Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-08-2015 Ran by Roland (2015-08-24 06:41:05) Running from C:\Users\Roland\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1832894771-1512126686-778580116-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1832894771-1512126686-778580116-503 - Limited - Disabled) Guest (S-1-5-21-1832894771-1512126686-778580116-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1832894771-1512126686-778580116-1002 - Limited - Enabled) Leandro (S-1-5-21-1832894771-1512126686-778580116-1003 - Limited - Enabled) => C:\Users\Leandro.Roland-PC Roland (S-1-5-21-1832894771-1512126686-778580116-1001 - Administrator - Enabled) => C:\Users\Roland ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.506.5829 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.506.5829 - ABBYY) Hidden Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) ccc-core-static (x32 Version: 2010.0416.541.8279 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation) Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2527 - CyberLink Corp.) Deer Drive 1.51T (HKLM-x32\...\Deer Drive) (Version: 1.51T - SCS Software) DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden DriversCloud.com (64 bits) (HKLM\...\{6DD6A506-6E23-4AEA-AE00-B32894D81CEE}) (Version: 8.0.1.0 - Cybelsoft) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden Epson Easy Photo Print 2 (HKLM-x32\...\{1FE8D36C-4441-4115-BCA3-9339ED003C36}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION) EPSON NX130 TX130 Series Printer Uninstall (HKLM\...\EPSON NX130 TX130 Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON TX100 Series Printer Uninstall (HKLM\...\EPSON TX100 Series) (Version: - SEIKO EPSON Corporation) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard) HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{1AB4DB8C-4123-45DC-B896-C67990F76DA4}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard) HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard) HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3822 - Hewlett-Packard) HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard) HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3903 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2261 - HP Photo Creations Powered by RocketLife) HP Power Plan Utility (HKLM-x32\...\{F6B6A150-08FA-46D5-808A-EB638269551D}) (Version: 1.0.6 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{8A9FC225-75F6-4B5D-911C-0ED230565643}) (Version: 11.15.0009 - HP) HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard) HP QuickWeb Installer (HKLM-x32\...\{394FA67A-FF0A-4356-BB77-D85E5A300BDE}) (Version: 1.2.12.0 - DeviceVM Inc.) HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard) HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.233 - DigitalPersona, Inc.) HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company) HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HP User Guides 0188 (HKLM-x32\...\{7D2B5801-18A1-428D-A601-EE0D30CCF060}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM\...\{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}) (Version: 4.0.4.2 - Hewlett-Packard) Hulu Desktop (HKU\S-1-5-21-1832894771-1512126686-778580116-1001\...\HuluDesktop) (Version: 0.9.11 - Hulu LLC) ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT) Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel) Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation) IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle) Java(TM) 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2515 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.) MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola) MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola) Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla) Mozilla Thunderbird 17.0.7 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 17.0.7 (x86 en-GB)) (Version: 17.0.7 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Music Player (HKLM-x32\...\{4FCB1267-7380-4EBA-9A6C-69809C6E8227}) (Version: 2.5.11021 - Nokia Music Player) Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 2.0.1.5 - Nokia) Nokia PC Internet Access (x32 Version: 2.0.1.5 - Nokia) Hidden Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia) Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden Nokia_Multimedia_Common_Components_2_5 (HKLM-x32\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia) Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Penguins Arena (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden Polar Tubing (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.) Power2Go (x32 Version: 6.1.3715 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) Hidden PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek) Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shrek 2: Ogre Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated) TuneUp Companion 1.9.0 (HKLM-x32\...\TuneUpMedia) (Version: 1.9.0 - TuneUp Media, Inc.) Unity Web Player (HKU\S-1-5-21-1832894771-1512126686-778580116-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) User's Guide EPSON NX130 TX130 Series (HKLM-x32\...\EPSON NX130 TX130 Series Useg) (Version: - ) Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1832894771-1512126686-778580116-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Roland\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 24-08-2015 06:24:34 Restore Point Created by FRST 24-08-2015 06:32:15 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation) Task: {03850BA7-7694-47BF-BA8B-A080060FA9B4} - \{570E61B6-482D-6009-BB7A-0058957B6054} -> No File <==== ATTENTION Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation) Task: {1135F83D-788F-4EF7-81AB-BCD1EDB8E2BC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {11DC667C-89AB-4492-854C-CDE7744A6948} - System32\Tasks\GoogleUpdateTaskMachineUA1cf4fdb8994ac43 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {130552E3-9C3E-4FAF-908A-87D4764ADD3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1832894771-1512126686-778580116-1001Core => C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.) Task: {15347F4F-D3D1-46BB-BDE3-B01BD860AD4A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {1D304737-BDD9-48C8-9718-2251B24151D5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {1D5E2A50-4929-4187-9DEB-74558702C84E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {258543A3-D66A-4F80-AFF3-4019C0C3D834} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {26592B00-06C4-4BC6-8773-625DD50660F8} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {2D4992A1-0FD9-4993-A421-0FAD80CD9DBF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {30BF4AAF-6055-448E-87E6-308DA62E25ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company) Task: {35A7DB79-59E9-425A-97E6-16C37DE7912D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {3D1AE8B9-E750-410C-8ED3-426E4ECDA595} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation) Task: {441B8DBF-6F31-4438-A5CF-9C4DDB888AF7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {45221967-4D9A-4881-8030-E000D8929FA2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {4B8FEAE7-4E7A-476A-9966-9B9F8719695E} - System32\Tasks\{3EBC40F6-2070-4E59-A13D-46A122DD76DF} => pcalua.exe -a "C:\Users\Roland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9O1OFVLN\sp48509.exe" -d C:\Users\Roland\Desktop Task: {4FAC5B9E-C692-445B-9B0B-95A8242714BC} - System32\Tasks\{71AE8799-AFFE-45EA-B897-6EBF7562587D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {4FDB9E66-AF1A-4CC9-BA0B-8819423B16D7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-22] (Avast Software s.r.o.) Task: {5475C54B-81A0-4A84-B8C8-AFE74A0BC836} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] () Task: {5657110A-3CF1-49EE-9404-2FDD1020CEFD} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-09] () Task: {5AED12CE-E8DC-4676-84DA-807338872F45} - System32\Tasks\{C50B1DFE-2B9A-4A2F-898E-7F7F23F1771B} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {5E633551-3D49-4A72-A4DB-DEDE1FA75551} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5F92DD11-E654-453C-9B18-AE535304A787} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-09] () Task: {6123BDBF-F81D-4D37-9F79-3AE275E19CAF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {63D4B0A9-BC76-4553-9928-BD0753DDE3C4} - System32\Tasks\{EC2FB20D-4D99-4615-901D-17E1CF9EE316} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {66EAD63B-487F-4874-AF2C-80F17E1EF6E1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {69FF6376-2583-4678-A2E7-D257FA2D70B9} - System32\Tasks\{059EBAE3-2065-4BDF-B9DA-FE33054B5695} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {6DB99A5B-C512-43E4-B084-E2A58219CE68} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {70BDD2BC-C279-45F9-8BA8-92D096C2D3B3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask Task: {73BD4E76-4D76-422F-B45F-8CAAE95C29DA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {76892062-50D0-4A13-9BF7-6B7AC62081A5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {768FB3FA-8405-45DC-9D82-4C4A9ADB3B24} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-09] () Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance Task: {797FB9AD-4C7A-4B7C-BD34-B78FC0FABB4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {7E2F7EE1-D3F0-4DC6-B6C9-E526F5C2D4D5} - System32\Tasks\{ED6C4968-AD92-4612-B4D4-FE731738D71C} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.) Task: {82F3EB05-C0B1-4A4F-B8B2-4E8BBE277444} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {8438D847-A302-40E7-B746-CB69AA199C44} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {8791E6B6-630B-4297-9463-9476453D81D5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-19] (Microsoft Corporation) Task: {9182B68C-6429-4A74-BC6C-0E23CBFBF2D8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {949FF4F6-3AE6-4DEF-B787-47F3E6FDE646} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {9D647DD4-C5CE-4631-AFCA-EBA08002722D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] () Task: {9FC02D41-767C-439B-926E-4B77905F26C2} - System32\Tasks\{5FF9F457-2E4F-466A-944B-65AF947F5394} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {A0776821-7AA6-43D2-A205-A7F70FD873B7} - System32\Tasks\{103B287E-D638-4BA0-8B7B-CD8FBE8FE28D} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsMain Task: {A0D31966-1E26-4682-B256-9B393DD7E4CF} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {A26C85A9-E1C3-4AD3-8E75-15947E2D9BEF} - System32\Tasks\{E42B3AF6-5713-4749-9FC8-519C207ED33F} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {A55245F6-DBE2-4803-B8FA-583AC8D81C3B} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation) Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager Task: {ABAFEA9E-32C8-4CC4-80F9-FAA7F3A7E969} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {AE99CD96-FB1B-41F3-B72D-605D02DF3E6D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {B1CFA6D3-A3AC-4237-ACAB-3E0145337B77} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-09] () Task: {B617CC63-DEA6-4CB8-876A-702A4216B08E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {B7A0E519-863D-4C95-9A73-0BA31A9C424B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1832894771-1512126686-778580116-1001UA => C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.) Task: {C19BD862-277C-4BD8-AF7D-D27DDA39319C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28] (Adobe Systems Incorporated) Task: {C45FDF1F-0E5C-43D2-851C-3DA2D26BA073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-09] (Piriform Ltd) Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation) Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation) Task: {CD8BAD39-B8AD-4B60-8167-DD0652758B04} - System32\Tasks\{0BF9C333-140F-4FEC-B679-2A119CEB9B80} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar Task: {DA3C1B70-7928-4CF4-BF42-BDD6DBC19045} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe Task: {DCBAA2E9-582A-40DE-9B68-40B2B19A1D8D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {DFFB51F4-C3ED-44DE-A6ED-BF73F7818906} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E35B13EE-1EF2-4855-94B1-6FE512DD9E41} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {F587E66A-0183-45F4-84CC-CDB68A3F2D3E} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent Task: {FA241A6F-D148-4F9D-87A6-23C0A7D12A4F} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe Task: {FF005022-EDF3-49E1-821B-E61AF2E67D62} - System32\Tasks\{AC53F3EE-C7BD-4AE4-A406-437D08DF8DC7} => Iexplore.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?page=tsProgressBar (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1832894771-1512126686-778580116-1001Core.job => C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1832894771-1512126686-778580116-1001UA.job => C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf4fdb8994ac43.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-19 13:18 - 2015-08-19 13:18 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-08-19 08:18 - 2015-08-11 19:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2011-08-11 05:35 - 2011-08-11 05:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-19 13:18 - 2015-08-19 13:18 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2011-08-09 08:11 - 2011-08-09 08:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe 2015-08-19 13:18 - 2015-08-19 13:18 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-01-19 16:53 - 2010-01-19 16:53 - 00124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll 2015-07-10 20:59 - 2015-07-10 20:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 20:59 - 2015-07-10 20:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-08-19 13:18 - 2015-08-19 13:18 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 21:00 - 2015-07-10 23:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-19 08:19 - 2015-08-11 18:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-19 13:18 - 2015-08-19 13:18 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 21:00 - 2015-07-10 23:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-08-21 21:08 - 2015-08-21 21:08 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-21 21:08 - 2015-08-21 21:08 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-08-21 21:08 - 2015-08-21 21:08 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll 2011-09-19 14:57 - 2011-09-19 14:57 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll 2011-09-19 14:57 - 2011-09-19 14:57 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll 2011-09-19 14:59 - 2011-09-19 14:59 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll 2011-09-19 14:57 - 2011-09-19 14:57 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll 2011-09-19 14:57 - 2011-09-19 14:57 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll 2015-08-21 21:08 - 2015-08-21 21:08 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1832894771-1512126686-778580116-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Roland\AppData\Local\Microsoft\Windows\Themes\Best of B\DesktopBackground\5tarutao1920x1200.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: CinemaNow Service => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: HP Wireless Assistant Service => 2 MSCONFIG\Services: HPDrvMntSvc.exe => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: hpsrv => 2 MSCONFIG\Services: HPWMISVC => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: VideoDownloadConverter_4zService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Roland^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^bthudtask.lnk => C:\Windows\pss\bthudtask.lnk.Startup MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: bthudtask => "C:\Users\Roland\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: HPToneControl => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup MSCONFIG\startupreg: NokiaMusic FastStart => "C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre6\bin\jusched.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TBHostSupport => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Roland\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin MSCONFIG\startupreg: Windows Audio Driver => "C:\Windows\system32\audiohd.exe" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-1832894771-1512126686-778580116-1001\...\StartupApproved\Run: => "bthudtask" HKU\S-1-5-21-1832894771-1512126686-778580116-1001\...\StartupApproved\Run: => "ultracopier" HKU\S-1-5-21-1832894771-1512126686-778580116-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{5251CB61-7193-4EC9-A93A-6C89A4687504}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{660A09DD-B963-401B-A94C-58B523247BE1}] => (Allow) C:\Users\Roland\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe FirewallRules: [{0A2E1D95-E162-4323-8829-9692EBFDC3D9}] => (Allow) C:\Users\Roland\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe FirewallRules: [{7141617B-091A-4C80-9289-77839162F5E6}] => (Allow) C:\Windows\SysWOW64\explorer.exe FirewallRules: [{2C9EF5E4-E677-40B6-B9D8-A95A178A6A6D}] => (Allow) C:\Windows\SysWOW64\explorer.exe FirewallRules: [{A96D79B9-52C3-43E6-AB45-4C52750C375F}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{5BCE5A5A-0595-45FD-823C-44C74E39A1FC}] => (Allow) C:\Windows\explorer.exe FirewallRules: [{64D4E085-225A-4E5B-844F-1AE8410BECF3}] => (Allow) C:\Users\Roland\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe FirewallRules: [{079E971D-E3D1-4857-A566-CCDDC6C7F714}] => (Allow) C:\Users\Roland\AppData\Roaming\Microsoft\Windows\IEUpdate\bthudtask.exe FirewallRules: [{A22D4873-D16E-4EA5-AB3F-9B2A98B8079C}] => (Allow) C:\Users\Roland\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{91D61882-192A-491E-90B6-CAA21E4EC81F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{17E4958E-1B62-4EE4-BDD3-524D5649034D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0F104C2D-2A91-493B-81FC-D2313C13A745}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3809BE48-78D6-4148-8825-126A2369B379}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BEA3795D-6036-4BF0-8E12-8922936BB2CF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{4A417146-B268-4547-AD3C-C42DEC32DF5D}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe FirewallRules: [{1BCBE4FF-EA06-4A33-958A-43321A30F4E8}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe FirewallRules: [{E5B0BF13-4739-43F0-B88D-116E1AB43CF1}] => (Allow) C:\Users\Roland\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{771FCA41-EA2A-4306-BDBE-A63236467C85}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe FirewallRules: [{A72E2AE9-FB6A-47B6-93FB-0222A12B3C08}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe FirewallRules: [UDP Query User{15DEA1C5-5017-46D2-8D75-6F3C80E7E3EE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{F5A378A1-530C-4BD3-B74A-0B4AB1AF9506}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{AB7EDBED-685C-4BAF-8C06-C127E64FCEF9}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{3AC7C7F7-B6DE-488E-94C2-A5A4D3A78679}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{D82A2E15-D00F-4FD8-A657-E748B79EA1C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E6545151-2865-431E-B5F1-86DAB42B8F73}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{377449C0-4769-4319-865D-411F2DB9F28D}] => (Allow) C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe FirewallRules: [{7217BCFC-084E-41E3-A759-879C77035340}] => (Allow) C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe FirewallRules: [{021DEFD3-AEE8-417B-B2AE-F9576233B9A4}] => (Allow) C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe FirewallRules: [{A3AF2F57-B72F-49EF-923B-1253A773E6D8}] => (Allow) C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe FirewallRules: [{784BF379-009D-4957-A3D6-843D80F0FB0F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6F47CCC3-97B6-4715-8B23-315A11E88E86}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe FirewallRules: [{1FD2C3CD-2B5E-4682-A8A8-D3297ECFB372}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe FirewallRules: [{A6F09406-400B-4378-B3E5-26B0D46C68CE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe FirewallRules: [{13F60BD0-2DFE-4A95-BEAC-2A14092D1369}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe FirewallRules: [{EBD72461-8341-4415-ADA5-0C19B9550924}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\iTV\HPiTV.exe FirewallRules: [{44CC32B3-DA58-401C-B35B-035018B40DAC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe FirewallRules: [{2DD23CBF-139D-46AF-986C-F4CF9ADB9AC3}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{F83585AC-43A1-4A4C-A18E-E2B04C88D9FE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{69C95EE1-35F4-46B2-88F7-AF9ABE39A2CB}] => (Allow) svchost.exe FirewallRules: [{43B6C659-F35B-4AB3-9C6B-D3C6F9964340}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{D09C95E4-CDE1-462B-8432-839F8843897C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{05A48B93-FA60-428C-962A-935CA5C7529E}] => (Allow) LPort=48113 FirewallRules: [{4B2784C6-F003-4ABA-80F1-9D00167176E7}] => (Allow) LPort=48113 FirewallRules: [{D7568B68-4382-44C0-B8F1-7128D69A07F1}] => (Allow) C:\Program Files (x86)\ma-config.com\maconfservice.exe FirewallRules: [{17A6B0D3-00B2-4910-803D-230993B95968}] => (Allow) C:\Program Files (x86)\ma-config.com\maconfservice.exe FirewallRules: [{F5F4AD43-4928-4F0C-A8A5-CC2E7DDB0828}] => (Allow) C:\Program Files\ma-config.com\x64\maconfservice.exe FirewallRules: [{70B40A82-61C0-42CB-875D-BD6BB843233B}] => (Allow) C:\Program Files\ma-config.com\x64\maconfservice.exe FirewallRules: [{5F1F3C79-70B5-4A39-8710-DFE4337BF75C}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{1FE0E02A-E9BF-4031-BBFF-9DFCB7BEC579}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{CEB46086-24B1-4A0F-B7C9-B519D8AD5DA4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{4E022C1B-B9D8-4EEC-BAAB-54946E3D00BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{FADE3134-54ED-4463-BFD4-F0C9FAECC5D7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{AE414CAD-B14E-490F-BB27-F00DC7CF6656}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{4E8CA2FA-4FAF-45CA-85BB-1492C278DC9A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{4F593F1C-B6C7-4644-B02B-2BB7A05282FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C7A25D1-7016-4A82-996D-F6A16AEBE3C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe StandardProfile\AuthorizedApplications: [C:\Windows\system32\taskhost.exe] => Enabled:Host Process for Windows Tasks StandardProfile\AuthorizedApplications: [C:\Windows\system32\taskhostex.exe] => Enabled:Host Process for Windows Tasks StandardProfile\AuthorizedApplications: [C:\Windows\explorer.exe] => Enabled:Windows Explorer StandardProfile\AuthorizedApplications: [C:\Windows\SysWOW64\explorer.exe] => Enabled:Windows Explorer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2015 06:37:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10240.16431, time stamp: 0x55c9bd9e Faulting module name: msvcrt.dll, version: 7.0.10240.16384, time stamp: 0x559f3b84 Exception code: 0xc000041d Fault offset: 0x0000000000073b25 Faulting process id: 0xf3c Faulting application start time: 0xMicrosoftEdge.exe0 Faulting application path: MicrosoftEdge.exe1 Faulting module path: MicrosoftEdge.exe2 Report Id: MicrosoftEdge.exe3 Faulting package full name: MicrosoftEdge.exe4 Faulting package-relative application ID: MicrosoftEdge.exe5 Error: (08/24/2015 06:37:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10240.16431, time stamp: 0x55c9bd9e Faulting module name: msvcrt.dll, version: 7.0.10240.16384, time stamp: 0x559f3b84 Exception code: 0xc0000005 Fault offset: 0x0000000000073b25 Faulting process id: 0xf3c Faulting application start time: 0xMicrosoftEdge.exe0 Faulting application path: MicrosoftEdge.exe1 Faulting module path: MicrosoftEdge.exe2 Report Id: MicrosoftEdge.exe3 Faulting package full name: MicrosoftEdge.exe4 Faulting package-relative application ID: MicrosoftEdge.exe5 Error: (08/24/2015 06:34:05 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (08/24/2015 06:34:03 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed Error: (08/24/2015 06:32:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/24/2015 06:32:15 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {055d8bd4-9ff8-479b-b356-fb53c2b7374c} Error: (08/24/2015 06:27:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SearchUI.exe version 10.0.10240.16431 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 14a4 Start Time: 01d0dde213a901d4 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Report Id: 60257913-49d5-11e5-9bf2-2c27d7bc8ed7 Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Error: (08/24/2015 06:27:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Roland-PC) Description: App Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time. Error: (08/24/2015 06:26:20 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: ATI EEU PnP start/stop failed Error: (08/24/2015 06:26:18 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed System errors: ============= Error: (08/24/2015 06:34:42 AM) (Source: DCOM) (EventID: 10016) (User: Roland-PC) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Roland-PCRolandS-1-5-21-1832894771-1512126686-778580116-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (08/24/2015 06:34:42 AM) (Source: DCOM) (EventID: 10016) (User: Roland-PC) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Roland-PCRolandS-1-5-21-1832894771-1512126686-778580116-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (08/24/2015 06:34:42 AM) (Source: DCOM) (EventID: 10016) (User: Roland-PC) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Roland-PCRolandS-1-5-21-1832894771-1512126686-778580116-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (08/24/2015 06:34:42 AM) (Source: DCOM) (EventID: 10016) (User: Roland-PC) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Roland-PCRolandS-1-5-21-1832894771-1512126686-778580116-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (08/24/2015 06:34:42 AM) (Source: DCOM) (EventID: 10016) (User: Roland-PC) Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Roland-PCRolandS-1-5-21-1832894771-1512126686-778580116-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (08/24/2015 06:34:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1058 Error: (08/24/2015 06:33:10 AM) (Source: DCOM) (EventID: 10010) (User: Roland-PC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (08/24/2015 06:33:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/24/2015 06:32:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/24/2015 06:32:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office: ========================= Error: (08/24/2015 06:37:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: MicrosoftEdge.exe11.0.10240.1643155c9bd9emsvcrt.dll7.0.10240.16384559f3b84c000041d0000000000073b25f3c01d0dde369c441f8C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\WINDOWS\system32\msvcrt.dlla5b5d582-77e8-46bc-915c-0b396f613c47Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge Error: (08/24/2015 06:37:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: MicrosoftEdge.exe11.0.10240.1643155c9bd9emsvcrt.dll7.0.10240.16384559f3b84c00000050000000000073b25f3c01d0dde369c441f8C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\WINDOWS\system32\msvcrt.dll37301b58-450c-49c0-bc07-d956fa89bf60Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge Error: (08/24/2015 06:34:05 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: Error: (08/24/2015 06:34:03 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed Error: (08/24/2015 06:32:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. Error: (08/24/2015 06:32:15 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {055d8bd4-9ff8-479b-b356-fb53c2b7374c} Error: (08/24/2015 06:27:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: SearchUI.exe10.0.10240.1643114a401d0dde213a901d44294967295C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe60257913-49d5-11e5-9bf2-2c27d7bc8ed7Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyCortanaUI Error: (08/24/2015 06:27:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Roland-PC) Description: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI Error: (08/24/2015 06:26:20 AM) (Source: ATIeRecord) (EventID: 16396) (User: ) Description: Error: (08/24/2015 06:26:18 AM) (Source: STacSV) (EventID: 32767) (User: NT AUTHORITY) Description: Connection to the Storage interface failed CodeIntegrity: =================================== Date: 2015-08-21 08:40:48.842 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:48.783 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:48.657 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:48.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:48.340 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:48.198 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:43.247 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:40:36.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:31:51.715 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-08-21 08:31:51.646 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 38% Total physical RAM: 4043.86 MB Available physical RAM: 2467.61 MB Total Virtual: 8139.86 MB Available Virtual: 6593.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:443.54 GB) (Free:205.12 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:21.92 GB) (Free:3.18 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT Drive g: (STORE N GO) (Removable) (Total:3.63 GB) (Free:3.62 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F1977E89) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0E) ======================================================== Disk: 1 (Size: 3.6 GB) (Disk ID: 2C6B7369) No partition Table on disk 1. ==================== End of log ============================