Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-06-2016 Ran by josep (2016-06-11 11:56:04) Running from C:\Users\josep\Downloads Windows 10 Pro Insider Preview Version 1607 (X64) (2016-06-08 23:47:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-133330048-1868551512-3514094457-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-133330048-1868551512-3514094457-503 - Limited - Disabled) Guest (S-1-5-21-133330048-1868551512-3514094457-501 - Limited - Disabled) josep (S-1-5-21-133330048-1868551512-3514094457-1001 - Administrator - Enabled) => C:\Users\josep ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.3.0 - IObit) Age of Empires II - HD Edition (HKLM-x32\...\Age of Empires II - HD Edition_is1) (Version: 4.4.0.0 - Ensemble Studiost) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) Contents (x32 Version: 1.0.0.93 - Corel Corporation) Hidden Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation) Dazzle Video Capture DVC100 X64 Driver 1.06 (x32 Version: 1.06.0000 - Pinnacle) Hidden Driver Booster 3.4 (HKLM-x32\...\Driver Booster_is1) (Version: 3.4 - IObit) DriversCloud.com (64 bits) (HKLM\...\{77EEC345-B758-45DF-94C2-25D91D520650}) (Version: 8.0.4.0 - Cybelsoft) eMule (HKLM-x32\...\eMule) (Version: - ) eMuleTorrent (HKLM-x32\...\eMuleTorrent) (Version: 1.0.0.17 - eMule.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard) HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM-x32\...\{EB72DB50-C935-4C26-8349-69828F198902}) (Version: 12.4.18.7 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) ICA (x32 Version: 1.0.0.93 - Corel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.1 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.119 - IObit) IPM_VS_Pro (x32 Version: 1.0 - Corel Corporation) Hidden Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) MediaGet (HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\MediaGet) (Version: 2 - Banner LLC) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{35D9277C-1EB7-4FBE-8B41-C520DE4F7A60}) (Version: 1.9.0 - OfficialHawk) Mises à jour NVIDIA 2.11.3.6 (Version: 2.11.3.6 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 2.11.3.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.6 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA Logiciel système PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Roxio Creator NXT Pro 3 (HKLM-x32\...\{7B4B9450-39C8-454A-AA2D-6548EE4D21EB}) (Version: 16.0.50.1 - Roxio) Roxio Virtual Drive x64 (Version: 1.00.0000 - Roxio, Inc.) Hidden Setup (x32 Version: 1.0.0.93 - Corel Corporation) Hidden Share (x32 Version: 1.0.0.93 - Corel Corporation) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.0.2 - IObit) Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit) The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts) The SIMS 4 v. 1.13.104.1010 (HKLM-x32\...\The SIMS 4_is1) (Version: - ) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Nom de votre société) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TomTom MyDrive Connect 4.1.0.2658 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.0.2658 - TomTom) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VSClassic (x32 Version: 1.0.0.93 - Corel Corporation) Hidden VSPro (x32 Version: 1.0.0.93 - Corel Corporation) Hidden Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.) WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-133330048-1868551512-3514094457-1001_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation) CustomCLSID: HKU\S-1-5-21-133330048-1868551512-3514094457-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\josep\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-133330048-1868551512-3514094457-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0382D1B8-8572-4E31-BBDB-F22BC570A1AB} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense Task: {0A6BC496-A128-4B4D-A061-C37629B0A29A} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange Task: {13208D36-1E97-4F64-916D-DD376760E45B} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task Task: {1BC68856-6B14-4E4F-8CED-AAE2FDFA1971} - System32\Tasks\Start Driver Reviver Schedule => C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe [2016-05-29] () Task: {2C8F93C0-1557-4429-A23F-896DD401A516} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-06-04] (Microsoft Corporation) Task: {3D082950-F9AB-4C38-93BA-6326492B3FCE} - System32\Tasks\PPTAssistantNotifyTask_josep => C:\Users\josep\AppData\Local\PPTAssist\notify.exe <==== ATTENTION Task: {3F52CC66-E1E2-4FC2-B0F0-EE427A77023E} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task Task: {4477CACA-D880-4A20-9338-65253E442227} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit) Task: {45D9C449-D409-4FD9-80AC-BB48D3366732} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask Task: {4A912D56-5C14-4D48-B91A-2D8706407A9D} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-04-18] (IObit) Task: {4D43C81A-10CC-4C05-BBD3-0E5EBA2BF56F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.) Task: {525919CB-1B41-40DA-B8D7-6E4128630A6E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange Task: {55D6BAA2-1ABF-4BA4-9652-BA97030F8A57} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand Task: {6132B423-11BB-4B0F-8ECB-253AA1EF82BC} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {61E3992A-79BE-4F6E-B142-F0545127F256} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-06-04] (Microsoft Corporation) Task: {63F74652-B8D7-4688-96E4-62D820BDF639} - System32\Tasks\Driver Booster SkipUAC (josep) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit) Task: {6D67DD2B-F508-46AF-94EF-4F666BEE2DAA} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-06-04] (Microsoft Corporation) Task: {6EF48916-E4B6-49C0-A472-7270E92F94A5} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-06-04] (Microsoft Corporation) Task: {711D2F5D-D499-4FA8-9E31-76ACA75F0007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.) Task: {740448C1-F9F8-47BD-AFC2-66D56F717403} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-06-04] (Microsoft Corporation) Task: {79F6D33F-136C-4C83-93F6-6B5F400DAFB6} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {7CF61590-E941-4870-B90D-D2CC88CFB527} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION Task: {974F79B7-1A25-43A2-B743-F350E06BA8B2} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance Task: {BC77405B-B46F-49D0-8BD0-2565123C7C5F} - System32\Tasks\Start Driver Reviver Update => C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe [2016-05-29] () Task: {C349D0F1-7A97-4872-8F9D-CCF218405F76} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask Task: {CAA3C2AC-6E27-47D5-B736-61F88BE3EB39} - System32\Tasks\Microsoft\Windows\ApplicationData\AppHostRegistrationVerifier => C:\Windows\system32\AppHostRegistrationVerifier.exe Task: {DE705366-7FE6-48A0-BE74-26BA0CEA4A7A} - System32\Tasks\Uninstaller_SkipUac_josep => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-01] (IObit) Task: {DF1D82F1-16F7-4CFF-80F8-0B00A590FDD3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession Task: {E682D224-A876-4280-B748-B355E996C2C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {E7B586C4-8832-45F4-A422-EB800CA34CA0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd) Task: {E948B5AD-AC17-4737-8CFA-BDA90AA3D3B0} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-04-29] (IObit) Task: {F0608FAD-BBBE-46E3-A33C-C76372EB287D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard) Task: {F38550C3-F53F-4AC1-8D28-94A14757AB45} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-05-06] (IObit) Task: {FA690D13-AF86-4BD1-AE57-B8864724E74D} - System32\Tasks\ASC9_SkipUac_josep => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-05-16] (IObit) Task: {FB7EF538-6DD2-4325-AE4E-549230A4941E} - System32\Tasks\PPTAssistantUpdateTask_josep => C:\Users\josep\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION Task: {FC8F78C1-55B5-4E71-824F-78C31549DC5D} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\ASC9_SkipUac_josep.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\PPTAssistantNotifyTask_josep.job => C:\Users\josep\AppData\Local\PPTAssist\notify.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\PPTAssistantUpdateTask_josep.job => C:\Users\josep\AppData\Local\PPTAssist\assistupdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_josep.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\josep\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2014-01-22 01:04 - 2014-01-22 01:04 - 00022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe 2016-05-18 16:33 - 2016-05-02 20:31 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-05-18 16:33 - 2016-05-02 20:31 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-18 16:33 - 2016-05-02 20:31 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-18 16:33 - 2016-05-02 20:31 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-05-04 09:08 - 2016-05-02 20:31 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-04 09:08 - 2016-05-02 20:31 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-05-04 09:08 - 2016-05-02 20:31 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-05-04 09:08 - 2016-05-02 20:31 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-04 09:34 - 2016-06-04 09:34 - 00237568 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-06-04 09:34 - 2016-06-04 09:34 - 02660456 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-09 01:29 - 2016-06-03 05:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-04 09:34 - 2016-06-04 09:34 - 02660456 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-06-04 09:34 - 2016-06-04 09:34 - 02660456 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-06-09 02:09 - 2016-06-09 02:09 - 00959168 _____ () C:\Users\josep\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2016-06-04 09:34 - 2016-06-04 09:34 - 00136192 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-06-04 09:36 - 2016-06-04 09:36 - 00453632 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 09672192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 01314304 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 02252288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 04846080 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-04 09:35 - 2016-06-04 11:49 - 00999936 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-05-18 16:33 - 2016-05-02 20:31 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-18 16:33 - 2016-05-02 20:31 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-01-06 18:41 - 2016-05-24 17:44 - 00022336 _____ () C:\Program Files\CCleaner\branding.dll 2016-05-13 18:44 - 2016-05-13 18:44 - 00069632 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2014-01-22 01:04 - 2014-01-22 01:04 - 03322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll 2014-01-22 01:04 - 2014-01-22 01:04 - 00108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll 2014-01-22 01:04 - 2014-01-22 01:04 - 00524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll 2016-06-06 09:54 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2016-05-24 17:36 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2016-05-24 17:36 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2016-05-24 17:36 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2016-06-06 10:50 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2016-06-06 10:50 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-06-06 10:50 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2016-05-04 09:08 - 2016-05-02 20:31 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\amazon.fr -> hxxps://amazon.fr IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\100sexlinks.com -> 100sexlinks.com There are 4788 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 09:24 - 2016-06-06 06:13 - 00001224 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 idb.iobit.com 127.0.0.1 asc55.iobit.com 127.0.0.1 is360.iobit.com 127.0.0.1 asc.iobit.com 127.0.0.1 pf.iobit.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-133330048-1868551512-3514094457-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\josep\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: QQPCTray => MSCONFIG\startupreg: fastweb => MSCONFIG\startupreg: ISUSPM => MSCONFIG\startupreg: OneDrive => MSCONFIG\startupreg: PCFIXTRAYPURLX => HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "ISUSPM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "RoxWatchTray" HKLM\...\StartupApproved\Run32: => " QQPCTray" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "Advanced SystemCare 9" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "TomTomHOME.exe" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "MyDriveConnect.exe" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "Dashlane" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "MediaGet2" HKU\S-1-5-21-133330048-1868551512-3514094457-1001\...\StartupApproved\Run: => "WinStart" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe FirewallRules: [UDP Query User{7D2D06DF-12EF-4FAA-8965-694750D48F7E}C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe FirewallRules: [TCP Query User{F3E95CB9-041E-48AF-B632-AE2B476E9A78}C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe FirewallRules: [{008E5C02-2204-4600-852B-89C8A422A45A}] => (Allow) C:\Users\josep\AppData\Local\MediaGet2\mediaget.exe FirewallRules: [{B42E0975-049E-4D15-88F6-A43F5EDF94B1}] => (Allow) C:\Users\josep\AppData\Local\MediaGet2\mediaget.exe FirewallRules: [{91CAA591-AFAD-440E-B87C-C5C98D27EE98}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{38B7F2CF-A1C4-41D0-A451-9C0EF4F06BB8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{2398793D-D7F0-416C-8AC4-3F3B7C2C7F37}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{3468DDA2-FA46-4784-B6C5-1C5B1FE4A6EB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{42E8EF58-769F-4077-B19A-71E3C46035BB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{A40FB027-76D0-4E6D-B737-C07BFA8646DA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [UDP Query User{8DB64AFB-E78E-472E-ACAD-678D8A5936EC}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe FirewallRules: [TCP Query User{8AF33260-6A02-4F8E-92F4-D46F852C41D2}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe FirewallRules: [UDP Query User{71EA1318-6AAE-4E79-9AC9-AE02B56E942C}C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe FirewallRules: [TCP Query User{63B6767F-569F-4559-BB86-65541EAB9648}C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_92\bin\javaw.exe FirewallRules: [UDP Query User{963069F7-E002-46AB-9449-5E92B66AC3A5}C:\program files\emuletorrent\emuletorrent.exe] => (Allow) C:\program files\emuletorrent\emuletorrent.exe FirewallRules: [TCP Query User{B5C62EA1-41CC-4560-972E-A9910CC21DB8}C:\program files\emuletorrent\emuletorrent.exe] => (Allow) C:\program files\emuletorrent\emuletorrent.exe FirewallRules: [{2A4F4252-B805-46E1-B8E2-BD843750DF4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{FE2A612D-4940-4F45-A422-2BF766B2632C}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe FirewallRules: [{01A3E96E-1EE6-4A4F-9B74-DA8A398F6CBE}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{E60F7AE9-65DE-42C4-8126-2B508972C88B}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{04319306-8472-4CFD-879A-6DF37F3D38D3}C:\users\josep\appdata\local\mediaget2\mediaget.exe] => (Allow) C:\users\josep\appdata\local\mediaget2\mediaget.exe FirewallRules: [UDP Query User{A754520F-B8A8-4A0B-A53C-2C56A5AF7766}C:\users\josep\appdata\local\mediaget2\mediaget.exe] => (Allow) C:\users\josep\appdata\local\mediaget2\mediaget.exe ==================== Restore Points ========================= 10-06-2016 00:36:10 Installed HP Support Solutions Framework ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/10/2016 12:36:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:24 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Event provider attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. Error: (06/09/2016 01:44:11 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: 0x8007085A Error: (06/09/2016 01:40:40 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: 0x8007085A Error: (06/09/2016 01:40:40 AM) (Source: MSDTC 2) (EventID: 4104) (User: ) Description: 0x8007085A System errors: ============= Error: (06/11/2016 11:47:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: %%268435456 Error: (06/11/2016 11:42:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (06/11/2016 12:20:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The CDPUserSvc_34512 service terminated with the following error: %%268435456 Error: (06/11/2016 12:19:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/10/2016 12:29:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: %%268435456 Error: (06/10/2016 12:29:14 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-2UHC3SN) Description: C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}367{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (06/10/2016 12:23:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: %%268435456 Error: (06/10/2016 12:18:03 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-2UHC3SN) Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-2UHC3SNjosepS-1-5-21-133330048-1868551512-3514094457-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14361.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 Error: (06/09/2016 11:37:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/09/2016 08:12:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: %%268435456 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz Percentage of memory in use: 36% Total physical RAM: 6023.13 MB Available physical RAM: 3817.73 MB Total Virtual: 7687.13 MB Available Virtual: 5536.28 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:229.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 13184B42) Partition: GPT. ==================== End of Addition.txt ============================