Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Ran by *REMOVED* (2016-05-28 11:59:47)
Running from C:\Users\*REMOVED*\Downloads
Windows 8.1 (Update) (X64) (2014-01-27 14:44:43)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3070648933-37168318-1551944604-500 - Administrator - Disabled)
Guest (S-1-5-21-3070648933-37168318-1551944604-501 - Limited - Disabled)
(S-1-5-21-3070648933-37168318-1551944604-1001 - Administrator - Enabled) => C:\Users\*REMOVED*
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abrMate version 1.0 (HKLM-x32\...\abrMate_is1) (Version: 1.0 - )
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{EA5D1265-C23C-4410-B722-19314A654B13}) (Version: 0.9.14 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG2200 series User Registration (HKLM-x32\...\Canon MG2200 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CVE-2014-6352 (HKLM\...\{19b2ec23-d405-490d-be4b-385387efd0a1}.sdb) (Version: - )
CVE-2014-6352 (HKLM\...\{3a9498f9-243d-424b-893a-8da0b0cfad53}.sdb) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\HPConnectedMusic) (Version: 1.1 (build 25) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla)
PhotoFiltre Studio X (HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\PhotoFiltre Studio X) (Version: - )
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3070648933-37168318-1551944604-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {11D607B5-0F37-41FA-8AE2-7428C1FE3E64} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {2CCBC529-D27E-47C3-A78F-B571F08CCE5F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {30EB2689-C810-41F5-95EB-1F90A1060504} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3314898E-E194-46AB-8AF9-5775A5730E25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {38C06372-14D6-4305-8E0E-64A951E55A3F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {3C0B93A1-CEFD-480C-A478-6BF6898D0F56} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {574ECD8A-F946-4838-9077-209A8FA44C66} - System32\Tasks\{5EE18860-BC36-4256-9A8F-1543A4CF8B47} => Firefox.exe hxxp://ui.skype.com/ui/0/7.23.0.105.272/en/abandoninstall?page=tsMain
Task: {60EDD6E0-4EBE-4FC2-89F8-C075C48C76C3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {71DA174B-0DD8-4A3A-9539-780ACF868A26} - System32\Tasks\{DAE10C84-60AC-44CA-9F1A-700F18970152} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {723E088D-9851-448B-B402-0BB46EFDE7F8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {79A77081-3895-49C8-8549-67624A3B7620} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8C5D4B59-0EC7-4EEF-8FEE-C8B24D0407CE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A5DB74A8-8811-4CC4-BE3B-ED9DA8777F0E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {B0511CEF-CF79-4572-8565-9892067462E5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {CD29D8B0-E99A-4E75-B7F1-36509CB64610} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {D9D559D7-1BAE-4F7D-9744-50AA1E32607F} - System32\Tasks\{95DC82BC-2C62-45C9-A28C-24D73E7F81E1} => pcalua.exe -a E:\Manual\setup.exe -d E:\Manual
Task: {F8D15E25-86DD-48AC-9D1C-C5975AD52C80} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {FD23B176-63B6-4D4F-AA6D-5D8E2A6D7BCA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {FD82202C-4568-49B5-B545-C26C26AE29FF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2009-01-12 21:01 - 2013-02-23 14:00 - 00061440 _____ () C:\Users\*REMOVED*\Downloads\quietHDD.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-23 11:19 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\champneys.com -> hxxps://www.champneys.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\123simsen.com -> www.123simsen.com
There are 7865 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3070648933-37168318-1551944604-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*REMOVED*\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\icecastles2.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3070648933-37168318-1551944604-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{ABD7C6F2-16F3-4DB2-BDA1-7256ED74ABB8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [UDP Query User{3A679FEB-A09E-4A45-B707-A6814D670F06}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B5B367C5-EE35-4516-8D1E-68F2FA445BC8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2AD6EB65-6C56-4A25-AC96-F559713DECC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3AD8A98-9794-478D-954E-FF319ACF895E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A941438-D1A5-413C-A8F0-519AEFD6C808}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{708FE343-C7C3-4BA5-BE65-85617E71DFD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{80B09733-EC9D-4776-A8F7-9E34C04D4CC7}C:\users\ice\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe] => (Block) C:\users\ice\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe
FirewallRules: [TCP Query User{B8BB4BD2-C5A8-4A4A-AEA0-70065598BAE9}C:\users\ice\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe] => (Block) C:\users\ice\appdata\local\hpconnectedmusic\application\hpconnectedmusic.exe
FirewallRules: [UDP Query User{31E6BA9A-155E-4AFC-B30F-87E8D8C1195B}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{79EC02FA-2E1D-4CF3-B910-739339A0FA0E}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{AF774C81-4B6A-41DB-9D95-E016B0467A6B}] => (Allow) C:\Users\*REMOVED*\AppData\Local\Temp\7zS1F8A.tmp\SymNRT.exe
FirewallRules: [{F1C66D4E-F51E-430D-A51A-B827DC3D8090}] => (Allow) C:\Users\*REMOVED*\AppData\Local\Temp\7zS1F8A.tmp\SymNRT.exe
FirewallRules: [{9D5F1332-57E4-432A-976D-B6FC14534885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB47A307-8E41-426D-BF1F-B1D7CB888524}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5CD0FE23-0960-4EAF-A61C-D8605E02C60E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB868BF5-1E7B-487E-8882-75082D44F6A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAE055C1-B03C-4216-88E9-6240ECD1D21B}] => (Allow) LPort=1900
FirewallRules: [{C605A3AB-C47B-4CAF-8D91-7900AC4514C6}] => (Allow) LPort=2869
FirewallRules: [{1F58C23B-A11E-4EB9-B9A7-D0977A2DDBA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{56FAA195-CC23-4095-ACDD-8E17D5FBAC53}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{BCC02F3D-379A-493C-B1FE-95EFB2BCA20D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{F94400EB-26E6-445D-8533-D0A6289214D4}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{98CA54C2-31F7-45D0-8189-896BEB707EDB}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Block) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [{3BED4C93-BDAA-4A33-94FA-70D458BF0FC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18997E28-90F5-4EAE-B079-4E92B894E0F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0B60FE6F-D5B2-45D3-B32A-6902E96E49B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87925834-31BE-43EB-B922-FF660CAFAEF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{930C69AD-9E48-47F4-BEEB-076E6E4D29B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
26-04-2016 20:09:24 Removed Java 8 Update 77
11-05-2016 03:15:17 Windows Update
14-05-2016 12:24:30 Windows Update
18-05-2016 03:50:29 Today - 18-05-16
22-05-2016 10:33:37 Restore Operation
25-05-2016 01:06:57 Today 25-05-16
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2016 12:47:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 50.0.2661.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 958
Start Time: 01d1b67af8abbc60
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 841c39c3-226e-11e6-8571-28924a543719
Faulting package full name:
Faulting package-relative application ID:
Error: (05/22/2016 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1308) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU03AC4.log.
Error: (05/22/2016 10:33:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary 46103047.
System Error:
The system cannot find the file specified.
.
Error: (05/22/2016 10:26:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 6106482.exe, version: 11.0.0.1245, time stamp: 0x4d936e61
Faulting module name: procmon.ppl, version: 11.0.0.1245, time stamp: 0x4d937052
Exception code: 0xc0000005
Fault offset: 0x0004163f
Faulting process ID: 0xe04
Faulting application start time: 0x6106482.exe0
Faulting application path: 6106482.exe1
Faulting module path: 6106482.exe2
Report ID: 6106482.exe3
Faulting package full name: 6106482.exe4
Faulting package-relative application ID: 6106482.exe5
Error: (05/18/2016 01:41:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program pfstudiox.exe version 10.7.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: dac
Start Time: 01d1b0f69d2e58d8
Termination Time: 15
Application Path: C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe
Report Id: dfefc109-1cf5-11e6-856c-28924a543719
Faulting package full name:
Faulting package-relative application ID:
Error: (05/05/2016 10:24:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.21.85.100, time stamp: 0x56d60a29
Faulting module name: Skype.exe, version: 7.21.85.100, time stamp: 0x56d60a29
Exception code: 0xc0000409
Fault offset: 0x00fadd47
Faulting process ID: 0xfa4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report ID: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
Error: (05/05/2016 10:23:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.21.85.100, time stamp: 0x56d60a29
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0fafafa
Fault offset: 0x00000000
Faulting process ID: 0xfa4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report ID: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
Error: (05/04/2016 12:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.3.9600.16473, time stamp: 0x528d9db8
Exception code: 0xc0000005
Fault offset: 0x0022b268
Faulting process ID: 0x850
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report ID: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
Error: (05/03/2016 01:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.3.9600.16473, time stamp: 0x528d9db8
Exception code: 0xc0000005
Fault offset: 0x0022b268
Faulting process ID: 0x2fc
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report ID: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
Error: (04/19/2016 06:51:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.3.9600.16473, time stamp: 0x528d9db8
Exception code: 0xc0000005
Fault offset: 0x0022b268
Faulting process ID: 0xc84
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report ID: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
System errors:
=============
Error: (05/28/2016 11:42:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
%%1068
Error: (05/28/2016 11:42:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery Service service which failed to start because of the following error:
%%1058
Error: (05/28/2016 11:42:04 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (05/27/2016 12:18:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
%%1068
Error: (05/27/2016 12:18:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery Service service which failed to start because of the following error:
%%1058
Error: (05/27/2016 12:18:00 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (05/26/2016 10:38:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
%%1068
Error: (05/26/2016 10:38:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the WinHTTP Web Proxy Auto-Discovery Service service which failed to start because of the following error:
%%1058
Error: (05/26/2016 10:38:00 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (05/25/2016 11:01:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-04-08 00:17:45.221
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-08 00:17:45.084
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-08 00:17:44.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-08 00:17:44.348
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-08 00:17:44.172
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 23:08:11.905
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 23:08:11.767
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 23:08:11.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 23:08:11.194
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 23:08:11.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 6036.28 MB
Available physical RAM: 5059.05 MB
Total Virtual: 6996.28 MB
Available Virtual: 5910.34 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:910.29 GB) (Free:864.49 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.11 GB) (Free:2.45 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:3.74 GB) (Free:0.97 GB) FAT32
Drive g: () (Removable) (Total:7.45 GB) (Free:3.12 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2D842E40)
Partition: GPT.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================