Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015 Ran by Boogu at 2015-05-03 13:00:56 Running from C:\Users\My\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-726693931-1207658914-1467568268-500 - Administrator - Disabled) Boogu (S-1-5-21-726693931-1207658914-1467568268-1001 - Administrator - Enabled) => C:\Users\Boogu Gast (S-1-5-21-726693931-1207658914-1467568268-501 - Limited - Disabled) My (S-1-5-21-726693931-1207658914-1467568268-1002 - Limited - Enabled) => C:\Users\My ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACDSee Pro 2.5 (HKLM-x32\...\{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}) (Version: 2.5.358 - ACD Systems International) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Advanced Key and Mouse Recorder (HKLM-x32\...\Macro) (Version: 2 - Grass Software) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.51.1288, 07.08.2013 - AIMP DevTeam) Albelli Fotobücher (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies) AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden Banking 4W (HKLM-x32\...\TopBanking) (Version: - Subsembly GmbH) Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06079 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06079 - Cisco Systems, Inc.) Hidden Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-726693931-1207658914-1467568268-1001\...\Dropbox) (Version: 2.2.13 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.) Easy Macro Recorder 4.7 (HKLM-x32\...\Easy Macro Recorder_is1) (Version: - GoldSolution Software, Inc.) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.24 - Lenovo) Energy Manager (x32 Version: 1.0.0.24 - Lenovo) Hidden Evernote v. 5.0.1 (HKLM-x32\...\{16FAE17E-1B3E-11E3-B23E-984BE15F174E}) (Version: 5.0.1.1188 - Evernote Corp.) FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.9.56.313 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin) GnuCash 2.4.13 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team) Google Chrome (HKLM-x32\...\{84EE38CA-199D-3BCC-8649-3464469BB54C}) (Version: 65.130.49228 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1304-148929CC1385}) (Version: 3.0.1304.0338 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation) Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{12fc27dc-b637-4ebb-b424-26feff9598c5}) (Version: 16.0.4 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation) KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10233 - Realtek Semiconductor Corp.) Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG) Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.18.1 - ELAN Microelectronic Corp.) Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.4241 - Lenovo) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.) Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden LibreOffice 4.2.7.2 (HKLM-x32\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd) Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden OpenVPN 2.3.6-I601 (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - ) Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA) Opera Stable 29.0.1795.47 (HKU\.DEFAULT\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA) paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge) Pokki Download Helper (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.21229 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7133 - Realtek Semiconductor Corp.) SecureW2 EAP Suite 1.1.1 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - ) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - ) Synology Cloud Station (remove only) (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\Synology CloudStation) (Version: - ) TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - ) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20935 - TeamViewer) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinDirStat 1.1.2 (HKU\S-1-5-21-726693931-1207658914-1467568268-1001\...\WinDirStat) (Version: - ) Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WISO Mein Geld 2014 Standard (HKLM-x32\...\WISO Mein Geld 2014 Standard) (Version: - Buhl Data Service GmbH) WISO Mein Geld 2014 Standard (x32 Version: 16.0.1.0 - Buhl Data Service GmbH) Hidden Wuala (HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\Wuala) (Version: 1.0.444.0 - LaCie) Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.107.0 - LaCie) Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.2 - LaCie) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Boogu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\My\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\My\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: ) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\My\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: ) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\My\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\My\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: ) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\My\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: ) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\My\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\My\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\My\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-726693931-1207658914-1467568268-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\My\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-04-2015 22:45:37 Windows Update 19-04-2015 12:19:43 Installed Pdfedit 26-04-2015 18:24:52 Windows Update 02-05-2015 08:53:55 Installed AVG 2015 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {16F26E84-3C7C-4FFA-9B76-9BB332DBAFDF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {1DDAE362-0AB2-48FF-88EA-B5A01DD0DEE8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {1EB58242-843E-4989-BE33-D2B5DE9CF8AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {3A542976-2B27-4045-AFBB-F9D829D7F796} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {53ECEDA0-B4B5-4FFC-82CD-118F8070A7BC} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo) Task: {734172BD-769E-42E0-9456-930F14B8B55A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {752EB73E-80F8-4FE7-9136-ED354700832D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {7C126201-37D5-4CB3-AE4B-BF1B1578BBE2} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] () Task: {AB2D5CBB-F749-4751-897C-A3F5E0AE368E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {B2C216F2-6163-420D-AA3B-C3FE3F3E0936} - System32\Tasks\Opera scheduled Autoupdate 1380486606 => C:\Users\My\AppData\Local\Programs\Opera\launcher.exe [2015-04-17] (Opera Software) Task: {BA17D917-8DDF-41F6-AD1A-918D6C683EF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {BD548D19-026B-44AA-AA63-9AE82546FE70} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {BDB328F9-31CB-4ADE-B48C-12B1B5DD1693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-29] (Google Inc.) Task: {BEE70C55-5D55-4DC9-BE9F-54F3386913DC} - System32\Tasks\{6E173922-AAF6-4B69-8729-CFEEB684A644} => c:\users\my\appdata\local\programs\opera\launcher.exe [2015-04-17] (Opera Software) Task: {E35F6645-A485-4719-8EFA-962907E5C559} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {F2C543D1-9510-4198-B408-AC18855CB89D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-17] (Microsoft Corporation) Task: {FB75242B-5381-42AA-983D-DF148DB13BE8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-22 09:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2013-04-15 15:45 - 2013-04-15 15:45 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-04-15 15:45 - 2013-04-15 15:45 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2014-01-23 04:53 - 2014-01-23 04:53 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe 2013-08-07 21:59 - 2013-08-07 21:59 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe 2013-08-07 21:59 - 2013-08-07 21:59 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-01-28 22:08 - 2015-01-28 22:08 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2014-10-26 18:56 - 2014-10-26 18:55 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2013-08-07 21:21 - 2013-05-09 14:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-03-07 19:06 - 2015-04-23 20:25 - 40518200 _____ () C:\Users\My\AppData\Roaming\Spotify\libcef.dll 2015-05-03 12:34 - 2015-05-03 12:34 - 00043008 _____ () c:\users\my\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxlpipz.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\My\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2013-09-11 16:05 - 2013-09-11 16:05 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2013-09-11 16:04 - 2013-09-11 16:04 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2015-03-07 19:06 - 2015-04-23 20:25 - 01365560 _____ () C:\Users\My\AppData\Roaming\Spotify\libglesv2.dll 2015-03-07 19:06 - 2015-04-23 20:25 - 00219192 _____ () C:\Users\My\AppData\Roaming\Spotify\libegl.dll 2015-03-07 19:06 - 2015-03-25 14:45 - 09305656 _____ () C:\Users\My\AppData\Roaming\Spotify\pdf.dll 2015-03-07 19:06 - 2015-04-23 20:25 - 00990776 _____ () C:\Users\My\AppData\Roaming\Spotify\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-726693931-1207658914-1467568268-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg HKU\S-1-5-21-726693931-1207658914-1467568268-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Macro Expert => 2 HKLM\...\StartupApproved\StartupFolder: => "iSCTsysTray.lnk" HKLM\...\StartupApproved\Run32: => "YouCam Tray" HKLM\...\StartupApproved\Run32: => "mcui_exe" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKU\S-1-5-21-726693931-1207658914-1467568268-1002\...\StartupApproved\StartupFolder: => "Wuala.lnk" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{46555090-EDD2-4B95-AC15-85F6516A3A1A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe FirewallRules: [TCP Query User{C1AD828D-174C-47EF-B0AE-742D8C053AB9}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe FirewallRules: [{95BFC5E3-FBB6-4F30-AA29-3A64E8A71EE1}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [UDP Query User{B0DBF17B-E2CF-4553-A010-7528A25C1245}C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{8AAC795B-D2C4-4640-8384-C08EBAA5DC50}C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\my\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{E58AC858-674C-492D-B3A0-317E78ABB46D}] => (Allow) C:\Users\Boogu\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{26DFC7F3-A5CF-45F4-B74D-98D47BFC64EE}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe FirewallRules: [{B4136AE3-1B26-483F-9924-2958817B06B9}] => (Allow) C:\Program Files (x86)\gnucash\bin\gconfd-2.exe FirewallRules: [{628B2DF1-2122-4F70-B152-540E9121829F}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe FirewallRules: [{85C2CDF8-4113-46DA-9F76-381C5EED5D15}] => (Allow) C:\Program Files (x86)\gnucash\bin\gnucash.exe FirewallRules: [{2EEA4410-9425-444B-89CB-824EC8492D4F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{65798131-A6A3-4A9D-8FC6-B1A49A0AE33C}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1D6EF60D-C4C4-4BA7-8CF8-8EE678268879}] => (Allow) C:\Users\My\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [UDP Query User{5E614882-29BF-46D2-8412-1779C59E8917}C:\users\my\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\my\appdata\roaming\wuala\wuala.exe FirewallRules: [TCP Query User{FB050FD0-758D-4B85-A5CB-EB90CB5F5DCF}C:\users\my\appdata\roaming\wuala\wuala.exe] => (Allow) C:\users\my\appdata\roaming\wuala\wuala.exe FirewallRules: [{1667FB8B-3AB4-432A-8275-2782F48E8B70}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{ADDD502A-C2CC-45C8-BBEE-5607DBCB8212}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{F3CE1D9C-3930-47B5-BCA9-23CDC45BE00E}] => (Allow) C:\Users\Boogu\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4E775116-55E7-43AB-8696-8C6EB101190A}] => (Allow) C:\Users\Boogu\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{5E7FE880-F564-4DC0-B50C-BD06FF73EA5A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E0F7413B-8D53-4477-BD86-A992178708C4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{19A44B10-231C-4D25-86C0-0A82E1C886D6}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{5C59FBA2-62FA-46FA-8B41-F125A924024D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{1FFF415F-35CD-4338-90F5-C476318C216A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{A63FA3A9-1B36-475A-BA00-65E7B3F9DA03}] => (Allow) C:\Program Files\Opera x64\opera.exe FirewallRules: [{FF70BEED-5D55-48FD-A41B-25BD0632D6B5}] => (Allow) C:\Program Files\Opera x64\opera.exe FirewallRules: [{113371E3-9656-48A7-B113-1AEA90DE3A0E}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe FirewallRules: [{C26C2F5A-9CE7-4E70-B1D3-897482B123FE}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe FirewallRules: [{4F490CC2-E864-4A91-820E-574284438594}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{469EAE46-E8E1-4241-99FB-EB76CDCB2E59}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe FirewallRules: [{13B7430D-51AB-4582-A13E-D63583989724}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{D8FF763A-3C57-4FD8-94D3-0A98948B8801}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{8B8E0E8B-525A-47DC-B99B-34DA8E252DA4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{D38735E9-A7E9-4C29-8066-EB91401FCF8D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{D044FC44-D7DF-4188-9863-D1E74077DB21}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{3EB5DEA2-09B4-4ADD-96A6-BB05577B3A54}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{0A215ED0-86C3-49A4-A063-491FDA1AD1E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{0747343A-B85D-4840-9E6F-C5FC82C812C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [TCP Query User{BD169A61-0653-4E52-8EA0-FFFF3C6A1AB0}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe FirewallRules: [UDP Query User{A9866FF4-51D3-49BA-950E-FBF3BAB239E6}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe FirewallRules: [TCP Query User{19838BE1-09F7-455E-87FF-29A0B19A8D68}C:\users\my\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\my\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{B4AD2F89-C330-40F3-966D-A8B1FA584208}C:\users\my\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\my\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{6291D5C1-50A6-4124-A2DA-3619D49E0935}C:\users\my\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\my\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{8BED7F01-01A8-48B0-BF9E-C36F9DDED328}C:\users\my\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\my\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{D921E425-9E96-40DF-8768-F2FD6614F090}C:\users\my\desktop\coursera android\eclipse\eclipse.exe] => (Allow) C:\users\my\desktop\coursera android\eclipse\eclipse.exe FirewallRules: [UDP Query User{88CB815F-30CB-420E-ABC5-8D0F66E9766D}C:\users\my\desktop\coursera android\eclipse\eclipse.exe] => (Allow) C:\users\my\desktop\coursera android\eclipse\eclipse.exe FirewallRules: [{11A5F5D4-E89A-4673-B1E1-72BDA7B4FFEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{291630D9-6850-423A-8CC2-C07FD7AD38CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B2DAD64C-F8D1-4C50-BA62-EB44CE387D95}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{698DDA28-99EA-4BC1-9F1A-1EBD10577F95}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{5B6529BE-EA8C-4774-9225-9A77CCB01058}] => (Allow) C:\Users\My\AppData\Local\Apps\2.0\TLY26W1L.NWP\X0NTPHDM.8YP\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{1C8880AE-D0B5-4A4C-A3D9-174F6625FA45}] => (Allow) C:\Users\My\AppData\Local\Apps\2.0\TLY26W1L.NWP\X0NTPHDM.8YP\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{52E20432-FFC5-40F6-AF99-CA2CE69B8612}] => (Allow) C:\Users\My\AppData\Local\Apps\2.0\TLY26W1L.NWP\X0NTPHDM.8YP\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{C17A6DBC-DD16-479A-B78F-C18AC7D0FB91}] => (Allow) C:\Users\My\AppData\Local\Apps\2.0\TLY26W1L.NWP\X0NTPHDM.8YP\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe FirewallRules: [{7EACC3E3-526C-460A-BC13-5D7067AA7817}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{41294B59-E632-4053-B019-8EADDC9F453D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{798742F0-1194-4E57-AF44-D5A3CD478EEF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{943C1FEE-EB0E-42EB-A0BD-35A6FFFC591A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{429937A3-489E-4DA3-9A37-AC650CB6DD4B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{2011FD28-A7DE-4DB3-ACC5-B141E839A1D3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [TCP Query User{AC4D1FB6-42FC-40EB-A824-B0EB1E39913C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{9AB82B73-E91C-4EBB-A71D-2A36B18A0D56}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{DD95F4D1-7380-4A7B-B3E0-BB4F5E8336F0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{137F7EDD-5094-4BC9-A75A-14B4423B5DCD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{F6F46114-C49C-4093-B2DB-C93BE5C5559D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{A4FC1D00-AC1B-46A3-839F-E45EF01AB4A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{E43C09EF-3CA8-4AD0-A3AF-B366FADFAB7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{CDDFAAFA-2264-4A3C-9466-E6F114AD0CDE}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{54087B4E-9AF2-4E4D-A07A-6155C8AF4BF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{57AC2EAA-8B4C-451C-800B-109B82B229C6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{F5672185-C20F-4E33-8355-19CDC4F6BDE2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/03/2015 00:07:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9016, Zeitstempel: 0x52a1d50f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000420b1 ID des fehlerhaften Prozesses: 0x1c18 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Vollständiger Name des fehlerhaften Pakets: PSIA.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSIA.exe5 Error: (05/02/2015 07:44:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9016, Zeitstempel: 0x52a1d50f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00042089 ID des fehlerhaften Prozesses: 0x103c Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Vollständiger Name des fehlerhaften Pakets: PSIA.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSIA.exe5 Error: (05/02/2015 10:06:24 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (05/02/2015 08:39:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 37.0.2.5583 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d54 Startzeit: 01d080d431048807 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: b8b6a49b-f095-11e4-bf83-0c8bfd35a5dd Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/29/2015 00:40:32 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (04/26/2015 09:07:38 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. Error: (04/26/2015 07:52:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.9016, Zeitstempel: 0x52a1d50f Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f42c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00042089 ID des fehlerhaften Prozesses: 0x1cbc Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Vollständiger Name des fehlerhaften Pakets: PSIA.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSIA.exe5 Error: (04/26/2015 07:10:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00093524 ID des fehlerhaften Prozesses: 0x1638 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Vollständiger Name des fehlerhaften Pakets: PSIA.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSIA.exe5 Error: (04/26/2015 06:27:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Name des fehlerhaften Moduls: PSIA.exe, Version: 3.0.0.10004, Zeitstempel: 0x54784a82 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00093524 ID des fehlerhaften Prozesses: 0x10ec Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Vollständiger Name des fehlerhaften Pakets: PSIA.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSIA.exe5 Error: (04/25/2015 09:04:17 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Das Stammelement der Manifestdatei muss assembliert sein. System errors: ============= Error: (05/03/2015 00:20:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/03/2015 00:20:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (05/03/2015 00:02:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "Foxit Cloud Safe Update Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (05/02/2015 07:48:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (05/02/2015 07:48:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (05/02/2015 10:06:07 AM) (Source: DCOM) (EventID: 10010) (User: ideapad) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/02/2015 10:05:46 AM) (Source: DCOM) (EventID: 10010) (User: ideapad) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/02/2015 09:38:13 AM) (Source: DCOM) (EventID: 10010) (User: ideapad) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/02/2015 09:37:43 AM) (Source: DCOM) (EventID: 10010) (User: ideapad) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/02/2015 09:13:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Microsoft.BingFinance Microsoft Office Sessions: ========================= Error: (05/03/2015 00:07:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.3.9600.17736550f42c2c0000005000420b11c1801d085885bf59ff6C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\WINDOWS\SYSTEM32\ntdll.dll3c7cb315-f17c-11e4-bf85-0c8bfd35a5dd Error: (05/02/2015 07:44:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.3.9600.17736550f42c2c000000500042089103c01d084a6c6938cf0C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\WINDOWS\SYSTEM32\ntdll.dllf3a8414e-f0f2-11e4-bf84-0c8bfd35a5dd Error: (05/02/2015 10:06:24 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exec:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exe2 Error: (05/02/2015 08:39:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe37.0.2.55831d5401d080d4310488074294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exeb8b6a49b-f095-11e4-bf83-0c8bfd35a5dd Error: (04/29/2015 00:40:32 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exec:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exe2 Error: (04/26/2015 09:07:38 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exec:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exe2 Error: (04/26/2015 07:52:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.901652a1d50fntdll.dll6.3.9600.17736550f42c2c0000005000420891cbc01d08047cabd16bdC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\WINDOWS\SYSTEM32\ntdll.dllf1c43ea9-ec3c-11e4-bf83-0c8bfd35a5dd Error: (04/26/2015 07:10:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c000040900093524163801d080435259682cC:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe216943e5-ec37-11e4-bf83-0c8bfd35a5dd Error: (04/26/2015 06:27:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.1000454784a82PSIA.exe3.0.0.1000454784a82c00004090009352410ec01d0803d12b62dd1C:\Program Files (x86)\Secunia\PSI\PSIA.exeC:\Program Files (x86)\Secunia\PSI\PSIA.exe22affdd1-ec31-11e4-bf82-0c8bfd35a5dd Error: (04/25/2015 09:04:17 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: c:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exec:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exe2 CodeIntegrity Errors: =================================== Date: 2015-04-09 22:05:15.961 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-18 13:55:55.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-04 18:57:04.319 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-04 18:52:27.411 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-04 18:43:52.251 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-30 22:36:39.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-30 20:07:35.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-30 20:07:31.522 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-30 20:07:22.357 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-30 20:07:20.085 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz Percentage of memory in use: 64% Total physical RAM: 3816.27 MB Available physical RAM: 1358.4 MB Total Pagefile: 12008.27 MB Available Pagefile: 9455.18 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:425.86 GB) (Free:315.83 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F0F5D074) Partition: GPT Partition Type. ==================== End Of Log ============================