New pooface.exe + other 'fun' trojans...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

juicedmaster

Thread Starter
Joined
Apr 5, 2016
Messages
1
so for a short while now, not sure how long...
...AVG has been repeatedly flagging trojans in my TEMP folder, one in particular being 'pooface.exe'.
whenever AVG 'resolves' pooface, it just pops up again later or the next day. Ive even gone into its folder and shredded it with avg a few times.

My computer is still running but is refusing to do certain tasks.
Like: the other day the display failed all together, i had to take out the PCI graphics card and do a whole load of restarts trying to get it to run through VGA, now i got the display back on with the graphics card but...
...eplorer.exe crashes and restarts when i try adjust advanced resolution settings...
...when i try to update 'catalyst control center' i get appcrash...
... flash crashes whenever i try to watch on certain sites...

a little while ago i had to disable windows themes to save memory as 'something' was chewing it all up, i think it was 'svchost.exe'.

Ive virus/malware scanned, run registry cleaner, gone through CMD doing attrib commands through system folders looking for and deleting SHR files. still being stubborn.

and recently AVG is closing/crashing with 'unspecified error in avgui.exe'

-----------------------------------------------------------------------------------
Anyways...
here is my PC info:
-----------------------------------------------------------------------------------


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Harley (administrator) on HARLEY-PC (05-04-2016 22:55:35)
Running from C:\Users\Harley\Downloads
Loaded Profiles: Harley (Available Profiles: Harley & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Gold Click Ltd) C:\Users\Harley\AppData\Roaming\ProxyGate\Cloud.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Gold Click Ltd) C:\Users\Harley\AppData\Roaming\ProxyGate\PGChk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3037296 2011-05-06] (VIA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3795880 2016-02-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2510784 2015-05-16] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\Run: [Ofxics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Harley\AppData\Local\Oqjdics\Vuxdevkit.dll
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\Run: [ProxyGate] => C:\Users\Harley\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd)
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\MountPoints2: {2a7368d2-28c9-11e5-b810-20cf3013944b} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-25370038-3188104783-553490557-1000] => 127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2E561520-4102-48C3-B357-C5D79C5008E4}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-25370038-3188104783-553490557-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com?cid={22728E93-0387-4410-9BC7-4CE1E01DB2CF}&mid=62c7c87aec1547d28233f18676f77db8-48fb00981f74337cb5d7e04c16cab7e4a4135ee0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-04-18 22:10:22&v=18.5.0.909&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-25370038-3188104783-553490557-1000 -> DefaultScope {80D4F6F9-37EB-4C22-87A0-D070866B79FA} URL =
SearchScopes: HKU\S-1-5-21-25370038-3188104783-553490557-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={22728E93-0387-4410-9BC7-4CE1E01DB2CF}&mid=62c7c87aec1547d28233f18676f77db8-48fb00981f74337cb5d7e04c16cab7e4a4135ee0&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2014-04-18 22:10:22&v=18.3.0.879&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-16] (AVG Secure Search)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-06-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll [2015-05-16] (AVG Secure Search)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-25370038-3188104783-553490557-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-25370038-3188104783-553490557-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-16] (AVG Secure Search)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-05-28] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-05-28] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2014-05-28] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2014-05-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\pf506yb8.default
FF Homepage: hxxps://www.google.co.uk/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-02-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\pf506yb8.default\searchplugins\avg-secure-search.xml [2015-05-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-05-16]
FF Extension: British English Dictionary (Updated) - C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\pf506yb8.default\Extensions\[email protected] [2015-01-06] [not signed]
FF Extension: English (GB) Language Pack - C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\pf506yb8.default\Extensions\[email protected] [2016-03-20]
FF Extension: Adblock Plus - C:\Users\Harley\AppData\Roaming\Mozilla\Firefox\Profiles\pf506yb8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909 [2015-05-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-19] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3646888 2016-02-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2016-02-04] (AVG Technologies CZ, s.r.o.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-03-29] (VIA Technologies, Inc.)
S4 vToolbarUpdater18.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\ToolbarUpdater.exe [1812416 2015-05-16] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 AtiDCM; C:\AMD\AMD-Catalyst-15.7.1-With-DOTNet45-Win7-64bit\Bin64\atdcm64a.sys [33992 2015-08-04] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2014-04-27] (Windows (R) Codename Longhorn DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-04-02] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
S3 sparkocam; C:\Windows\System32\DRIVERS\sparkocam.sys [36176 2015-12-21] (Sparkosoft)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows (R) Win 7 DDK provider)
S2 AODDriver4.2; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 22:55 - 2016-04-05 22:55 - 02374144 _____ (Farbar) C:\Users\Harley\Downloads\FRST64.exe
2016-04-05 22:55 - 2016-04-05 22:55 - 00017315 _____ C:\Users\Harley\Downloads\FRST.txt
2016-04-05 22:55 - 2016-04-05 22:55 - 00000000 ____D C:\FRST
2016-04-05 22:26 - 2016-04-05 22:27 - 00000000 ____D C:\Users\Harley\Documents\RegBackup
2016-04-05 22:25 - 2016-04-05 22:25 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-05 22:24 - 2016-04-05 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-05 22:24 - 2016-04-05 22:25 - 00000000 ____D C:\Program Files\CCleaner
2016-04-05 22:24 - 2016-04-05 22:24 - 06868672 _____ (Piriform Ltd) C:\Users\Harley\Downloads\ccsetup516.exe
2016-04-05 03:29 - 2016-04-05 03:29 - 00000000 ____D C:\Users\Harley\AppData\Roaming\ProxyGate
2016-04-04 21:18 - 2016-04-04 21:18 - 00050293 _____ C:\Users\Harley\AppData\Roaming\GB-V
2016-04-04 21:18 - 2016-04-04 21:18 - 00001527 _____ C:\Users\Harley\AppData\Roaming\PutQuadratHymnSpaGrisaille
2016-04-04 20:45 - 2016-04-04 20:45 - 00079360 _____ (Intel Corporation) C:\Users\Harley\AppData\Roaming\dressmaking.dll
2016-04-04 03:36 - 2016-04-04 03:39 - 300806184 _____ (AMD Inc.) C:\Users\Harley\Downloads\amd-catalyst-15.7.1-with-dotnet45-win7-64bit.exe
2016-04-04 03:11 - 2016-04-04 03:11 - 12949008 _____ (AMD Inc.) C:\Users\Harley\Downloads\radeon-crimson-16.3.2-minimalsetup_web.exe
2016-04-03 19:01 - 2016-04-03 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Downloader
2016-04-03 19:01 - 2016-04-03 19:01 - 00000000 ____D C:\Program Files (x86)\YTD Downloader
2016-03-27 03:59 - 2016-04-02 01:15 - 00000000 ____D C:\Users\Harley\Documents\Flight Simulator Files
2016-03-27 03:48 - 2016-03-27 03:48 - 00002247 _____ C:\Users\Public\Desktop\Microsoft Flight Simulator 2004 - A Century of Flight.lnk
2016-03-27 03:48 - 2016-03-27 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Flight Simulator 2004 - A Century of Flight
2016-03-27 03:40 - 2016-03-27 03:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Flight Simulator 2004 - A Century of Flight
2016-03-27 03:31 - 2016-03-27 03:31 - 00000000 ____D C:\Users\Harley\AppData\LocalLow\BitTorrent
2016-03-24 13:33 - 2016-03-24 13:33 - 00049951 _____ C:\Users\Harley\AppData\Roaming\Version.txt
2016-03-24 13:33 - 2016-03-24 13:33 - 00001465 _____ C:\Users\Harley\AppData\Roaming\DikdikCragSaponite
2016-03-22 23:36 - 2016-03-22 23:36 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-22 23:36 - 2016-03-22 23:36 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-22 23:35 - 2016-03-22 23:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-21 15:23 - 2016-03-21 15:23 - 00049780 _____ C:\Users\Harley\AppData\Roaming\g3_11 x 14 in 300 dpi.IMZ
2016-03-21 15:23 - 2016-03-21 15:23 - 00001521 _____ C:\Users\Harley\AppData\Roaming\CangueDouseHypoxia
2016-03-20 21:32 - 2016-03-21 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 15:41 - 2016-03-18 15:43 - 138564975 _____ C:\Users\Harley\Downloads\StemCreator_Installer.zip
2016-03-16 22:13 - 2016-03-16 22:13 - 00049929 _____ C:\Users\Harley\AppData\Roaming\toc.line.properties.xml
2016-03-16 22:13 - 2016-03-16 22:13 - 00001896 _____ C:\Users\Harley\AppData\Roaming\MuskoneDutch
2016-03-08 23:12 - 2016-03-18 17:57 - 00231324 _____ C:\Users\Harley\Bels dance.csh
2016-03-08 19:31 - 2016-03-18 17:57 - 02490322 _____ C:\Users\Harley\Bels dance.cpr
2016-03-08 16:06 - 2016-03-18 15:37 - 02490322 _____ C:\Users\Harley\Bels dance.bak
2016-03-08 16:06 - 2016-03-17 23:01 - 02489347 _____ C:\Users\Harley\Bels dance-02.bak
2016-03-08 16:06 - 2016-03-17 22:44 - 02487780 _____ C:\Users\Harley\Bels dance-03.bak
2016-03-08 16:06 - 2016-03-17 22:29 - 02477473 _____ C:\Users\Harley\Bels dance-04.bak
2016-03-08 16:06 - 2016-03-17 22:14 - 02453189 _____ C:\Users\Harley\Bels dance-05.bak
2016-03-08 16:06 - 2016-03-17 21:59 - 01394546 _____ C:\Users\Harley\Bels dance-06.bak
2016-03-08 16:06 - 2016-03-17 21:44 - 01394468 _____ C:\Users\Harley\Bels dance-07.bak
2016-03-08 16:06 - 2016-03-17 21:27 - 01386562 _____ C:\Users\Harley\Bels dance-08.bak
2016-03-08 16:06 - 2016-03-17 21:12 - 01386752 _____ C:\Users\Harley\Bels dance-09.bak
2016-03-08 16:06 - 2016-03-08 23:38 - 01350822 _____ C:\Users\Harley\Bels dance-10.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 22:45 - 2015-02-27 18:20 - 00000426 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0215tb_rmv.job
2016-04-05 22:45 - 2015-02-27 18:20 - 00000378 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0215tb_rel.job
2016-04-05 22:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-05 22:44 - 2009-07-14 05:45 - 00027520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 22:44 - 2009-07-14 05:45 - 00027520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-05 22:42 - 2014-08-08 18:41 - 00000000 ____D C:\Users\Harley\AppData\Roaming\Vso
2016-04-05 22:42 - 2014-08-08 18:41 - 00000000 ____D C:\ProgramData\VSO
2016-04-05 22:42 - 2014-04-26 02:49 - 00000000 ____D C:\Users\Harley\AppData\Roaming\Sony
2016-04-05 22:42 - 2014-04-05 08:09 - 00000000 ____D C:\Users\Harley\AppData\Roaming\BitTorrent
2016-04-05 22:42 - 2014-04-02 01:44 - 00000000 ____D C:\Windows\Minidump
2016-04-05 22:42 - 2014-04-01 05:53 - 00000000 ____D C:\Windows\Panther
2016-04-05 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-05 22:00 - 2014-04-02 01:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-05 20:58 - 2016-02-29 07:29 - 00000000 ____D C:\Users\Harley\AppData\Local\Oqjdics
2016-04-05 16:53 - 2014-04-02 03:33 - 00000000 ____D C:\ProgramData\MFAData
2016-04-05 02:00 - 2014-08-26 02:00 - 00000000 ____D C:\Users\Harley\AppData\Local\Adobe
2016-04-04 19:24 - 2014-04-02 01:19 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-04 19:24 - 2014-04-02 01:19 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 19:24 - 2014-04-02 01:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-04 16:26 - 2009-07-14 06:13 - 00797324 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-04 03:40 - 2014-06-25 17:17 - 00000000 ____D C:\AMD
2016-04-04 03:15 - 2014-06-25 17:28 - 00000000 ____D C:\Program Files\AMD
2016-04-04 03:06 - 2014-10-18 02:04 - 00000000 ____D C:\Users\Harley\AppData\Local\Avg2015
2016-04-04 02:50 - 2014-04-27 16:09 - 00000031 _____ C:\Windows\system32\bbcap.err
2016-04-04 02:22 - 2014-04-05 11:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-04 01:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-27 20:10 - 2014-12-31 18:32 - 00000000 ____D C:\Users\Harley\Audio
2016-03-27 20:10 - 2014-03-31 21:00 - 00000000 ____D C:\Users\Harley
2016-03-27 03:59 - 2016-02-18 17:56 - 00000000 ____D C:\Users\Harley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-27 03:57 - 2015-01-31 00:59 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-03-23 17:02 - 2014-09-25 12:58 - 00000000 ____D C:\Program Files (x86)\VDownloader
2016-03-23 16:57 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-23 16:47 - 2014-10-31 23:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-23 16:45 - 2014-05-21 06:16 - 00000000 ____D C:\ProgramData\Apple
2016-03-23 01:33 - 2014-05-17 12:10 - 00000000 ____D C:\Users\Harley\Documents\CVs
2016-03-22 23:35 - 2014-04-08 12:33 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-21 23:18 - 2016-01-25 00:12 - 00007611 _____ C:\Users\Harley\AppData\Local\Resmon.ResmonCfg
2016-03-21 21:18 - 2014-04-02 03:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 21:15 - 2014-04-25 19:07 - 00000000 ____D C:\Users\Harley\Desktop\~Microsoft Office Professional Plus 2013 Volume (32 Bit + 64 Bit) Integrated March 2013 + Activator
2016-03-17 22:05 - 2015-01-18 20:27 - 00000000 ____D C:\Users\Harley\Images
2016-03-17 22:04 - 2014-04-05 12:21 - 00000000 ____D C:\Users\Harley\AppData\Roaming\vlc
2016-03-17 20:51 - 2016-02-25 01:56 - 00000000 ____D C:\Program Files\Rockstar Games
2016-03-17 20:51 - 2016-02-25 01:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-03-09 01:26 - 2014-04-28 22:53 - 00000000 ____D C:\Users\Harley\AppData\Roaming\Skype
2016-03-08 23:31 - 2015-02-06 21:13 - 00000000 ____D C:\Users\Harley\Edits

==================== Files in the root of some directories =======

2014-04-18 22:09 - 2014-06-06 16:14 - 0003750 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-04-27 03:41 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-12-20 19:55 - 2014-12-20 19:55 - 0000132 _____ () C:\Users\Harley\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-03-04 23:30 - 2016-03-04 23:30 - 0049717 _____ () C:\Users\Harley\AppData\Roaming\biblioentry.item.separator.xml
2014-04-27 04:38 - 2014-04-27 04:38 - 0000050 _____ () C:\Users\Harley\AppData\Roaming\Camdata.ini
2014-04-27 04:38 - 2014-04-27 04:38 - 0000408 _____ () C:\Users\Harley\AppData\Roaming\CamLayout.ini
2014-04-27 04:38 - 2014-04-27 04:38 - 0000408 _____ () C:\Users\Harley\AppData\Roaming\CamShapes.ini
2014-04-27 04:38 - 2014-04-27 04:38 - 0004548 _____ () C:\Users\Harley\AppData\Roaming\CamStudio.cfg
2016-03-21 15:23 - 2016-03-21 15:23 - 0001521 _____ () C:\Users\Harley\AppData\Roaming\CangueDouseHypoxia
2016-03-04 23:30 - 2016-03-04 23:30 - 0001426 _____ () C:\Users\Harley\AppData\Roaming\CarryallRatline
2016-03-24 13:33 - 2016-03-24 13:33 - 0001465 _____ () C:\Users\Harley\AppData\Roaming\DikdikCragSaponite
2016-04-04 20:45 - 2016-04-04 20:45 - 0079360 _____ (Intel Corporation) C:\Users\Harley\AppData\Roaming\dressmaking.dll
2016-02-27 00:21 - 2016-02-27 00:21 - 0049870 _____ () C:\Users\Harley\AppData\Roaming\f21.png
2016-03-21 15:23 - 2016-03-21 15:23 - 0049780 _____ () C:\Users\Harley\AppData\Roaming\g3_11 x 14 in 300 dpi.IMZ
2016-04-04 21:18 - 2016-04-04 21:18 - 0050293 _____ () C:\Users\Harley\AppData\Roaming\GB-V
2014-08-08 18:41 - 2014-08-08 18:41 - 0099384 _____ () C:\Users\Harley\AppData\Roaming\inst.exe
2016-03-16 22:13 - 2016-03-16 22:13 - 0001896 _____ () C:\Users\Harley\AppData\Roaming\MuskoneDutch
2014-08-08 18:41 - 2014-08-08 18:41 - 0007859 _____ () C:\Users\Harley\AppData\Roaming\pcouffin.cat
2014-08-08 18:41 - 2014-08-08 18:41 - 0001167 _____ () C:\Users\Harley\AppData\Roaming\pcouffin.inf
2014-08-08 18:41 - 2014-08-08 18:41 - 0000055 _____ () C:\Users\Harley\AppData\Roaming\pcouffin.log
2014-08-08 18:41 - 2014-08-08 18:41 - 0082816 _____ (VSO Software) C:\Users\Harley\AppData\Roaming\pcouffin.sys
2016-04-04 21:18 - 2016-04-04 21:18 - 0001527 _____ () C:\Users\Harley\AppData\Roaming\PutQuadratHymnSpaGrisaille
2016-02-27 00:21 - 2016-02-27 00:21 - 0001377 _____ () C:\Users\Harley\AppData\Roaming\SemenCaraculNapa
2014-10-07 05:39 - 2014-10-07 05:39 - 0011264 _____ () C:\Users\Harley\AppData\Roaming\System.dll
2016-03-16 22:13 - 2016-03-16 22:13 - 0049929 _____ () C:\Users\Harley\AppData\Roaming\toc.line.properties.xml
2016-03-24 13:33 - 2016-03-24 13:33 - 0049951 _____ () C:\Users\Harley\AppData\Roaming\Version.txt
2014-04-27 04:14 - 2014-04-27 16:12 - 0000096 _____ () C:\Users\Harley\AppData\Roaming\version2.xml
2016-01-25 00:12 - 2016-03-21 23:18 - 0007611 _____ () C:\Users\Harley\AppData\Local\Resmon.ResmonCfg
2015-09-12 02:58 - 2015-09-12 02:58 - 0000028 _____ () C:\Users\Harley\AppData\Local\X-Plane Installer.prf
2015-09-12 02:58 - 2015-09-12 03:03 - 0000015 _____ () C:\Users\Harley\AppData\Local\X-Plane_drm.prf
2015-09-12 02:13 - 2015-09-12 02:13 - 0000042 _____ () C:\Users\Harley\AppData\Local\x-plane_install_10.txt
2014-09-24 10:47 - 2014-09-24 10:47 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 22:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Harley (2016-04-05 22:56:25)
Running from C:\Users\Harley\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-03-31 20:00:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-25370038-3188104783-553490557-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-25370038-3188104783-553490557-1009 - Limited - Enabled)
Guest (S-1-5-21-25370038-3188104783-553490557-501 - Limited - Enabled) => C:\Users\Guest
Harley (S-1-5-21-25370038-3188104783-553490557-1000 - Administrator - Enabled) => C:\Users\Harley

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6189 - AVG Technologies)
AVG 2015 (Version: 15.0.4545 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6189 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.5.0.909 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BitTorrent (HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CINEMA 4D 15.064 (HKLM\...\MAXON12664043) (Version: 15.064 - MAXON Computer GmbH)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
ffdshow v1.1.3572 [2010-09-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3572.0 - )
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HIS iTurbo (HKLM-x32\...\HIS iTurbo) (Version: - )
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LDC Driving Test 3-in-1 (HKLM-x32\...\LDC Driving Test 3-in-17.0) (Version: 7.0 - Teaching Driving Ltd)
Magnifying Glass 1.1 (HKLM-x32\...\Magnifying Glass_is1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Flight Simulator 2004 - A Century of Flight (HKLM-x32\...\Microsoft Flight Simulator 2004 - A Century of Flight_is1) (Version: - )
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: hex(2):39,00,2e,00,30,00,00,00 - Microsoft)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.6.8.382 - Native Instruments)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NET Render Client 13.016 (HKLM\...\MAXON8C66D661) (Version: 13.016 - MAXON Computer GmbH)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
ProxyGate version 3.0.0.1163 (HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1163 - Gold Click Ltd)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Steinberg Cubase 7.5 64bit (HKLM\...\{C75E8AD9-C89F-4505-5E87-CFCCEBE284FA}) (Version: 7.5.10 - Steinberg Media Technologies GmbH)
Steinberg EDM Toolbox MIDI Loops (HKLM-x32\...\{8C9B2EA8-9A30-4347-95E9-10E919C4F32E}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.2 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 2.0.0 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - )
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Vegas Pro 12.0 (64-bit) (HKLM\...\{3C9AFB31-4D02-11E3-8AA3-F04DA23A5C58}) (Version: 12.0.765 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
VirtualDJ Home FREE (HKLM-x32\...\{731CCCF4-E02D-4B0E-BE9B-DF2D54D40564}) (Version: 7.4.6 - Atomix Productions)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC Codec Pack 2.0.5 (HKLM-x32\...\VLC - Codec Pack) (Version: 2.0.5 - VLC Codec Pack)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
WG Screensaver Creator 1.0 (HKLM-x32\...\{E0BE7153-5B7D-4214-9F2A-50EF466C27F7}) (Version: 1.0.0 - Web Grafitti)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YTD Downloader version 1.5 (HKLM-x32\...\{DC866C1E-B796-4BD2-93B8-B5706AC5B5CC}_is1) (Version: 1.5 - BoozedProgrammer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {32277B93-036B-41DD-8D10-D20A44498382} - System32\Tasks\AdobeAAMUpdater-1.0-Harley-PC-Harley => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {3931BBF4-7E62-4CE4-B477-1BC0B02494E8} - \AmiUpdXp -> No File <==== ATTENTION
Task: {3CC50312-20F2-4D2C-852D-71708BD43238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {4D7EC792-60C7-4DE6-B887-C434560D6788} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{C1F1E6F4-E01D-40F3-B099-9671A8C678BC}.exe [2014-11-06] ()
Task: {6CFF0FA1-D18F-4221-B82D-AC2C3E4AD889} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7BE42B84-9A82-42D3-9459-DD55CFB48CDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-04] (Adobe Systems Incorporated)
Task: {978DBFD1-0B2F-485E-ADF5-2AB960239980} - System32\Tasks\AVG-Secure-Search-Update_0215tb_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
Task: {A3C55835-51D5-4DB6-8209-4682491691C8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B9DF5042-BA35-4D8F-A6A7-6F328E7CB78B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {D3367DF5-6204-4D90-A022-53C9AA3A35FB} - System32\Tasks\WINshell Event Notification => C:\Users\Harley\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {D55C4265-B003-43E7-ACF8-9684D3B335EA} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{96675449-1856-4CC6-9523-6B7AD5CF467E}.exe [2015-05-06] ()
Task: {DC28B15E-37F7-41B3-83A2-7D5B1FD81703} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {F0AD73AC-4539-473C-9667-65D4C8662C1C} - System32\Tasks\WINshell Event Logging => C:\Users\Harley\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {F735408A-71C3-4661-8071-36095F1997CA} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe [2015-07-26] ()
Task: {F97909DA-A4EF-461C-AF04-ECA00B053B78} - System32\Tasks\AVG-Secure-Search-Update_0215tb_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
Task: {FB505DC1-B3D3-4D73-BB2B-DDAA4E313195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{96675449-1856-4CC6-9523-6B7AD5CF467E}.exe
Task: C:\Windows\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{C1F1E6F4-E01D-40F3-B099-9671A8C678BC}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0215tb_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0215tb_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-10 13:21 - 2014-06-10 13:21 - 08892072 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-02 00:30 - 2011-05-06 14:12 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-04-02 00:30 - 2011-05-06 14:12 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-02 00:30 - 2011-05-06 14:12 - 00621168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-04-18 22:09 - 2015-05-16 15:16 - 02510784 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2016-04-05 03:29 - 2016-04-05 03:38 - 00035840 _____ () C:\Users\Harley\AppData\Local\Oqjdics\Vuxdevkit.dll
2015-05-16 15:17 - 2015-05-16 15:16 - 00526784 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.5.0\log4cplusU.dll
2014-06-10 13:21 - 2014-06-10 13:21 - 08892072 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Harley\AppData\Local\Temp:xZA9z3GexuChCsUlsNKGn [2370]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\facebook.com -> www.facebook.com
IE restricted site: HKU\S-1-5-21-25370038-3188104783-553490557-1000\...\facebook.com -> hxxp://www.facebook.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-25370038-3188104783-553490557-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Application Updater => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: vToolbarUpdater18.5.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMenu.lnk => C:\Windows\pss\TrayMenu.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG-Secure-Search-Update_0215tb => "C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0215tb.exe" /PROMPT /CMPID=0215tb
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1964142X05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Oqjdics => C:\Users\Harley\AppData\Local\Oqjdics\psdl32.exe
MSCONFIG\startupreg: ProxyGate => C:\Users\Harley\AppData\Roaming\ProxyGate\MainService.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: VDownloader => "C:\Program Files (x86)\VDownloader\VDownloader4.exe" /silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{4747FA03-986F-4B75-BA01-9BC90B8F9862}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{01EF46F5-66CB-4872-8D9C-924260BC7F42}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{B3B9226E-FF80-4CD1-965B-D9051C0E4E86}C:\program files\maxon\net render r13 client\net render client 64 bit.exe] => (Allow) C:\program files\maxon\net render r13 client\net render client 64 bit.exe
FirewallRules: [UDP Query User{087D1CC1-8B37-421B-BE1D-A87DBB2B62AC}C:\program files\maxon\net render r13 client\net render client 64 bit.exe] => (Allow) C:\program files\maxon\net render r13 client\net render client 64 bit.exe
FirewallRules: [TCP Query User{73B04404-FFD0-41A9-AE71-D9B89AD74AC2}C:\program files\maxon\net render r13 client\net render client.exe] => (Allow) C:\program files\maxon\net render r13 client\net render client.exe
FirewallRules: [UDP Query User{F927373C-FB36-4607-BB4C-28F84E779DD6}C:\program files\maxon\net render r13 client\net render client.exe] => (Allow) C:\program files\maxon\net render r13 client\net render client.exe
FirewallRules: [{BD2DB69C-83B8-48FC-9D32-BEEC756D3908}] => (Allow) C:\Users\Harley\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4F045B4C-D598-4742-9B4C-4D72B18B8E6A}] => (Allow) C:\Users\Harley\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2D0DA65A-2AF5-4776-9B28-732408762CD1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A8BB6588-F03C-4BF7-A88A-AE2628097461}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6C00C578-BB3E-4C5C-94BC-30BB1ED341F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6B423810-D2F7-4EB0-9491-09ED6975D1F1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{601C8AA6-C2E3-47F4-8E99-9113E105095B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C3EC4615-8276-4B67-9F0C-0D5869AEEE75}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{83C28738-0DCB-4BA8-A650-54FFDED1D1BF}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CE01306B-D52C-4862-BAC9-B2236D9A6244}] => (Allow) LPort=7935
FirewallRules: [{4C7A9B20-1377-4DC3-B6C5-08ED6D42439A}] => (Allow) LPort=51111
FirewallRules: [{9478F1C8-A4E1-4589-AA5C-9B941AC24CAA}] => (Allow) LPort=51112
FirewallRules: [{A0045B1D-2524-4C5D-9B3A-AF786A1F2247}] => (Allow) LPort=51113
FirewallRules: [{B0E5D1DC-71D0-4389-9D01-D3E4A3910B10}] => (Allow) C:\Program Files\Steinberg\Cubase 7.5\Cubase7.5.exe
FirewallRules: [{5910C3D7-85F5-433A-A02C-CEBE4D48A42E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{8E8DF64D-52B6-4CFC-8BF8-B10DAE883010}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E69CC783-FBD4-4064-A43F-7D9717F311BC}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F306BFA0-7059-423B-8C29-4427C9FA94DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7EE37779-C230-4C50-8B86-42CA9B7AB4B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{304E745A-1C45-40A5-8893-760FD357F5CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5C9D9DC6-9AE3-47B1-81D0-2C0EFAE38951}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B6F08DB-A1DE-4298-A022-C9534A05BAD7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B43BE5BD-F711-418E-A8F2-B2DEA10600DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6DA6621A-D49F-415A-8B9B-44D1D683521F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{A54C2655-0EE3-4CA2-8EAF-1C697E8F8519}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1CAE9E1-16F3-4E1C-98A9-2DAAD97FC5C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A34DEC5A-C540-463C-970F-D910A86DCD0E}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{07586C03-E9B3-4D36-8873-8F8A0DC3030E}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{9124FF8C-C8C1-47E4-BF33-4F9716239B3E}C:\users\harley\desktop\x-plane 10 demo\x-plane.exe] => (Block) C:\users\harley\desktop\x-plane 10 demo\x-plane.exe
FirewallRules: [UDP Query User{02B711D3-EE3C-44EB-864C-FA2A01D128B4}C:\users\harley\desktop\x-plane 10 demo\x-plane.exe] => (Block) C:\users\harley\desktop\x-plane 10 demo\x-plane.exe
FirewallRules: [{783EDDB4-FEFA-41D8-B65A-DC9DC5005162}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB9C8C6A-43B8-472D-AD26-66E7BB42E364}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{06E3D652-5025-47DD-905E-84DECC99761D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{51973D9F-E02F-4F43-A4B7-0DCBA48E92AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{81493609-37DF-4C4E-BF06-208226929423}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{AAE05473-6ABF-4D98-9798-73B22F0E3CEC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{4EBFA1FF-50DE-4608-ACC6-F448E8228B1F}] => (Block) %ProgramFiles% (x86)\Ubisoft\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DC27D218-228E-4E2A-9CE3-B38A6CB41876}] => (Block) %ProgramFiles% (x86)\Ubisoft\Trials Fusion\datapack\trials_fusion (2).exe
FirewallRules: [{AFF412F7-D285-4292-B2CB-8C388B9D0C8E}] => (Block) %ProgramFiles% (x86)\Ubisoft\Trials Fusion\datapack\GDFInstall.exe
FirewallRules: [{B3D67CB7-F788-474A-9A2B-19711AAFBC3B}] => (Block) %ProgramFiles% (x86)\Ubisoft\Trials Fusion\datapack\GEFirewall.exe
FirewallRules: [{8851AA1C-485D-431A-90A6-158A850CF4DB}] => (Block) %ProgramFiles% (x86)\Ubisoft\Trials Fusion\datapack\GEFirewall_rem.exe
FirewallRules: [{1E2B3066-12FA-48E8-9FD5-063AB8891031}] => (Block) %ProgramFiles%\Native Instruments\Traktor 2\Traktor.exe
FirewallRules: [TCP Query User{F8028B31-F6F8-4055-B92F-5709A1A479EA}C:\program files (x86)\microsoft flight simulator 2004 - a century of flight\fs9.exe] => (Block) C:\program files (x86)\microsoft flight simulator 2004 - a century of flight\fs9.exe
FirewallRules: [UDP Query User{0C96D391-8D10-4302-BD08-82F7573602E8}C:\program files (x86)\microsoft flight simulator 2004 - a century of flight\fs9.exe] => (Block) C:\program files (x86)\microsoft flight simulator 2004 - a century of flight\fs9.exe

==================== Restore Points =========================

27-03-2016 19:00:23 Windows Backup
03-04-2016 19:00:27 Windows Backup
04-04-2016 02:21:12 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
04-04-2016 02:22:13 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

==================== Faulty Device Manager Devices =============

Name: BB Capture Driver
Description: BB Capture Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Blueberry Consultants
Service: bbcap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.2
Description: AODDriver4.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2016 10:52:23 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80040154

Error: (04/05/2016 10:46:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2016 10:45:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2016 10:45:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2016 10:45:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2016 10:45:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (04/05/2016 10:45:36 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2016 10:45:36 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (04/05/2016 10:45:36 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (04/05/2016 10:45:36 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (04/05/2016 10:45:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/05/2016 10:45:37 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/05/2016 10:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%3

Error: (04/05/2016 09:46:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/05/2016 09:46:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/05/2016 09:25:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%3

Error: (04/05/2016 05:09:06 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/05/2016 05:09:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (04/05/2016 04:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.2 service failed to start due to the following error:
%%3

Error: (04/04/2016 08:35:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


CodeIntegrity:
===================================
Date: 2016-02-11 04:25:47.255
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sparkocam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-11 04:25:47.244
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\sparkocam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-22 20:49:36.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2014-04-02 02:42:39.656
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 46%
Total physical RAM: 4094.05 MB
Available physical RAM: 2207.77 MB
Total Virtual: 8186.28 MB
Available Virtual: 6257.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:90.07 GB) NTFS
Drive h: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:207.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 16AB5312)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 2C029FCB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Anyone, any ideas at all would be much appreciated. thanks
 
Last edited by a moderator:
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top