Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017 Ran by fundowic (13-05-2017 18:30:48) Running from C:\Users\fundowic\Desktop\FRST Windows 7 Enterprise Service Pack 1 (X64) (2016-03-09 14:33:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Guest (S-1-5-21-2644034118-1358276528-2457853829-501 - Limited - Disabled) roostar (S-1-5-21-2644034118-1358276528-2457853829-500 - Administrator - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat XI Pro (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\{07C5D2FF-2AA8-46D1-B9E8-BACCD34C8E01}) (Version: 12.1.4.154 - Adobe Systems, Inc) ArcGIS 10.1 for Desktop (HKLM-x32\...\ArcGIS 10.1 for Desktop) (Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) ArcGIS 10.1 for Desktop (x32 Version: 10.1.3035 - Environmental Systems Research Institute, Inc.) Hidden CDBurnerXP (64 bit) (HKLM\...\{785E0636-7EB7-4D40-A1D1-F85902378E98}) (Version: 4.5.4.5143 - Canneverbe Limited) Configuration Manager Client (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.) ET GeoWizards 11.1 for ArcGIS 10.1 (HKLM-x32\...\{2F314F78-689D-4380-A969-594C40988DCD}) (Version: 11.1 - ET SpatialTechniques) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) FME Desktop 2015.0 (Build 15250 - win64) (HKLM\...\{3F7D7AFE-73C3-1014-B276-6DE295802905}) (Version: 7.4.15250 - Safe Software Inc.) FreeMouseAutoClicker 3.8 (HKLM-x32\...\{292F00C5-25EF-4FBE-9873-13EF1F69DEED}_is1) (Version: - Advanced Mouse Auto Clicker ltd.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3977 - Intel Corporation) Internet Explorer 11 (x32 Version: 11.0 - Microsoft Corporation) Hidden IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.3.0.18 - IObit) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Java SE Development Kit 8 Update 74 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation) K-Lite Codec Pack 12.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.6.5 - KLCP) Local Administrator Password Solution (HKLM\...\{EA8CB806-C109-4700-96B4-F1F268E5036C}) (Version: 6.2.0.0 - Microsoft Corporation) McAfee Agent (HKLM\...\{3B644EA1-30AB-42A9-8A80-750854073723}) (Version: 5.0.4.449 - McAfee, Inc.) McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.) MDOP MBAM (HKLM\...\{1B0FF767-2365-4E2B-91D1-93D442944055}) (Version: 2.5.0244.0 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Viewer 2013 (HKLM-x32\...\{95150000-0052-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MKS Integrity Client 2009 (HKLM-x32\...\MKS Integrity Client 2009) (Version: 4.10.0.0 - MKS Inc.) MKS Toolkit 9.2 for MKS Integrity (HKLM\...\{09FE637A-1D0C-4D77-90E0-12302F0B707C}) (Version: 9.2.0200 - Mortice Kern Systems) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden pgAdmin III 1.18 (HKLM-x32\...\{B83C2BA8-F874-45F8-8E4A-07808A38D52C}) (Version: 1.18 - The pgAdmin Development Team) PostGIS 2.1.8, PgRouting 2.0 for PostgreSQL x64 9.4 (remove only) (HKLM\...\PostGIS 2.1 bundle for PostgreSQL x64 9.4) (Version: - ) PostgreSQL 9.4 (HKLM\...\PostgreSQL 9.4) (Version: 9.4 - PostgreSQL Global Development Group) Pulse Secure (Version: 5.2.977 - Pulse Secure, LLC) Hidden Pulse Secure 5.2 (HKLM-x32\...\Pulse Secure 5.2) (Version: 5.2.977 - Pulse Secure, LLC) Pulse Secure Host Checker (HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\PulseSecure_Host_Checker) (Version: 8.1.4.37683 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\.DEFAULT\...\Pulse_Setup_Client) (Version: 8.2.1.227 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\Juniper_Setup_Client) (Version: 8.1.4.60331 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\Pulse_Setup_Client) (Version: 8.2.6.977 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) QGIS Valmiera 2.2.0 Valmiera (HKLM\...\QGIS Valmiera) (Version: - QGIS Development Team) Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6049 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) SQLTools 1.5 (remove only) (HKLM-x32\...\SQLTools 1.5) (Version: - ) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNC_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WinRAR 5.31 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2330A2DE-4599-432B-AA3C-CB7531700AA5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {2F14FB51-E155-4663-BBC8-5E0B4A581FC7} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {6114BBEC-0A8E-40A6-9FA1-4D823D65A607} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-01] () Task: {6EF6BE9C-B851-4B18-B479-D931DAC9B5B8} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-22] (Realtek Semiconductor) Task: {724E4AA6-351E-40A2-A1F6-FBB42637E702} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {AA671A1D-6F7F-41B6-B36C-C4FB3996D1C5} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation) Task: {EE21E73B-0A1F-4069-B655-DC7B874B3B2E} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Client Upgrade Task => C:\WINDOWS\ccmsetup\ccmsetup.exe [2016-12-16] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-06-21 08:42 - 2011-06-21 08:42 - 00034304 _____ () C:\WINDOWS\System32\sst3cl6.dll 2017-01-05 03:44 - 2017-01-05 03:44 - 00546640 _____ () C:\Program Files\McAfee\Agent\sqlite.dll 2017-01-05 03:44 - 2017-01-05 03:44 - 00020816 _____ () C:\Program Files\McAfee\Agent\trex.dll 2017-01-05 03:30 - 2017-01-05 03:30 - 00144208 _____ () C:\Program Files\McAfee\Agent\libuv.dll 2017-01-05 03:43 - 2017-01-05 03:43 - 00051024 _____ () C:\Program Files\McAfee\Agent\MXML.dll 2017-01-05 03:45 - 2017-01-05 03:45 - 00112976 _____ () C:\Program Files\McAfee\Agent\zlib.dll 2017-01-05 03:30 - 2017-01-05 03:30 - 00026448 _____ () C:\Program Files\McAfee\Agent\libini.dll 2016-03-14 09:31 - 2015-12-07 01:31 - 00179200 _____ () C:\Program Files\PostgreSQL\9.4\bin\LIBPQ.dll 2016-03-14 09:32 - 2014-05-08 08:18 - 02197504 _____ () C:\Program Files\PostgreSQL\9.4\bin\libxml2.dll 2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-12-22 20:00 - 2014-12-22 20:00 - 00456808 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-11-30 04:23 - 2016-11-30 04:23 - 03209176 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe 2016-11-30 04:59 - 2016-11-30 04:59 - 00391128 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsIpc.dll 2016-11-30 04:35 - 2016-11-30 04:35 - 00366552 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Connection Manager\ConnectionManagerService.dll 2016-11-30 03:38 - 2016-11-30 03:38 - 00055256 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsOpenSSL.dll 2016-11-30 04:33 - 2016-11-30 04:33 - 00243672 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreService.dll 2016-11-30 04:47 - 2016-11-30 04:47 - 00235480 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Integration\IntegrationAccessMethod.dll 2016-11-30 04:37 - 2016-11-30 04:37 - 00489432 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\eapService\eapService.dll 2016-11-30 04:38 - 2016-11-30 04:38 - 00219096 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\8021xAccessMethod\8021xAccessMethod.dll 2016-11-30 04:24 - 2016-11-30 04:24 - 00251864 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelService.dll 2016-11-30 04:24 - 2016-11-30 04:24 - 00020440 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelServicePS.dll 2016-11-30 04:25 - 2016-11-30 04:25 - 00063448 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPlugin.dll 2016-11-30 04:25 - 2016-11-30 04:25 - 00026584 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPromptPluginPS.dll 2016-11-30 04:34 - 2016-11-30 04:34 - 00017880 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreServicePS.dll 2017-01-05 03:44 - 2017-01-05 03:44 - 00423248 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll 2017-01-05 03:44 - 2017-01-05 03:44 - 00019792 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll 2017-01-05 03:30 - 2017-01-05 03:30 - 00132944 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll 2017-01-05 03:43 - 2017-01-05 03:43 - 00041296 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll 2017-01-05 03:29 - 2017-01-05 03:29 - 00021840 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll 2014-10-22 15:01 - 2014-10-22 15:01 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll 2014-01-23 08:55 - 2014-01-23 08:55 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll 2017-05-12 20:02 - 2016-12-12 16:52 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl 2017-05-12 20:02 - 2016-12-12 16:52 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl 2017-05-12 20:02 - 2016-12-12 16:52 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl 2017-05-12 20:02 - 2016-08-10 17:13 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll 2017-05-12 20:02 - 2016-12-12 16:52 - 00631584 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.assets-yammer.com -> hxxps://*.assets-yammer.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.hpe.com -> *.hpe.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.live.com -> hxxps://*.live.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.microsoftonline.com -> hxxps://*.microsoftonline.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.office.com -> hxxps://*.office.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.office365.com -> hxxps://*.office365.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.onenote.com -> hxxps://*.onenote.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.outlook.com -> hxxps://*.outlook.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.sharepoint.com -> hxxps://*.sharepoint.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.sway.com -> hxxps://*.sway.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.windows.net -> hxxps://*.windows.net IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\*.yammer.com -> hxxps://*.yammer.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\samsungsetup.com -> hxxp://www.samsungsetup.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\sharepoint.com -> hxxps://tomtomgroup.sharepoint.com IE trusted site: HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\tomtom.com -> *.lbs.tomtom.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2017-04-21 14:20 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Control Panel\Desktop\\Wallpaper -> DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{532CD997-DE8D-444F-9BFE-B02962E54EE3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{63839EF0-A083-49FA-990A-1776DE950030}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F99FEA11-8853-4F75-AE88-2363D0C83466}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{253E92CC-D275-43A7-80A0-2F77AD186FE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C23CDE2C-50FE-427D-B1DB-1E7152BF7CB8}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{4B4C43FF-98AE-4816-8132-846131222078}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{89B5A374-9C1E-4F62-8E17-6B02007AB68B}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{D8758289-A7C6-4537-B654-854BE8858953}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{6C373D18-AF9A-4995-9C2D-0308E59A7210}] => (Allow) C:\Program Files\FME\fme.exe FirewallRules: [{40B809DF-BF6A-43B7-8B0D-BFC3D0B35C98}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{643A456C-255E-4A30-96C7-956BA12DE96D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{BB05169F-61BB-41A4-876E-1DDE8EE21DB5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D549951A-E57F-4524-9D17-BCD1EA4F5FCD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DF088BD1-BC32-42BB-9CDF-D746139DDE89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F973054C-211E-407B-B3A9-7FDBEE4CD742}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{05D39ECE-CA55-41F4-9B60-62798E7CA85B}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{2EC47BAB-C4F6-48E2-8BCF-48B8B5059A96}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{FCB8248E-0465-4F6C-B529-1C058DFC245D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= Could not list restore points Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (05/13/2017 06:20:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IMF.exe, version: 5.0.2.3804, time stamp: 0x58ec4e16 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x584 Faulting application start time: 0x01d2cc049d75aad8 Faulting application path: C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe Faulting module path: unknown Report Id: 155a4a51-37f8-11e7-83cc-185e0faf7b8d Error: (05/13/2017 06:18:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Faulting module name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Exception code: 0xc0000005 Fault offset: 0x000000000002a12a Faulting process id: 0xfdc Faulting application start time: 0x01d2cc048fad10f4 Faulting application path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Faulting module path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Report Id: d0db029b-37f7-11e7-83cc-185e0faf7b8d Error: (05/13/2017 06:17:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Faulting module name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Exception code: 0xc0000005 Fault offset: 0x000000000002a12a Faulting process id: 0x580 Faulting application start time: 0x01d2cc04728677c3 Faulting application path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Faulting module path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Report Id: bae22ef4-37f7-11e7-83cc-185e0faf7b8d Error: (05/13/2017 06:14:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: PulseSecureService.exe, version: 5.2.6.977, time stamp: 0x583ec339 Faulting module name: ntdll.dll, version: 6.1.7601.23543, time stamp: 0x57d2f8a2 Exception code: 0xc0000005 Fault offset: 0x00032a00 Faulting process id: 0x1340 Faulting application start time: 0x01d2cc040141d426 Faulting application path: C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe Faulting module path: C:\WINDOWS\SysWOW64\ntdll.dll Report Id: 40e24000-37f7-11e7-9d48-185e0faf7b89 Error: (05/13/2017 06:14:32 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {4ece8672-2411-4dc0-b379-bab9542b8702} Error: (05/12/2017 11:17:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000004d60fd8 Faulting process id: 0xf90 Faulting application start time: 0x01d2cb631322c6c4 Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: unknown Report Id: 7270c88d-3758-11e7-9d48-185e0faf7b89 Error: (05/12/2017 11:02:58 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070005. Error: (05/12/2017 11:02:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Faulting module name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Exception code: 0xc0000005 Fault offset: 0x000000000002a12a Faulting process id: 0xee4 Faulting application start time: 0x01d2cb63127763b1 Faulting application path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Faulting module path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Report Id: 504a0495-3756-11e7-9d48-185e0faf7b89 Error: (05/12/2017 11:02:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Faulting module name: RAVBg64.exe, version: 1.0.0.207, time stamp: 0x54043c6f Exception code: 0xc0000005 Fault offset: 0x000000000002a12a Faulting process id: 0x574 Faulting application start time: 0x01d2cb63038fa5e0 Faulting application path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Faulting module path: C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe Report Id: 4af3aeb8-3756-11e7-9d48-185e0faf7b89 Error: (05/12/2017 10:57:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service SSSvc since QueryServiceConfig API failed System Error: The system cannot find the file specified. . System errors: ============= Error: (05/13/2017 06:30:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Connections service depends the following service: NSI. This service might not be installed. Error: (05/13/2017 06:30:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. Error: (05/13/2017 06:30:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Location Awareness service depends the following service: NSI. This service might not be installed. Error: (05/13/2017 06:30:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. Error: (05/13/2017 06:30:03 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Location Awareness service depends the following service: NSI. This service might not be installed. Error: (05/13/2017 06:29:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. Error: (05/13/2017 06:29:47 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Location Awareness service depends the following service: NSI. This service might not be installed. Error: (05/13/2017 06:29:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. Error: (05/13/2017 06:29:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Location Awareness service depends the following service: NSI. This service might not be installed. Error: (05/13/2017 06:29:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The Network Connections service depends the following service: NSI. This service might not be installed. CodeIntegrity: =================================== Date: 2017-05-13 18:19:25.503 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 23:04:00.209 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 22:49:27.306 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 22:29:26.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 22:09:59.997 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 21:22:19.278 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 20:02:45.125 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 19:54:58.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-05-12 19:22:31.985 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. Date: 2017-04-28 20:44:58.770 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Percentage of memory in use: 21% Total physical RAM: 8064.22 MB Available physical RAM: 6294.91 MB Total Virtual: 16126.62 MB Available Virtual: 14036.17 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:465.42 GB) (Free:359.17 GB) NTFS Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.15 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Removable) (Total:7.45 GB) (Free:7.16 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7641D761) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================