Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-07-2015 Ran by xxx at 2015-07-28 14:11:52 Running from C:\Users\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2657923099-3685160994-716934161-500 - Administrator - Disabled) Guest (S-1-5-21-2657923099-3685160994-716934161-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2657923099-3685160994-716934161-1002 - Limited - Enabled) xxx (S-1-5-21-2657923099-3685160994-716934161-1001 - Administrator - Enabled) => C:\Users\xxx ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2657923099-3685160994-716934161-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION Archiwizator WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION! Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge) GamesDesktop 008.005010041 (HKLM-x32\...\gmsd_pl_005010041_is1) (Version: - GAMESDESKTOP) <==== ATTENTION GamesDesktop 008.005010043 (HKLM-x32\...\gmsd_pl_005010043_is1) (Version: - GAMESDESKTOP) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION Metin2 (HKLM-x32\...\Metin2_PL_is1) (Version: - Gameforge 4D GmbH) Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION Opera Stable 30.0.1835.157 (HKLM-x32\...\Opera 30.0.1835.157) (Version: 30.0.1835.157 - Opera Software) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) shopperz22072015 2.0.0.471 (HKLM\...\{318d2d55-9ce3-446e-8640-a43be68a550f}_is1) (Version: 2.0.0.471 - shopperz) <==== ATTENTION SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03407DE1-2B42-4239-A37A-69FAFCD43651} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: {12F93420-6B3D-4A5F-B6EB-0A213EBAD8BB} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-28] (AnyProtect.com) <==== ATTENTION Task: {245E89E0-B3D6-4CD2-85E2-07AFFD601024} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-07-28] () <==== ATTENTION Task: {3046A351-7295-49FE-AA1D-966E7AC99D9B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.) Task: {31A7F1DD-7CAF-40AC-88F3-13937D7DD867} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe Task: {3FAC0DAC-9115-40B1-8158-10DD9D1AB324} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION Task: {44BF30C8-DBEF-44DA-BA02-E74D2E3D2A06} - System32\Tasks\Opera scheduled Autoupdate 1437722863 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-23] (Opera Software) Task: {48CBC94B-08CE-4913-9A89-BC7E8DE52ACE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-26] (Google Inc.) Task: {4F876748-9D05-4899-A873-B384139AF8CA} - System32\Tasks\4cast => c:\programdata\{bfc3a76d-4a4a-49d0-bfc3-3a76d4a49db5}\download.exe <==== ATTENTION Task: {5D10F835-232F-4665-ABCC-FBBC64D34AF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-26] (Adobe Systems Incorporated) Task: {62A3ACF6-BFD3-430C-9B57-FED56080DE37} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-28] (AnyProtect.com) <==== ATTENTION Task: {7025F2A6-F382-4014-B623-5A67213C1206} - System32\Tasks\{658A3B1E-58D4-4838-B2A2-CA66CABAA9F2} => pcalua.exe -a "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe" -c --uninstall Task: {9AE13183-67F0-4959-A32E-2F8DC6FE17A7} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\xxx\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION Task: {A79D98F5-85EA-4B87-A99A-0E234360E347} - System32\Tasks\PFExe => C:\Users\xxx\AppData\Local\PriceFountain\pricefountain.exe Task: {B403CEDA-6DD9-49A0-962C-9174CC6DC72C} - System32\Tasks\d80d69c9-f5b3-481e-99c7-060d36b1998e-3 => C:\Program Files (x86)\MyBrowser 1.0.2V26.07\d80d69c9-f5b3-481e-99c7-060d36b1998e-3.exe <==== ATTENTION Task: {BDAB6A3F-C84F-4CB2-A278-B3992C0E3FB9} - System32\Tasks\d80d69c9-f5b3-481e-99c7-060d36b1998e-10_user => C:\Program Files (x86)\MyBrowser 1.0.2V26.07\d80d69c9-f5b3-481e-99c7-060d36b1998e-10.exe <==== ATTENTION Task: {C328C086-C385-49B9-81EA-13F5D1223C4D} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES (X86)\RISING\RAV\rsdelaylauncher.exe Task: {D077F7C3-FB88-43C6-8739-2F32AB9AD954} - System32\Tasks\Papuir => C:\Program Files\shopperz22072015\Asyofakaz.bat [2015-07-22] () <==== ATTENTION Task: {F39F37B9-EC2F-4F04-A65E-6EA5F25DFDEC} - System32\Tasks\{D9A3EC8D-BC59-4A3E-BDF5-9F8D10455D82} => pcalua.exe -a C:\Users\xxx\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi Task: {FFDE9E33-9A68-4122-8F51-AA09C1F8B89A} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-28] (AnyProtect.com) <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\4cast.job => c:\programdata\{bfc3a76d-4a4a-49d0-bfc3-3a76d4a49db5}\download.exe <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION Task: C:\Windows\Tasks\Ef3FxHCL9XKx46wvkSSyAwn.job => C:\Users\xxx\AppData\Roaming\Ef3FxHCL9XKx46wvkSSyAwn.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\temp_5fd930fc-d85c-478b-94de-7508b2c986c0-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.07\5fd930fc-d85c-478b-94de-7508b2c986c0-6.exe <==== ATTENTION Task: C:\Windows\Tasks\temp_9cbb2d5f-7bb7-493b-b482-59057b6a1290-1-6.job => C:\Program Files (x86)\GoHD\9cbb2d5f-7bb7-493b-b482-59057b6a1290-1-6.exe <==== ATTENTION Task: C:\Windows\Tasks\VgM9Ib4z6Gy7MeaK930yYbfdix8.job => C:\Users\xxx\AppData\Roaming\VgM9Ib4z6Gy7MeaK930yYbfdix8.exe <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-07-25 18:45 - 2015-07-22 16:27 - 00297848 _____ () C:\Program Files\shopperz22072015\Xpnsbedno64.DLL 2015-07-16 06:39 - 2010-02-10 18:10 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2015-07-25 18:45 - 2015-07-22 16:26 - 00174968 _____ () C:\Program Files\shopperz22072015\Jvpmajlij.exe 2015-07-20 13:35 - 2015-07-20 13:35 - 00172472 _____ () C:\Program Files\shopperz22072015\TeobBopcin.exe 2015-07-28 09:42 - 2015-07-28 09:42 - 00256512 _____ () C:\Program Files (x86)\00412F4E-1437050570-0000-0000-0000FFFFFFFF\knseBCF5.tmp 2015-07-20 13:35 - 2015-07-20 13:35 - 02020352 _____ () C:\Program Files\shopperz22072015\Rofdhowal.exe 2015-07-27 08:39 - 2015-07-25 15:16 - 03291280 _____ () C:\Users\xxx\AppData\Local\gmsd_pl_005010041\upgmsd_pl_005010041.exe 2015-07-25 18:45 - 2015-07-22 16:26 - 00434040 _____ () C:\Program Files\shopperz22072015\Huyde.exe 2015-07-25 18:45 - 2015-07-22 16:26 - 00464760 _____ () C:\Program Files\shopperz22072015\Huyde64.exe 2015-07-25 18:45 - 2015-07-22 16:27 - 00631160 _____ () C:\Program Files\shopperz22072015\Dhnayvhf64.DLL 2015-07-25 18:45 - 2015-07-22 16:27 - 00277880 _____ () C:\Program Files\shopperz22072015\Keeqcb64.DLL 2015-07-25 18:45 - 2015-07-22 16:27 - 00337272 _____ () C:\Program Files\shopperz22072015\Xeelfeze64.DLL 2015-07-27 08:39 - 2015-07-25 15:15 - 03979408 _____ () C:\Program Files (x86)\gmsd_pl_005010041\gmsd_pl_005010041.exe 2015-07-28 12:53 - 2015-07-27 14:32 - 03322000 _____ () C:\Users\xxx\AppData\Local\gmsd_pl_005010043\upgmsd_pl_005010043.exe 2015-07-28 12:53 - 2015-07-27 14:32 - 03976848 _____ () C:\Program Files (x86)\gmsd_pl_005010043\gmsd_pl_005010043.exe 2015-07-25 18:45 - 2015-07-22 16:27 - 00291704 _____ () C:\Program Files\shopperz22072015\Xpnsbedno.DLL 2015-07-25 18:45 - 2015-07-22 16:27 - 00620408 _____ () C:\Program Files\shopperz22072015\Dhnayvhf.DLL 2015-07-25 18:45 - 2015-07-22 16:27 - 00243576 _____ () C:\Program Files\shopperz22072015\Keeqcb.DLL 2015-07-25 18:45 - 2015-07-22 16:27 - 00312184 _____ () C:\Program Files\shopperz22072015\Xeelfeze.DLL 2015-07-08 22:31 - 2015-07-08 22:31 - 26065408 _____ () D:\Battle.net\Battle.net.5952\libcef.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00739840 _____ () D:\Battle.net\Battle.net.5952\libGLESv2.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00909312 _____ () D:\Battle.net\Battle.net.5952\platforms\qwindows.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00130048 _____ () D:\Battle.net\Battle.net.5952\libEGL.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00020992 _____ () D:\Battle.net\Battle.net.5952\imageformats\qgif.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00021504 _____ () D:\Battle.net\Battle.net.5952\imageformats\qico.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00205312 _____ () D:\Battle.net\Battle.net.5952\imageformats\qjpeg.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00225792 _____ () D:\Battle.net\Battle.net.5952\imageformats\qmng.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00015872 _____ () D:\Battle.net\Battle.net.5952\imageformats\qsvg.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00312832 _____ () D:\Battle.net\Battle.net.5952\imageformats\qtiff.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00010240 _____ () D:\Battle.net\Battle.net.5952\qml\QtQuick.2\qtquick2plugin.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00054272 _____ () D:\Battle.net\Battle.net.5952\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-07-08 22:31 - 2015-07-08 22:31 - 00010240 _____ () D:\Battle.net\Battle.net.5952\qml\QtQml\Models.2\modelsplugin.dll 2015-07-15 01:18 - 2015-07-15 01:18 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll 2015-07-27 16:29 - 2015-07-23 15:31 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.157\libglesv2.dll 2015-07-27 16:29 - 2015-07-23 15:31 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.157\libegl.dll 2015-07-28 06:40 - 2015-05-12 13:01 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll 2015-07-28 06:40 - 2015-05-12 13:01 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll 2015-07-16 19:15 - 2015-07-26 18:36 - 16307888 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rofdhowal => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2657923099-3685160994-716934161-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2657923099-3685160994-716934161-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2657923099-3685160994-716934161-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 52.18.92.32 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8FE76EF5-8E8B-4BA4-9EE8-763549E6ADE8}] => (Allow) D:\Battle.net\Battle.net.exe FirewallRules: [{86B2ADCB-BE04-409F-8907-51B147B3FE2B}] => (Allow) D:\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{C1880920-F858-4851-AA92-2B3FEF27C4FE}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{6ADAA6C2-7D38-43B7-9A33-9C8F37504436}D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [{8224E74F-B1E7-476F-A116-EB7DBC6B034B}] => (Allow) D:\Hearthstone\Hearthstone.exe FirewallRules: [{AF24871C-9E1B-40B0-B928-9E5A091130AD}] => (Allow) D:\Hearthstone\Hearthstone.exe FirewallRules: [TCP Query User{2A0EFC7F-63BD-445F-83F7-E8469E261257}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe FirewallRules: [UDP Query User{70110CF3-8AFA-45B3-BDBD-142ABB03771F}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe FirewallRules: [{75FC68DB-5376-4A07-AE7B-DF92AFB30176}] => (Allow) D:\GameforgeLive\gfl_client.exe FirewallRules: [TCP Query User{3626EEA3-75AC-4942-9086-291D847C1D36}D:\gameforgelive\games\pol_pol\aion\nclauncher.exe] => (Allow) D:\gameforgelive\games\pol_pol\aion\nclauncher.exe FirewallRules: [UDP Query User{B6F5762A-4EB4-4E67-B584-7F8DD34A2AB9}D:\gameforgelive\games\pol_pol\aion\nclauncher.exe] => (Allow) D:\gameforgelive\games\pol_pol\aion\nclauncher.exe FirewallRules: [TCP Query User{37CF1905-F15B-4C5B-A89C-E74B8028B02D}C:\users\xxx\desktop\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) C:\users\xxx\desktop\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{7A145C98-7523-4E15-8508-AB4236104C8C}C:\users\xxx\desktop\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Block) C:\users\xxx\desktop\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{A2850F3D-C985-4AA4-8E3E-BCA5EB0629D4}C:\users\xxx\desktop\hearthstone\hearthstone.exe] => (Block) C:\users\xxx\desktop\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{4168DEFE-03B2-4B16-A60A-8CBAE23D8A75}C:\users\xxx\desktop\hearthstone\hearthstone.exe] => (Block) C:\users\xxx\desktop\hearthstone\hearthstone.exe FirewallRules: [{7AABA9EB-26DF-4F15-8544-405C59BB808C}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe FirewallRules: [{FB92FE1D-FB83-4A8E-B332-CA3BB1156971}] => (Allow) C:\Users\xxx\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe FirewallRules: [{E812DA4B-E897-4CC5-9801-F2CE721EEBD6}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe FirewallRules: [{0805A373-027F-42CD-9CBF-6B59E47998C9}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe FirewallRules: [{E0CB1952-5A7C-4C69-A1F8-AA85A3016F5D}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe FirewallRules: [{9D42F9E8-E5E4-47BA-AC96-B5EC5DDE7235}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe FirewallRules: [TCP Query User{285CB3BA-6AF5-487D-876C-DA00118353F3}C:\program files (x86)\搜狐影音\sohuva.exe] => (Block) C:\program files (x86)\搜狐影音\sohuva.exe FirewallRules: [UDP Query User{2FA7A80D-16E6-4BC4-B789-69C6DE3FDA86}C:\program files (x86)\搜狐影音\sohuva.exe] => (Block) C:\program files (x86)\搜狐影音\sohuva.exe FirewallRules: [TCP Query User{5AD57BF1-60AB-440A-BB10-B9E73136AFE8}C:\program files (x86)\搜狐影音\shplayer.exe] => (Block) C:\program files (x86)\搜狐影音\shplayer.exe FirewallRules: [UDP Query User{6CBD39DA-85CB-4E7C-9ADD-F89C3AE40983}C:\program files (x86)\搜狐影音\shplayer.exe] => (Block) C:\program files (x86)\搜狐影音\shplayer.exe FirewallRules: [{46507294-C28B-4D2D-969C-E997329C1400}] => (Allow) C:\ProgramData\DhmReu\socahen.exe FirewallRules: [{BE67ADA3-8E7A-4B9E-A1BB-537CF1B507F5}] => (Allow) C:\ProgramData\DhmReu\socahen.exe FirewallRules: [{026E53AF-A4FF-4370-AF42-EB2B5B7D9A40}] => (Allow) C:\ProgramData\DhmReu\socahen.exe FirewallRules: [{33FC5D5E-25D4-422C-B105-3966BDC9D63B}] => (Allow) C:\ProgramData\DhmReu\socahen.exe FirewallRules: [TCP Query User{DCE4DB47-B901-4C9B-BBB0-FE72FF57F7A4}C:\users\xxx\desktop\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\users\xxx\desktop\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{3B08C870-5B3C-4484-BBC8-AA6CD5954B33}C:\users\xxx\desktop\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\users\xxx\desktop\hearthstone\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe FirewallRules: [{A3834825-311E-4B53-83AF-1CCCCFEEF905}] => (Allow) C:\Users\xxx\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe FirewallRules: [{A2DE4B18-409E-4CC3-83CF-6926D41A5B7A}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe FirewallRules: [{8B339ABF-BFFA-489B-ABBD-F971B3D73C49}] => (Allow) C:\Users\xxx\AppData\Roaming\IQIYI Video\GeePlayer\GpUpdate.exe FirewallRules: [{3385E32F-6F33-4094-9D81-9BA74474FF8A}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer\GeePlayer.exe FirewallRules: [TCP Query User{15260136-30F1-4168-893D-DC06DC8BC7AE}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{D5E1E31B-2DA6-4842-A8EE-BE53C975D1E8}D:\hearthstone\hearthstone.exe] => (Block) D:\hearthstone\hearthstone.exe FirewallRules: [{E966ECC5-5E95-46C9-B327-9F70C8D8DA4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2DF8E5E6-D952-45B6-9AAA-A30882663997}] => (Allow) C:\Users\xxx\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{422677F6-9221-4ABC-88AE-BAA600F70D74}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F8416ACB-DB64-4675-8F59-B73879150611}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{EF8FD0C8-3B64-4A06-AFF7-7AD190D02F8F}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{51105403-921E-4789-889C-8F6F1C0E4B06}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9FB3CB55-BAC5-4F77-8AB7-6D9509F27AB9}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5A089265-1E47-442B-8328-A8D7D48FF5A0}] => (Allow) C:\Users\xxx\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5BE55E1F-936F-40D2-8CE3-7299869CEE3D}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe ==================== Faulty Device Manager Devices ============= Name: wafd_vt_1_10_0_20 Description: wafd_vt_1_10_0_20 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wafd_vt_1_10_0_20 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: wsafd_1_10_0_19 Description: wsafd_1_10_0_19 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsafd_1_10_0_19 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: wsfd_1_10_0_19 Description: wsfd_1_10_0_19 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsfd_1_10_0_19 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2015 12:42:11 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 12:28:22 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 12:19:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPNotify.exe, version: 4.0.1.2685, time stamp: 0x55acb4ab Faulting module name: BrowserAction.dll, version: 5.0.2.2658, time stamp: 0x55a4b039 Exception code: 0xc0000005 Fault offset: 0x001043e0 Faulting process id: 0x6a4 Faulting application start time: 0xHPNotify.exe0 Faulting application path: HPNotify.exe1 Faulting module path: HPNotify.exe2 Report Id: HPNotify.exe3 Error: (07/28/2015 12:18:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2015 12:18:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 11:42:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 11:17:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 10:42:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 10:17:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. Error: (07/28/2015 09:42:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. System errors: ============= Error: (07/28/2015 02:12:26 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:12:21 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:12:16 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:12:11 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:12:07 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:12:01 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:11:56 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:11:51 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:11:46 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Error: (07/28/2015 02:11:41 PM) (Source: Disk) (EventID: 7) (User: ) Description: The device, \Device\Harddisk0\DR0, has a bad block. Microsoft Office: ========================= Error: (07/28/2015 12:42:11 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 12:28:22 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 12:19:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: HPNotify.exe4.0.1.268555acb4abBrowserAction.dll5.0.2.265855a4b039c0000005001043e06a401d0c91eb5083440C:\Program Files (x86)\MiuiTab\HPNotify.exeC:\Program Files (x86)\MiuiTab\BrowserAction.dll1f7cacc0-3512-11e5-a105-00d0b760674f Error: (07/28/2015 12:18:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/28/2015 12:18:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 11:42:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 11:17:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 10:42:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 10:17:01 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/28/2015 09:42:00 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Google Update Helper -- Error 1316. The specified account already exists. (NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ Percentage of memory in use: 68% Total physical RAM: 2558.55 MB Available physical RAM: 810.21 MB Total Virtual: 5117.11 MB Available Virtual: 2493.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:34.08 GB) (Free:5.2 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:40.35 GB) (Free:28.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 4986208D) Partition 1: (Active) - (Size=34.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=40.3 GB) - (Type=07 NTFS) ==================== End of log ============================