Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016 Ran by Benek (2016-04-27 18:08:37) Running from C:\Users\Benek\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-08-18 07:58:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4283902542-2360284776-3514817678-500 - Administrator - Disabled) Benek (S-1-5-21-4283902542-2360284776-3514817678-1001 - Administrator - Enabled) => C:\Users\Benek Guest (S-1-5-21-4283902542-2360284776-3514817678-501 - Limited - Disabled) UpdatusUser (S-1-5-21-4283902542-2360284776-3514817678-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1} AS: ESET NOD32 Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Lifecycle - Advisor (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\e2be55c958ea46a6) (Version: 5.10.3.0 - 360 Lifecycle - Advisor) 360 Lifecycle - Office (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\870e6bf340ce086c) (Version: 5.10.0.9 - 360 Lifecycle - Office) 64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics) ACDSee Pro 4 (HKLM-x32\...\{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}) (Version: 4.0.198 - ACD Systems International Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bullzip PDF Printer 10.23.0.2529 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.23.0.2529 - Bullzip) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.55 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.55 - Dell Inc.) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Stage (HKLM-x32\...\{39901B4C-E954-4471-ADAB-E786AEE326D1}) (Version: 1.5.420.0 - Fingertapps) Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.) Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden Dell System Detect (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell) Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden EaseUS Partition Master 10.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EaseUS Todo Backup Free 9.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.0 - CHENGDU YIWO Tech Development Co., Ltd) ESET NOD32 Antivirus (HKLM\...\{E7D11277-E904-4AC4-BE02-6120430EE002}) (Version: 5.0.93.7 - ESET, spol. s r.o.) Exweb v6.0 (HKLM-x32\...\Exweb v6.0) (Version: 6.0 - The Exchange) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) ffdshow x64 v1.2.4486 [2012-08-25] (HKLM\...\ffdshow64_is1) (Version: 1.2.4486.0 - ) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: - ) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIology Live v9.683 (HKLM-x32\...\PremierBuilder - Test Insurer - Legal & General GIology) (Version: - ) goal viewer (offline) Trigold Edition (HKLM-x32\...\{9A7696A1-20C2-4909-9069-B564D0FD1C8D}) (Version: 1.07.0116 - Focus Business Solutions) Google Chrome (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HPLJDXPHelper (x32 Version: 140.069.007 - HP) Hidden HPLJUTCore (x32 Version: 014.000.0001 - HP) Hidden hppFaxDrvM375M475 (x32 Version: 004.000.00001 - Hewlett-Packard) Hidden hppLaserJetService (x32 Version: 009.033.00926 - Hewlett-Packard) Hidden hppM375_M475LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden hppSendFaxM375M475 (x32 Version: 004.000.00001 - Hewlett-Packard) Hidden hppToolboxProxyM375 (x32 Version: 035.024.006 - HP) Hidden hpStatusAlerts (x32 Version: 140.040.00231 - Hewlett Packard) Hidden hpStatusAlertsM375_M475 (x32 Version: 050.034.0131 - Hewlett-Packard) Hidden iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) Infix 4.22 (HKLM-x32\...\43442AE9-6512-4392-B5DD-9167BECD1114_is1) (Version: - Iceni Technology) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel) Intrinsic - AMS (Advisor) (HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\b6e25cb752ab8615) (Version: 5.6.1.3 - Intrinsic) Intrinsic iPoS (HKLM-x32\...\Intrinsic iPoS) (Version: 2.0 - Intrinsic Financial Services) Intrinsic iPoS (Version: 2.0 - N4 Solutions) Hidden iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation) Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - ) KONICA MINOLTA bizhub C10 (HKLM\...\KONICA MINOLTA bizhub C10) (Version: - ) KONICA MINOLTA bizhub C10 Scanner (HKLM-x32\...\InstallShield_{C0299981-70D8-4601-9A29-70E76FE378EA}) (Version: - ) KONICA MINOLTA bizhub C10 Scanner (Version: 1.10.0000 - KONICA MINOLTA) Hidden LinkMagic for bizhub C10 (HKLM-x32\...\{507A9E3A-579D-49B1-B4AF-BD9239373A53}) (Version: 1.00.0000 - Konica Minolta) LJDXPHelperUI (x32 Version: 140.069.007 - HP) Hidden Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Meeting 2007 (HKLM-x32\...\{BCC7E198-1D10-4B55-956E-550A196F8056}) (Version: 8.0.6362.190 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Might & Magic Heroes VI (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft) MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyTomTom 3.2.0.700 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.700 - TomTom) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.) NVIDIA 3D Vision Driver 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.30 - NVIDIA Corporation) NVIDIA Graphics Driver 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.30 - NVIDIA Corporation) PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Plantronics MyHeadset Updater (x64) (HKLM\...\{D85873EE-09C9-4E3D-BC2E-F8DCE2F79ADD}) (Version: 2.8.26503.0 - Plantronics, Inc.) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Prospector (HKLM-x32\...\{3F9AF09C-16A3-4626-B6B9-9066A583A8E7}) (Version: 7.8.0 - TrigoldCrystal) Prospector Registry Tool (HKLM-x32\...\{F284DBF4-F667-42ED-AC98-631FA94A3198}) (Version: 2.0.6 - Trigold) Protection Analysis Tool 1.01 (HKLM-x32\...\{417997B3-0431-4105-BD5D-BCF02FF82902}_is1) (Version: 1.01 - Intrinsic Financial Services Ltd) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Radialpoint Dashboard Patch version 13.12.23.29994 (x32 Version: 13.12.23.29994 - ) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Reservationless-Plus VoIP (HKLM-x32\...\{3B0F8FB9-583E-4EC7-8A84-E531A8D3F778}) (Version: 5.14.04.009 - InterCall, Inc.) Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated) TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) ToolboxProxy (x32 Version: 035.024.006 - HP) Hidden Trojan Killer (HKLM-x32\...\GridinSoft Trojan Killer) (Version: 2.2.0.0 - Gridinsoft LLC) TRSoap (HKLM-x32\...\{F617063F-6149-42AD-A0BB-C98D4F04F77B}) (Version: 1.00.0000 - Trigold) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VCDS Beta 11.2.0 (HKLM-x32\...\VCDS Beta 11.2) (Version: 11.2.0 - Ross-Tech) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden Virgin Money Online (HKLM-x32\...\{EBCB1BBC-17F4-4B69-B646-9CB224026276}) (Version: 6.9.0.1 - iMeta Technologies) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WF-Mag dla Windows (HKLM-x32\...\{0645CA0B-6C94-4DC4-9E8C-902D8A677001}) (Version: 7.60.8 - Asseco Business Solutions S.A.) Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.01 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) Worksmart V8 HTTP (HKLM-x32\...\Worksmart V8 HTTP) (Version: - ) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Benek\AppData\Local\Citrix\GoToMeeting\4670\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Benek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {001D24E9-9A75-4EE0-9767-275F5E6F08C0} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] () Task: {0E722E09-9EAB-4023-AA93-3E438444B6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {188BD2C5-251A-4115-A693-E44ACC62FBB4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {25D740D7-E0C4-4A4B-9C0C-B0DD41093EBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {2CA3AA32-1655-444C-82BF-46973EE130DF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {36C8C77E-9B4A-4F09-B386-6C621C35E4AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {44EED4D0-C7AC-48B4-9670-8D416EF6AE5B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {4E262D86-B579-46C3-92EB-92B7914BA496} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {5B4F415E-E639-4CE9-924F-0C5660EBC15F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.) Task: {612AE60B-83DE-401B-99F0-A05B00F9375B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001UA => C:\Users\Benek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {792D62B2-9C24-40D0-9EBC-54DDE58BF39B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-11] (Adobe Systems Incorporated) Task: {7FB352B9-A46B-41AB-937B-2AAEDF8930D5} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.0\upgrade.exe [2016-04-18] (ESET) Task: {8CB61CC0-6F37-4ACD-B01E-0676C6EE1823} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.) Task: {92F12452-D28B-4066-B9C6-7A7ADCD8780C} - System32\Tasks\{217ED4D3-F4A1-4BDB-B633-1350AEFB98CA} => pcalua.exe -a "C:\Desktop\Dokumenty firmowe\MPC2500\GlobalScan NX\setup.exe" -d "C:\Desktop\Dokumenty firmowe\MPC2500\GlobalScan NX" Task: {94C10FA5-CFE6-42BC-8683-0A349F6935F3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001Core => C:\Users\Benek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-20] (Facebook Inc.) Task: {9E52BFD8-DDC8-4E37-A637-9CD068A2F05F} - System32\Tasks\G2MUploadTask-S-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Users\Benek\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: {9E704DC6-4349-4475-8345-876A793501E4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001UA => C:\Users\Benek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-20] (Facebook Inc.) Task: {ACB57F01-9FFC-49A9-A6EB-28357D7567A1} - System32\Tasks\G2MUpdateTask-S-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Users\Benek\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: {AFBAEE3B-3C12-4109-90C7-75C23BDC9B8F} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-19] (Hewlett Packard) Task: {C394AA83-9808-4E53-B558-733B255D0B3C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.) Task: {D8D8544D-19C5-4CF3-94E9-1C2C0A2AD091} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4283902542-2360284776-3514817678-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.) Task: {DFCEE79D-740A-4136-A25F-F649035639DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {E38E989E-80FA-41FE-BCC3-AE10A8285AAD} - System32\Tasks\{E37B610E-1D44-45A1-BC9F-80788BACA6FC} => pcalua.exe -a "C:\ProgramData\Legal & General GIology\_Update\Update962\SetUp.exe" -d "C:\ProgramData\Legal & General GIology\_Update\Update962\" -c /s Task: {F9ED11D6-2DD1-47BF-A9F3-7CB5B3A8D808} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.) Task: {FC7496CC-729B-47C3-9841-2B6BBC59FC6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001Core => C:\Users\Benek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001Core.job => C:\Users\Benek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001UA.job => C:\Users\Benek\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4283902542-2360284776-3514817678-1001.job => C:\Users\Benek\AppData\Local\Citrix\GoToMeeting\4800\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4283902542-2360284776-3514817678-1001.job => C:\Users\Benek\AppData\Local\Citrix\GoToMeeting\4800\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001Core.job => C:\Users\Benek\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4283902542-2360284776-3514817678-1001UA.job => C:\Users\Benek\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2015-01-06 08:54 - 2012-08-31 16:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL 2015-01-06 08:58 - 2012-08-31 16:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-12-21 00:46 - 2015-12-10 07:14 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2011-08-18 21:44 - 2011-08-18 21:44 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe 2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2011-08-10 15:47 - 2011-05-16 16:33 - 02748736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2011-08-10 16:55 - 2011-03-07 21:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-08-10 15:37 - 2010-12-17 16:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-05-30 10:30 - 2011-05-30 10:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe 2014-10-29 20:06 - 2014-10-29 20:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe 2015-07-10 21:56 - 2014-02-13 15:37 - 00254024 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe 2015-12-21 00:46 - 2015-12-10 07:04 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00165928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00018984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2015-12-21 00:46 - 2015-12-10 07:04 - 00224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2014-06-25 10:28 - 2015-02-23 11:44 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll 2015-10-13 06:46 - 2015-10-13 06:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 06:45 - 2015-10-13 06:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2011-05-30 10:25 - 2011-05-30 10:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll 2011-05-30 10:25 - 2011-05-30 10:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll 2014-10-29 20:01 - 2014-10-29 20:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll 2015-07-10 21:56 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\traynet.dll 2015-07-10 21:56 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\libcurl.dll 2015-07-10 21:56 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\zlib1.dll 2015-07-10 21:56 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\uexper.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2016-04-12 12:38 - 2016-04-06 11:04 - 01675928 _____ () C:\Users\Benek\AppData\Local\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-12 12:38 - 2016-04-06 11:04 - 00086168 _____ () C:\Users\Benek\AppData\Local\Google\Chrome\Application\49.0.2623.112\libegl.dll 2016-04-11 11:48 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Benek\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4283902542-2360284776-3514817678-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Benek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RT-Updater.lnk => C:\Windows\pss\RT-Updater.lnk.Startup MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5E41731E-A295-4D99-8E18-D0743D54D150}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{89B454EF-B4E7-4696-B6B1-463A7B1221AB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{B5FCA5E1-5BFD-47E3-B8C0-DEEA99BD3EDE}] => (Allow) LPort=9700 FirewallRules: [{EAB804ED-204C-42A1-A49A-428054032A13}] => (Allow) LPort=9701 FirewallRules: [{997FBB6A-9C4A-4DC2-B5DB-C938A8591C0C}] => (Allow) LPort=9702 FirewallRules: [{F1237200-6C3E-4DB7-8932-1B3FFAAA945C}] => (Allow) LPort=9700 FirewallRules: [{D4E65329-FEEF-40F4-A988-0222BFACDDDD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{69757BDC-7AD7-4724-A99D-65F432DCDB87}] => (Allow) LPort=2869 FirewallRules: [{9D4DFFBB-BADF-4C78-9820-DE4414E685A0}] => (Allow) LPort=1900 FirewallRules: [{80F5057A-B7DE-4AB8-A707-52587853E417}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F5C54177-7E95-4B2E-A2D6-FD2D10329D33}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{7613FE08-581D-4807-80B8-4CDB7EDBC9AD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{D825DDE9-878B-47AA-BBCE-2DB40160738F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{B9F256D3-84CE-438D-82B7-3B519E446E62}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe FirewallRules: [{8E66A0D6-9309-42C3-854D-8647936CA66C}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe FirewallRules: [{0FBE233F-A2B6-4A74-A191-8BE5E5E6791F}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe FirewallRules: [TCP Query User{620B698C-151B-42E0-9593-DBEE1A758175}C:\users\benek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\benek\appdata\local\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{585030FC-A9BB-4B29-A957-8B6A569467CE}C:\users\benek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\benek\appdata\local\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{1B43BFB6-D34D-49F7-809D-02BD557DE395}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [UDP Query User{E22F2D58-83F9-49D5-B2A2-75FCA8F626DC}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe FirewallRules: [{99BC3D0D-2E8A-4F36-A764-A911747F961B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CDF3EB3A-9CB4-45CE-885C-7BEE81F104DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF89574A-C3F4-45A6-99FA-40C8B1FF7CDB}] => (Allow) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe FirewallRules: [{3DC830A2-523F-4D35-BFE2-7C2A53975979}] => (Allow) C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe FirewallRules: [{F111FE54-AABF-48AC-AF3E-78ADC7C0DEA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe FirewallRules: [{90D1DFD2-4BBA-4B45-945E-5E81DB0EA768}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe FirewallRules: [{654F9248-ED8A-4311-8790-5CC9F6807E12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [{BE4B37B9-59A1-4442-9407-A24FA90017A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe FirewallRules: [{E9A43BB6-71E2-461C-BE0A-E79DFEFB3BFD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{09882C62-AF79-4650-A276-744998D69475}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe FirewallRules: [{5DA26A33-B94D-4894-A2A1-47CEE5EF7C21}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{CADAC609-DBE0-4C03-B0F4-C50CEA876B44}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe FirewallRules: [{94EEA1D6-0BB8-41BD-9B1A-A408D62DC102}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{E8716C93-4431-4BD8-AAEF-77BF0713F145}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{87B85BAA-D9DD-4E5E-A65A-4A7ACB75355A}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [{B9632551-453C-41BB-A958-3C4E210B0A60}] => (Allow) C:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe FirewallRules: [TCP Query User{06DD81E2-DA56-49AE-9855-EAAF03B81864}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe] => (Allow) C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe FirewallRules: [UDP Query User{BAF2CCE0-85CA-4F9F-BB2C-CA947F1D9F84}C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe] => (Allow) C:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe FirewallRules: [{9F560C60-4763-4B3C-A470-AE913ED79B8E}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore10\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{D02EAE00-406F-4829-99F8-C413E1FABE2B}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore10\Nero Blu-ray Player\Blu-rayPlayer.exe FirewallRules: [{7D84F49C-2118-4AE3-AA17-F0ED67D7B17E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [{0AFFC3FF-B822-4E46-B02B-FCCEC1C8DA7F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2045\Agent.exe FirewallRules: [TCP Query User{8333C721-07CC-4F53-896A-F9AB15A593DD}C:\users\benek\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\benek\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{B64D18D8-1E7D-4754-BD79-9E0DEEF7742C}C:\users\benek\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\benek\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [{CC65B6C7-4DEA-47CC-9F72-1731DC48800C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AC54C1ED-A01D-474C-8A79-C9FAA8A78B1C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe FirewallRules: [{5884EFCF-71A5-4967-AFC2-FC5787B91921}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe FirewallRules: [TCP Query User{EDA4945B-AA5F-47FE-9520-92B309DCE365}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [UDP Query User{B83AD5CE-BA2F-479E-B76C-A35AB6F91110}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe FirewallRules: [{FAAEAFB1-7826-4DB5-8CE9-FD7A176D18B1}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe FirewallRules: [TCP Query User{5F08393A-E15E-4404-B4FF-25C329EF8B69}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [UDP Query User{4C1134BD-CC8F-4F9B-925A-5073FCEA7864}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [TCP Query User{811FFDEE-70DC-47CD-933A-94AF83F65ABD}C:\users\benek\appdata\roaming\reservationless-plus voip\rpvoip.exe] => (Allow) C:\users\benek\appdata\roaming\reservationless-plus voip\rpvoip.exe FirewallRules: [UDP Query User{881A1D84-292E-459C-B5B7-58211AF808FD}C:\users\benek\appdata\roaming\reservationless-plus voip\rpvoip.exe] => (Allow) C:\users\benek\appdata\roaming\reservationless-plus voip\rpvoip.exe FirewallRules: [{ACF589E4-5EE4-4B61-B5D4-625F16D3FC94}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{7908C821-43DA-4CD0-B56D-DE9C045EFD70}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{A6ADC729-ADB2-4459-A352-A76203269B81}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{433AA487-1D22-40DE-BC8B-F43B99E97F69}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{7FFC57A5-0C47-4B87-A0B2-EB98635EE6E7}] => (Allow) C:\Users\Benek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [TCP Query User{190695A1-93DB-406A-BF25-FA30853DD679}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [UDP Query User{0F520B1B-ECED-4981-9B2B-3218892A1979}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [TCP Query User{EC667CC8-0009-42C0-B7D4-CE09A8020D70}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [UDP Query User{AF675BDA-23CC-4BED-A03C-491539ED76A9}C:\program files\foxit software\pdf editor\pdfedit.exe] => (Allow) C:\program files\foxit software\pdf editor\pdfedit.exe FirewallRules: [{6A2F9DA0-7013-42B6-8F37-A55E9F3CA1C0}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{4C5C3628-8511-402F-BE46-1D8FF2DA83CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EC3C260E-7938-4326-9D69-8CB19E9992A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5298415B-9656-494E-B996-9A3FD75F2754}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6704661B-DD20-4710-9DE0-F8BDF34DC9D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{C0384832-312F-4302-98BA-27D92CFF28A8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{FD452746-6B18-483A-BA1C-0FAA19304E97}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{B004CF4A-5E2A-42A5-AA13-EDEEE4976B4A}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{396F1A2F-20B4-409F-8749-46A9A0893686}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{602405D0-A4A3-4976-84FC-D936E2FB6A83}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{7DD190FD-6979-412B-8813-25F9F9A633D8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{F73518D5-1C98-4D24-A909-FA4AE36BE7EE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{413EA4A3-6D65-4974-9236-DFA25F0F305F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{2B978CC9-FA79-4DEA-B76F-893F7E2E2A2B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{844F2602-E772-41EB-994C-FC0DF67E9578}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{315AFE97-0F6E-4C3D-8C48-6AB140906F76}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{8A434EF2-90E8-43EE-BEB0-6A57A2D01CB7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{C536BFBE-503F-4599-9EED-AEC6EFF2FAE4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{73262C4F-7BFA-48CC-80BE-C736DAFF32CA}] => (Allow) C:\HP_SI_9D1DE902-8058-4555-A16A-FBFAA49587DB\7zS443B\Installer\hpbcsiInstaller.exe FirewallRules: [{6D2DFAC4-A73E-431A-B30F-7C1450FD797E}] => (Allow) C:\HP_SI_9D1DE902-8058-4555-A16A-FBFAA49587DB\7zS443B\Installer\hpbcsiInstaller.exe FirewallRules: [{55B10506-82DB-4620-A0D9-F3B19A5F0043}] => (Allow) C:\HP_SI_9D1DE902-8058-4555-A16A-FBFAA49587DB\7zS520B\Installer\hpbcsiInstaller.exe FirewallRules: [{BB806496-E878-48CF-9C28-F4B3F595A910}] => (Allow) C:\HP_SI_9D1DE902-8058-4555-A16A-FBFAA49587DB\7zS520B\Installer\hpbcsiInstaller.exe FirewallRules: [{EEA079D5-01C8-4791-A769-A0C9C7551204}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ==================== Restore Points ========================= 26-04-2016 09:36:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/27/2016 04:36:02 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. The process cannot access the file 'C:\Users\Benek\AppData\local\softthinks\scheduler.xml' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver) at System.Threading.CompressedStack.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state) at System.Xml.XmlTextReaderImpl.OpenUrl() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Toaster.SchedulerReader.read() at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow() at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers) at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e) at System.Windows.Threading.DispatcherTimer.FireTick(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) Error: (04/27/2016 04:35:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb30d1 Exception code: 0xc06d007e Fault offset: 0x0000c54f Faulting process id: 0x4d4 Faulting application start time: 0xMobileMeServices.exe0 Faulting application path: MobileMeServices.exe1 Faulting module path: MobileMeServices.exe2 Report Id: MobileMeServices.exe3 Error: (04/27/2016 04:33:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb30d1 Exception code: 0xc06d007e Fault offset: 0x0000c54f Faulting process id: 0x1dd0 Faulting application start time: 0xMobileMeServices.exe0 Faulting application path: MobileMeServices.exe1 Faulting module path: MobileMeServices.exe2 Report Id: MobileMeServices.exe3 Error: (04/27/2016 04:30:16 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/27/2016 03:30:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb30d1 Exception code: 0xc06d007e Fault offset: 0x0000c54f Faulting process id: 0x21bc Faulting application start time: 0xMobileMeServices.exe0 Faulting application path: MobileMeServices.exe1 Faulting module path: MobileMeServices.exe2 Report Id: MobileMeServices.exe3 Error: (04/27/2016 03:30:25 PM) (Source: TOASTER.EXE) (EventID: 0) (User: ) Description: An Unhandled Exception occured. The process cannot access the file 'C:\Users\Benek\AppData\local\softthinks\scheduler.xml' because it is being used by another process. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize) at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver) at System.Threading.CompressedStack.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state) at System.Xml.XmlTextReaderImpl.OpenUrl() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.XmlDocument.Load(XmlReader reader) at System.Xml.XmlDocument.Load(String filename) at Toaster.SchedulerReader.read() at Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow() at Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() at Toaster.Helper.CheckReminders(ObservableCollection`1 notificationHelpers) at Toaster.MainWindowViewModel.NotificationsTimerTick(Object sender, EventArgs e) at System.Windows.Threading.DispatcherTimer.FireTick(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) Error: (04/27/2016 03:29:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MobileMeServices.exe, version: 1.6.65.0, time stamp: 0x4cafa71a Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb30d1 Exception code: 0xc06d007e Fault offset: 0x0000c54f Faulting process id: 0x22b8 Faulting application start time: 0xMobileMeServices.exe0 Faulting application path: MobileMeServices.exe1 Faulting module path: MobileMeServices.exe2 Report Id: MobileMeServices.exe3 Error: (04/27/2016 03:25:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/27/2016 12:23:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 6.1.7601.19135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2b7c Start Time: 01d1a060441e9040 Termination Time: 15 Application Path: C:\Windows\explorer.exe Report Id: 6afbf0c2-0c6a-11e6-949e-14feb5bef939 Error: (04/27/2016 10:04:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 System errors: ============= Error: (04/27/2016 04:39:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (04/27/2016 04:37:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. Error: (04/27/2016 04:35:49 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B} Error: (04/27/2016 04:34:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The NVIDIA Update Service Daemon service hung on starting. Error: (04/27/2016 04:29:05 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000050 (0xfffff9804f300000, 0x0000000000000000, 0xfffff8800123bcda, 0x0000000000000000)C:\Windows\MEMORY.DMP042716-20997-01 Error: (04/27/2016 04:29:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 16:27:33 on ‎27/‎04/‎2016 was unexpected. Error: (04/27/2016 03:33:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (04/27/2016 03:30:23 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B} Error: (04/27/2016 03:30:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The NVIDIA Update Service Daemon service hung on starting. Error: (04/27/2016 03:25:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. CodeIntegrity: =================================== Date: 2015-11-19 10:14:34.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.0\upgrade.exe because the set of per-page image hashes could not be found on the system. Date: 2015-11-12 11:11:33.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\AV\ESET NOD32 Antivirus 5.0\upgrade.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 84% Total physical RAM: 8086.17 MB Available physical RAM: 1268.78 MB Total Virtual: 16170.52 MB Available Virtual: 8434.41 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:159.72 GB) NTFS Drive e: (Expansion Drive) (Fixed) (Total:1397.26 GB) (Free:1113.21 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.06 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1397.3 GB) (Disk ID: 5B6BCECD) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================