Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by ABBY (administrator) on L512-PC (02-04-2016 03:09:17)
Running from C:\Users\ABBY\Desktop
Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://goat.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 03:09 - 2016-04-02 03:09 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
2016-04-02 03:08 - 2016-04-02 03:08 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
2016-04-01 23:13 - 2016-04-02 03:03 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-04-01 19:19 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
2016-03-31 15:37 - 2016-04-01 19:16 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
2016-03-31 15:35 - 2016-03-31 15:35 - 01078591 _____ C:\Users\ABBY\Downloads\Unlocker1.9.2.exe
2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-03-31 15:29 - 2016-03-31 15:29 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 03:09 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
2016-04-02 03:09 - 2015-08-06 18:44 - 05945091 _____ C:\Windows\system32\Drivers\whitelist2.sa
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-02 02:59 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 02:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-02 02:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-01 16:12 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-01 20:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by ABBY (2016-04-02 03:09:51)
Running from C:\Users\ABBY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
==================== Restore Points =========================
24-07-2015 11:01:11 Windows Update
27-07-2015 10:57:40 Windows Update
30-07-2015 17:54:52 Windows Update
04-08-2015 11:04:09 Windows Update
06-08-2015 18:25:40 Removed Lenovo System Update.
03-02-2016 02:55:40 Scheduled Checkpoint
01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/02/2016 03:02:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x998
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/02/2016 03:02:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/01/2016 11:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa60
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:22:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/01/2016 11:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa30
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:14:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (04/01/2016 11:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x55c
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:13:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (04/01/2016 08:07:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:05:26 PM on 4/1/2016 was unexpected.
Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3892.45 MB
Available physical RAM: 2466.21 MB
Total Virtual: 7783.11 MB
Available Virtual: 6197.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:260.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by ABBY (administrator) on L512-PC (02-04-2016 03:09:17)
Running from C:\Users\ABBY\Desktop
Loaded Profiles: ABBY (Available Profiles: L512 & ABBY)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\saappsvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\Everything\EverythingServer.exe
(SecureAge Technology) C:\Program Files\SecureAge\AntiVirus\sascansvc.exe
(SecureAge Technology) C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\sanotifier.exe
(SecureAge Technology) C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SAAppWhitelistingNotifier] => C:\Program Files\SecureAge\Whitelist\sanotifier.exe [9676328 2016-03-13] (SecureAge Technology)
HKLM\...\Run: [SecureAPlus] => C:\Program Files\SecureAge\Whitelist\SecureAPlus.exe [23777320 2016-03-13] (SecureAge Technology)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-29] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A7E86C48-776E-4852-82AE-BA5B5CA1E431}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B0F88040-E3F2-4DAE-AD4D-E4BA533A55CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D2109156-E5A7-454B-A7F8-FBBD36DDD4CB}: [DhcpNameServer] 10.16.0.1
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-25] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://goat.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Greasemonkey - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-03-31]
FF Extension: Self-Destructing Cookies - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2016-03-31]
FF Extension: uBlock Origin - C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Profiles\nqylv5nx.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-31]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-12-01] (The OpenVPN Project)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 saappsvc; C:\Program Files\SecureAge\Whitelist\saappsvc.exe [925736 2016-03-13] (SecureAge Technology)
R2 SAEverythingServer; C:\Program Files\SecureAge\Everything\EverythingServer.exe [211496 2016-03-13] (SecureAge Technology)
R2 sascansvc; C:\Program Files\SecureAge\AntiVirus\sascansvc.exe [1046568 2016-03-13] (SecureAge Technology)
R2 SAUAVSvc; C:\Program Files\SecureAge\UniversalAV\UniversalAVService.exe [1181224 2016-03-13] (SecureAge Technology)
R2 SecureAPlusService; C:\Program Files\SecureAge\Whitelist\SecureAPlusService.exe [1009192 2016-03-13] (SecureAge Technology)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 SAAppCtl; C:\Windows\System32\DRIVERS\saappctl.sys [266800 2016-03-07] (SecureAge Technology)
R0 sascan; C:\Windows\System32\DRIVERS\sascan.sys [87912 2015-12-10] (SecureAge Technology)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 03:09 - 2016-04-02 03:09 - 00007946 _____ C:\Users\ABBY\Desktop\FRST.txt
2016-04-02 03:08 - 2016-04-02 03:08 - 02374144 _____ (Farbar) C:\Users\ABBY\Desktop\FRST64.exe
2016-04-01 23:13 - 2016-04-02 03:03 - 00000000 ____D C:\Users\ABBY\AppData\Local\CrashDumps
2016-04-01 19:20 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time
2016-04-01 19:19 - 2016-04-01 19:20 - 00000000 ____D C:\Users\ABBY\AppData\Local\Popcorn-Time
2016-04-01 19:17 - 2016-04-01 19:19 - 34052006 _____ (Popcorn Time) C:\Users\ABBY\Downloads\Popcorn-Time-0.3.9-Setup.exe
2016-04-01 19:11 - 2016-04-02 03:01 - 00000000 ____D C:\ProgramData\Betternet
2016-04-01 19:11 - 2016-04-01 19:11 - 00000000 ____D C:\Users\ABBY\AppData\Local\Betternet_Technologies_In
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Users\ABBY\AppData\Local\Downloaded Installations
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files\TAP-Windows
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-04-01 19:10 - 2016-04-01 19:10 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-04-01 19:09 - 2016-04-01 19:10 - 08973864 _____ (Betternet Technologies Inc.) C:\Users\ABBY\Downloads\BetternetForWindows.exe
2016-04-01 18:33 - 2016-04-01 18:34 - 00000126 _____ C:\Users\ABBY\Documents\New Internet Shortcut.url
2016-04-01 17:38 - 2016-04-01 17:38 - 00064024 _____ C:\Users\ABBY\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-31 15:59 - 2016-03-31 15:59 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\9-lab
2016-03-31 15:37 - 2016-04-01 19:16 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Everything
2016-03-31 15:35 - 2016-03-31 16:00 - 00000000 ____D C:\Program Files\Unlocker
2016-03-31 15:35 - 2016-03-31 15:35 - 01078591 _____ C:\Users\ABBY\Downloads\Unlocker1.9.2.exe
2016-03-31 15:35 - 2016-03-31 15:35 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2016-03-31 15:29 - 2016-03-31 15:29 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 14:21 - 2016-03-31 14:28 - 00000000 ____D C:\Users\ABBY\AppData\Local\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00001413 _____ C:\Users\ABBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Mozilla
2016-03-31 14:21 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Adobe
2016-03-31 14:20 - 2016-03-31 14:21 - 00000000 ____D C:\Users\ABBY
2016-03-31 14:20 - 2016-03-31 14:20 - 00000020 ___SH C:\Users\ABBY\ntuser.ini
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\My Documents
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Videos
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Pictures
2016-03-31 14:20 - 2016-03-31 14:20 - 00000000 _SHDL C:\Users\ABBY\Documents\My Music
2016-03-31 14:20 - 2009-07-14 03:45 - 00000000 ____D C:\Users\ABBY\AppData\Roaming\Media Center Programs
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2016-03-31 14:12 - 2016-03-31 14:12 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2016-03-31 14:11 - 2016-03-31 14:11 - 01371668 _____ (Igor Pavlov) C:\Users\L512\Downloads\7z1514-x64.exe
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\7-Zip
2016-03-31 14:10 - 2016-03-31 14:10 - 02906475 _____ C:\Users\L512\Downloads\Iso-burner.zip
2016-03-31 14:08 - 2016-03-31 14:34 - 00000000 ____D C:\Users\L512\AppData\Roaming\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00559063 _____ () C:\Users\L512\Downloads\Everything-1.3.4.686.x64-Setup.exe
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Users\L512\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-03-31 14:08 - 2016-03-31 14:08 - 00000000 ____D C:\Program Files\Everything
2016-03-31 13:56 - 2016-03-31 14:05 - 150132064 _____ C:\Users\L512\Downloads\likenewpc.iso
2016-03-31 13:54 - 2016-03-31 14:09 - 00000000 ____D C:\PcPinPoint
2016-03-31 13:54 - 2016-03-31 13:54 - 03892312 _____ (PCPinpoint Technologies, Inc.) C:\Users\L512\Downloads\LikeNEWPCSetup(1).exe
2016-03-07 00:33 - 2016-03-07 00:33 - 00266800 _____ (SecureAge Technology) C:\Windows\system32\Drivers\saappctl.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-02 03:09 - 2015-08-06 19:27 - 00000000 ____D C:\FRST
2016-04-02 03:09 - 2015-08-06 18:44 - 05945091 _____ C:\Windows\system32\Drivers\whitelist2.sa
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-02 03:02 - 2009-07-14 00:45 - 00020912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-02 02:59 - 2009-07-14 01:13 - 00781538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 02:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-02 02:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 20:06 - 2015-06-29 15:34 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-01 16:12 - 2016-02-26 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-31 14:21 - 2009-07-14 00:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SecureAge
2016-03-15 20:09 - 2015-08-06 18:44 - 00000000 ____D C:\Program Files\SecureAge
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-01 20:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by ABBY (2016-04-02 03:09:51)
Running from C:\Users\ABBY\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-06-29 19:24:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
ABBY (S-1-5-21-683020248-1173552633-2081973050-1003 - Administrator - Enabled) => C:\Users\ABBY
Administrator (S-1-5-21-683020248-1173552633-2081973050-500 - Administrator - Disabled)
Guest (S-1-5-21-683020248-1173552633-2081973050-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-683020248-1173552633-2081973050-1002 - Limited - Enabled)
L512 (S-1-5-21-683020248-1173552633-2081973050-1000 - Administrator - Enabled) => C:\Users\L512
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: SecureAPlus (Enabled - Up to date) {209BCB1E-B70B-1109-E820-577DD6FDBAA0}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C70EB35}) (Version: 3.6.0.0 - Betternet Technologies Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Crystal Security (HKLM-x32\...\Crystal Security 3.5.0.139) (Version: 3.5.0.139 - Kardo Kristal)
Crystal Security (x32 Version: 3.5.0.139 - Kardo Kristal) Hidden
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
Integrated Camera Driver Installer Package Ver.1.0.1.9 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.9 - RICOH)
Integrated Camera TWAIN Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 1.6.0.4 - Suyin Optronics Corp.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.35.3 - JMicron Technology Corp.)
Lenovo Docking Detection (HKLM-x32\...\InstallShield_{9603725A-D8F9-4C77-A419-6314C7AE698C}) (Version: 1.0.0.1 - Lenovo)
Lenovo Docking Detection (x32 Version: 1.0.0.1 - Lenovo) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001 (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
Popcorn-Time (HKU\S-1-5-21-683020248-1173552633-2081973050-1003\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.36.0.0 - Goversoft LLC)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
SecureAPlus v4.2.0 (HKLM\...\SecureAPlus) (Version: 4.2.0 - SecureAge Technology)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {105B501F-6A44-4F21-8A1B-4B63DC4E0DF7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {10905D55-D563-4536-8CEA-24C52FA1C9BE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {23531724-F3A9-4789-8EBF-812CD3D20A16} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {323979C9-6E88-49DD-9246-69A9024B318B} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {42AD88B6-BAB8-4DDD-BB41-B048EA348903} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {804B55C0-02AF-4677-B67B-E3CBEFF7F596} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AB89AD20-5AFB-46F1-825D-5F13049A82FF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AEC886A3-C6F5-478C-9A9D-A811DE829755} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B3E73506-6A06-424E-A050-52DB9A91E9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BB22A832-F7D3-4E98-8F96-63F298E0087C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBB45B98-09D4-41A5-B1D7-FFD5F344366B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BE62C135-F6F5-4678-8AFC-580936286DEE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB23D5E1-56D4-4723-9CD2-704C95C37E7D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-08-07 16:13 - 2015-08-07 16:13 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll
2014-08-14 03:42 - 2014-08-14 03:42 - 00068096 _____ () C:\Windows\system32\Everything64.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\saappsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sascansvc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-683020248-1173552633-2081973050-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\ABBY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AcPrfMgrSvc => 2
MSCONFIG\Services: AcSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: IBMPMSVC => 2
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.MICMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TPHKLOAD => 2
MSCONFIG\Services: TPHKSVC => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: AcWin7Hlpr => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Crystal Security => C:\Program Files (x86)\Crystal Security\Crystal Security.exe
MSCONFIG\startupreg: DockingDetection => C:\PROGRA~2\Lenovo\LENOVO~1\DOCKIN~1.EXE
MSCONFIG\startupreg: Everything => "C:\Program Files\SecureAge\Everything\Everything.exe" -config "C:\Program Files\SecureAge\Everything\Everything.ini" --startup
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PSQLLauncher => "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TpShocks => TpShocks.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DF75B3B3-71D6-45E3-92FC-DE64CBDAF6F4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4928CC18-5668-428C-82C6-6E37E3A45ADF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C897DA89-8E2F-49CD-9A20-A943D14DD928}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EFCE93DF-9CD7-4C30-876A-A83BD6DBCB78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72B9DEB3-5E91-4872-A9B9-7DE1B76CFEEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E862396-36D7-46BF-B3A2-311CA95862A5}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F4FB4B5B-3E4F-4A7A-9C50-325C26936B4D}C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\abby\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{36CCA721-212D-40A0-8158-7F96EBBB0503}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
FirewallRules: [UDP Query User{955E8273-C2EC-42EB-90B9-4B2EA5593775}C:\users\abby\appdata\local\popcorn-time\nw.exe] => (Allow) C:\users\abby\appdata\local\popcorn-time\nw.exe
==================== Restore Points =========================
24-07-2015 11:01:11 Windows Update
27-07-2015 10:57:40 Windows Update
30-07-2015 17:54:52 Windows Update
04-08-2015 11:04:09 Windows Update
06-08-2015 18:25:40 Removed Lenovo System Update.
03-02-2016 02:55:40 Scheduled Checkpoint
01-04-2016 19:10:40 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/02/2016 03:02:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x998
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/02/2016 03:02:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/01/2016 11:22:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa60
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:22:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (04/01/2016 11:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0xa30
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:14:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Analytics.AnalyticService..ctor()
at Betternet.Windows.Interface.Common.Helpers.SendAnalutics(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Error: (04/01/2016 11:13:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Betternet.exe, version: 3.6.0.0, time stamp: 0x56439bec
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x55c
Faulting application start time: 0xBetternet.exe0
Faulting application path: Betternet.exe1
Faulting module path: Betternet.exe2
Report Id: Betternet.exe3
Error: (04/01/2016 11:13:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Betternet.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare)
at Betternet.Windows.Logic.Settings.SettingService.LoadSettings()
at Betternet.Windows.Logic.Configuration.ConfigurationManager.ParseConfiguration()
at Betternet.Windows.Interface.MainWindow.ParseConfig()
at Betternet.Windows.Interface.MainWindow.<DownloadConfig>b__33_0()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (03/31/2016 04:18:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (04/01/2016 08:07:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:05:26 PM on 4/1/2016 was unexpected.
Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 04:18:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/31/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 03:30:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (90000 milliseconds) while waiting for the Windows Search service to connect.
Error: (03/31/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 3892.45 MB
Available physical RAM: 2466.21 MB
Total Virtual: 7783.11 MB
Available Virtual: 6197.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:260.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E464E684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================