => %TEMP%/Updater.exe
    Task: {A2AB99E8-2B8E-482B-86DD-BFAFC8019089} - System32\Tasks\{001D88C3-C04F-41AD-A51E-220F79B19063} => Chrome.exe Download Skype for Desktop
    Task: {BD83FEC2-5306-42AA-9D35-B28EE65C2820} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C1B7FE67-4BF9-4B14-AA42-9CF2189E4D14} - System32\Tasks\{085A0E65-BDD3-4CBC-8168-46AEBAD960FB} => pcalua.exe -a C:\Users\Cojocariu\Marian\Jocuri\GameforgeLive\Games\GBR_eng\Metin2\unins000.exe
    Task: {CB89617F-2819-4D72-B3CA-2F312D16E9F5} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
    Task: {D619B234-9D50-419A-A9E2-2CA8CA14606A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-03] (Dropbox, Inc.)
    Task: {F0A9532B-E3A0-40AC-8AEC-3F3DD0A8200A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-07] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\Fk8TnM3nMLteRyZ.job => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\XquZ27VtqL6Ubuf.job => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-13 19:37 - 2015-08-18 03:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-08-25 07:04 - 2015-08-25 07:04 - 00137728 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\hnsl49A6.tmp
    2015-08-25 07:04 - 2015-08-25 07:04 - 00227328 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\jnsx33DA.tmp
    2015-08-04 15:26 - 2015-08-04 15:26 - 00718040 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
    2010-07-15 07:44 - 2010-07-15 07:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
    2014-10-21 23:31 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
    2015-08-25 07:13 - 2015-08-12 00:00 - 00077824 ____H () C:\Program Files (x86)\baidu\pps.exe
    2015-02-24 22:17 - 2012-02-14 17:33 - 00184320 _____ () C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
    2015-08-04 15:26 - 2015-08-04 15:26 - 00861912 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
    2015-02-24 22:17 - 2011-10-09 16:44 - 00069632 _____ () C:\Program Files (x86)\Gaming Keyboard\OSD.exe
    2015-08-25 12:31 - 2015-08-24 12:51 - 03978896 _____ () C:\Program Files (x86)\gmsd_re_005010070\gmsd_re_005010070.exe
    2015-08-25 17:12 - 2015-08-25 17:12 - 00490496 _____ () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\knsy423D.tmp
    2015-04-13 19:18 - 2015-08-18 02:31 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2014-10-24 21:34 - 2014-10-24 21:11 - 00002048 ____R () C:\Program Files\DAEMON Tools Pro\MSIMG32.dll
    2015-02-24 22:17 - 2012-03-06 16:14 - 00057344 _____ () C:\Program Files (x86)\Gaming Keyboard\lan.dll
    2015-08-22 00:41 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
    2015-08-22 00:41 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\sony.com -> sony.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cojocariu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{44FA5D23-C79A-4627-9BE0-8E9002F04A16}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{02F1E22D-AC07-4A00-8008-25A6E58F686E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{8AD38B8E-4AD1-4C3D-BBEC-78F6554DBD5B}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{FB32DB76-C453-446A-BB16-99E8B1C7F2EF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{7129A5AF-3E14-4C61-8619-19AB6FD02039}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{324A5258-FF7A-4E45-8DF0-643AAC8C0CCF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{EA1C5FF8-8E9D-4EB6-9270-7034177A12D0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{C7D4AB18-0470-4984-B404-3A4998AC717E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{8667CDE7-0DA4-4F79-8685-851E920FECFE}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [TCP Query User{2964345C-F449-429B-A9BA-FCA7ED19E67C}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{036D8B49-F4D4-48FE-BFB6-2E8A93D88A79}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{7281C0B7-32D9-457B-B8CC-335B7B451681}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{65CDB1D8-2F1C-4376-8BD3-0CFE0696D449}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [TCP Query User{673377E9-05DE-490E-97D7-B460BD83B63E}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe
    FirewallRules: [UDP Query User{E8840742-3254-43EF-AAF5-740A1985ACBE}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\empires2.exe
    FirewallRules: [TCP Query User{B11AE08F-D32F-486A-A004-F485867D5117}C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe
    FirewallRules: [UDP Query User{8BD7C63B-3015-425B-946E-1AEDFA270149}C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\cojocariu\appdata\roaming\gameranger\gameranger\gameranger.exe
    FirewallRules: [TCP Query User{87813786-DD86-4A60-A80B-58ACB78E22BF}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{BB33E34A-D669-4F86-B457-D3F456B324C1}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [{8EF24B74-F305-4FCD-B58D-092642F7D90B}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\Steam.exe
    FirewallRules: [{22EBC378-6DAC-4ADD-9D98-D28296C3D279}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\Steam.exe
    FirewallRules: [{945211E3-27E8-41EE-82FA-9C794E1E5F64}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4C8A7D69-363C-4F66-807F-98CFD79904DF}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{43D6138F-7B51-46F1-8819-DD4A5E96E67A}C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
    FirewallRules: [UDP Query User{9561C6AC-9836-49BD-8E81-7499A4442FE5}C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) C:\users\cojocariu\marian\jocuri\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
    FirewallRules: [{3451276A-1CCF-4D61-A316-2470AA2C2556}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{DC787286-00D7-4233-8484-6BF470059A5B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [TCP Query User{5B067DD3-2859-4C0F-9FE2-AA226A8A6CE5}C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe
    FirewallRules: [UDP Query User{8715B662-2447-45A5-8BAD-3C0E5B856408}C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empires iii - complete collection\bin\age3.exe
    FirewallRules: [{5EDCAB3B-3CE9-43FD-B599-37B994ED96C9}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{C3FBC552-6BA4-402D-AF5E-44633C782B2A}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\Unturned\Unturned.exe
    FirewallRules: [{F3CA71B1-AFAA-4D0C-8196-0175DFAF1B4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C7D6154F-D0CA-45F4-8F8B-AAFAB8EEBA9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A9476728-9D1C-415F-8DDF-448A28D9F201}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3CE581A7-C9D4-45A9-8F88-2347215EB757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{87A252FC-5895-454D-9C06-F8D3A364C9BE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{6F89B2AF-E19A-4F12-BBB2-CA54DD1E14EB}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{15100587-BCAD-46A4-A0D7-7FAD02963EB7}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
    FirewallRules: [{B599D3A1-B673-46BA-9F3A-12775F5830BC}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
    FirewallRules: [{293798D9-6391-4E18-8D21-93330C2E9B17}] => (Allow) C:\Users\Cojocariu\Marian\Jocuri\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
    FirewallRules: [TCP Query User{BAEC1481-B92C-4C14-ABEB-5DAE8C922A7F}C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [UDP Query User{AF9669F0-CA18-48D2-88EA-B887D7870729}C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [{55C8E225-84BB-41DD-AA08-B82A67665602}] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [{8BE12B28-0BC7-4946-B5A4-DFB057A8C2ED}] => (Allow) C:\users\cojocariu\marian\jocuri\civilization\sid meier's civilization v\civilizationv_dx11.exe
    FirewallRules: [TCP Query User{0E777ECC-E5E1-4C75-B912-F7C4DCDF8177}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe
    FirewallRules: [UDP Query User{19B17ADB-30B4-4A3C-AEC6-6C3A2A591172}C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe] => (Allow) C:\users\cojocariu\marian\jocuri\age of empires\age of empire ii - the age of kings\age2_x1\age2_x1.exe
    FirewallRules: [{4F98F69E-121D-4D3B-9179-DA32D270AC16}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
    FirewallRules: [TCP Query User{89EC61BD-6315-45CC-9A51-448E5F6E3181}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{F827A45B-A30D-490E-BE4F-94CEB53B10CC}C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\cojocariu\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [{18C3D4D6-5D04-45A8-858E-B6D1A17B408A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{7B7EFBBA-6639-467B-AC39-630A7A5E9325}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{AA03E976-B3E9-42D5-BF81-8060137327BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{205ED5AE-3B40-493F-8C3F-2094E2A15E58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{769D1791-6190-401E-A256-745B2CEF95A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{AE8BC0B3-47BA-47A4-B296-11D610843B6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{325AD752-C08A-4041-B14D-303C5940B53F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/25/2015 06:29:58 PM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 06:29:58 PM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 12:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
    Exception code: 0xc0000005
    Fault offset: 0x000b8554
    Faulting process id: 0xd94
    Faulting application start time: 0xrads_user_kernel.exe0
    Faulting application path: rads_user_kernel.exe1
    Faulting module path: rads_user_kernel.exe2
    Report Id: rads_user_kernel.exe3

    Error: (08/25/2015 11:53:14 AM) (Source: ESENT) (EventID: 215) (User: )
    Description: WinMail (2104) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

    Error: (08/25/2015 11:48:12 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:48:12 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:47:36 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:47:36 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:44:12 AM) (Source: VSS) (EventID: 12292) (User: )
    Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ].


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator

    Error: (08/25/2015 11:44:12 AM) (Source: VSS) (EventID: 13) (User: )
    Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    ]


    Operation:
    Obtain a callable interface for this provider
    List interfaces for all providers supporting this context
    Query Shadow Copies

    Context:
    Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
    Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
    Snapshot Context: 13
    Snapshot Context: 13
    Execution Context: Coordinator


    System errors:
    =============
    Error: (08/25/2015 01:02:27 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}

    Error: (08/25/2015 12:04:33 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80070422

    Error: (08/25/2015 12:04:32 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: WMPNetworkSvc0x80070422

    Error: (08/25/2015 12:04:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (08/25/2015 11:59:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AVG PC TuneUp Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Cool Barcode service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2015 11:59:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office:
    =========================

    CodeIntegrity:
    ===================================
    Date: 2015-08-11 13:26:48.357
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.301
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.226
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:48.169
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.557
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.505
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.452
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.336
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-08-11 13:26:45.283
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
    Percentage of memory in use: 42%
    Total physical RAM: 4087.05 MB
    Available physical RAM: 2345.35 MB
    Total Virtual: 8172.31 MB
    Available Virtual: 5577.26 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:116.03 GB) NTFS
    Drive d: (20150618_1107) (CDROM) (Total:0.78 GB) (Free:0 GB) CDFS
    Drive f: (AGE2_X1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 39A4CAA3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of FRST.txt ============================

  6. #6
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Default

    i'm going to sleep soon.I'm ussually up at 6AM GMT+3 , so i'll check then.

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    Thanks for posting that Additions.txt log, FARBER makes 2 logs. Additions.txt and FRST.txt

    Please post the FRST.txt log report.

    That log should be located here-->C:\Users\Cojocariu\Marian\Programe

    Next
    Please uninstall this program, if you see it in the programs an features list.

    "GamesDesktop"
    Last edited by zep516; 08-25-2015 at 05:01 PM.

  8. #8
    Member
    Join Date
    Aug 2015
    Posts
    24
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
    Ran by Cojocariu (administrator) on COJOCARIU-PC (26-08-2015 06:45:49)
    Running from C:\Users\Cojocariu\Marian\Programe
    Loaded Profiles: Cojocariu (Available Profiles: Cojocariu)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\knsy423D.tmp
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\hnsl49A6.tmp
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    () C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\jnsx33DA.tmp
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (BitTorrent Inc.) C:\Users\Cojocariu\AppData\Roaming\uTorrent\uTorrent.exe
    () C:\Program Files (x86)\baidu\pps.exe
    (DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    () C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
    () C:\Program Files (x86)\Gaming Keyboard\OSD.exe
    (Beepa P/L) C:\Users\Cojocariu\Marian\Programe\Fraps.3.5.99.Build.15618-FL\fraps.exe
    (Beepa P/L) C:\Users\Cojocariu\Marian\Programe\Fraps.3.5.99.Build.15618-FL\fraps64.dat
    (MiniLite system) C:\Program Files (x86)\MiniLite\ProtectService.exe
    (DTools LIMITED) C:\ProgramData\ZWinManProZ\WinManPro.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
    HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-21] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-18] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
    HKLM-x32\...\Run: [Gaming Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE [184320 2012-02-14] ()
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39179912 2015-08-06] (Dropbox, Inc.)
    HKLM-x32\...\Run: [gmsd_re_005010070] => [X]
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\Run: [uTorrent] => C:\Users\Cojocariu\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-19] (BitTorrent Inc.)
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\Run: [LAN Service] => C:\Users\Cojocariu\AppData\Roaming\CDF51FFF-4A16-47C3-855E-C3ED135FB13D\LAN Service\lansvc.exe [32768 2014-03-21] (Microsoft Corporation)
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe [77824 2015-08-12] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-20] (Microsoft Corporation)
    IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    Startup: C:\Users\Cojocariu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-05-21]
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130849497493798828&GUID=00000000-0000-0000-0000-000000000000
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130849497493857421&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432203466&z=47f9d26c8fb54e54ff0f061g2zac5o0o1efc5z7q4t&from=wpc&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUH84694146941&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2024464361-3801304151-1858280074-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-29] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-29] (Oracle Corporation)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{6B9D7E3D-7EBA-4835-8D83-E8AB10B90816}: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cojocariu\AppData\Roaming\Mozilla\Firefox\Profiles\ucyso1zf.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
    FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-10-22] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-29] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-29] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-10-22] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
    FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Cojocariu\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll No File
    FF Plugin HKU\S-1-5-21-2024464361-3801304151-1858280074-1001: @hola.org/vlc,version=1.8.649 -> C:\Users\Cojocariu\AppData\Local\Hola\firefox_hola\app\vlc No File
    FF Plugin HKU\S-1-5-21-2024464361-3801304151-1858280074-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cojocariu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-08] (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

    Chrome:
    =======
    CHR Profile: C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10
    CHR Extension: (Google Slides) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-22]
    CHR Extension: (Google Docs) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-22]
    CHR Extension: (Google Drive) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-22]
    CHR Extension: (YouTube) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-22]
    CHR Extension: (Google Search) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-22]
    CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-08-22]
    CHR Extension: (Google Sheets) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-22]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-22]
    CHR Extension: (Skype Click to Call) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-22]
    CHR Extension: (Gmail) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-22]
    CHR Profile: C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Slides) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-19]
    CHR Extension: (Google Docs) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-19]
    CHR Extension: (Google Drive) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-19]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-19]
    CHR Extension: (YouTube) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
    CHR Extension: (Google Search) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
    CHR Extension: (Google Sheets) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-19]
    CHR Extension: (Announcify) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mmiolkcfamcbpoandjpnefiegkcpeoan [2015-05-29]
    CHR Extension: (Google Wallet) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-19]
    CHR Extension: (Listen on Repeat Youtube Video Repeater) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pgjcgpbffennccofdpganblbjiglnbip [2015-05-21]
    CHR Extension: (Gmail) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]
    CHR Profile: C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5
    CHR Extension: (Google Slides) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-26]
    CHR Extension: (Google Docs) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-26]
    CHR Extension: (Google Drive) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-26]
    CHR Extension: (YouTube) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-19]
    CHR Extension: (Google Search) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-19]
    CHR Extension: (Google Sheets) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-26]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-07]
    CHR Extension: (Skype Click to Call) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-26]
    CHR Extension: (Gurren Lagann) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lngbnkebonhmnoegmlccobohjhmpgoim [2015-08-26]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
    CHR Extension: (Gmail) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-19]
    CHR Profile: C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6
    CHR Extension: (Google Slides) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
    CHR Extension: (Google Docs) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-25]
    CHR Extension: (Google Drive) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-25]
    CHR Extension: (YouTube) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-25]
    CHR Extension: (Google Search) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-25]
    CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-08-25]
    CHR Extension: (Google Sheets) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
    CHR Extension: (GoHD) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-08-25]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-25]
    CHR Extension: (Skype Click to Call) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
    CHR Extension: (Gmail) - C:\Users\Cojocariu\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-03] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-03] (Dropbox, Inc.)
    R2 dejugyqu; C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\knsy423D.tmp [490496 2015-08-25] () [File not signed]
    S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-05-15] (Echobit LLC)
    R2 fimevebo; C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\hnsl49A6.tmp [137728 2015-08-25] () [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-18] (NVIDIA Corporation)
    R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
    R2 jimocoso; C:\Program Files (x86)\03000200-1440475452-0500-0006-000700080009\jnsx33DA.tmp [227328 2015-08-25] () [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-18] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-18] (NVIDIA Corporation)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1006320 2015-08-13] (Overwolf LTD)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2973400 2015-08-04] (AVG Technologies)
    R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [44760 2015-08-04] (AVG Technologies)
    R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WindowsMangerProtect; C:\ProgramData\ZWinManProZ\WinManPro.exe [707720 2015-08-26] (DTools LIMITED) <==== ATTENTION

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-25] (Phoenix Technologies) [File not signed]
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-24] (DT Soft Ltd)
    R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-10-21] (Echobit, LLC)
    S3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-18] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    R3 SgamingkbFltr; C:\Windows\System32\drivers\GKS16Fltr.sys [14848 2011-12-20] (LXD Development, Inc.)
    S3 TBPanel; no ImagePath
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-06-25] (TuneUp Software)
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    A few items to fix


    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad. Do not copy the word code, just what is in the box making sure to get it all !
    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    Task: {03F0515F-9CE7-450B-BF2C-573FCFB9B51C} - System32\Tasks\Fk8TnM3nMLteRyZ => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe [2015-04-20] () <==== ATTENTION
    Task: {108A31DF-E7AF-4D91-BD79-0391C93B53F9} - System32\Tasks\XquZ27VtqL6Ubuf => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe [2015-04-20] () <==== ATTENTION
    C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe
    C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe
    Task: {9F07C10F-BA12-42CC-85A9-B6D9DC7A7D0C} - System32\Tasks\runTask => %TEMP%/Updater.exe
    Task: C:\Windows\Tasks\Fk8TnM3nMLteRyZ.job => C:\Users\Cojocariu\AppData\Roaming\Fk8TnM3nMLteRyZ.exe <==== ATTENTION
    Task: C:\Windows\Tasks\XquZ27VtqL6Ubuf.job => C:\Users\Cojocariu\AppData\Roaming\XquZ27VtqL6Ubuf.exe <==== ATTENTION
    2015-08-25 07:13 - 2015-08-12 00:00 - 00077824 ____H () C:\Program Files (x86)\baidu\pps.exe
    C:\Program Files (x86)\baidu
    2015-08-25 12:31 - 2015-08-24 12:51 - 03978896 _____ () C:\Program Files (x86)\gmsd_re_005010070\gmsd_re_005010070.exe
    C:\Program Files (x86)\gmsd_re_005010070
    HKLM-x32\...\Run: [gmsd_re_005010070] => [X]
    HKU\S-1-5-21-2024464361-3801304151-1858280074-1001\...\Run: [uTorrent] => C:\Users\Cojocariu\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-19] (BitTorrent Inc.)
    IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\lifecam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432203466&z=47f9d26c8fb54e54ff0f061g2zac5o0o1efc5z7q4t&from=wpc&uid=WDCXWD5000AAKX-001CA0_WD-WMAYUH84694146941&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-2024464361-3801304151-1858280074-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
    R2 WindowsMangerProtect; C:\ProgramData\ZWinManProZ\WinManPro.exe [707720 2015-08-26] (DTools LIMITED) <==== ATTENTION
    C:\ProgramData\ZWinManProZ
    S3 TBPanel; no ImagePath
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to C:\Users\Cojocariu\Marian\Programe (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait. The Fixlog should be found here--> C:\Users\Cojocariu\Marian\Programe
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next
    • Please download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
    • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • post that saved log to your next reply.


    Post the Fixlog.txt
    Post the Malwarebytes log.

    You need to install an Anti Virus program, I recommend this one for now. Install it, do a scan with it.

    Also I would uninstall AVG Tune up now

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    See if it's here----> C:\Users\Cojocariu\Marian\Programe

Page 1 of 4 123 ... LastLast