Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 02 Ran by TuX (2015-12-16 11:12:47) Running from C:\Users\TuX\Desktop Windows 8.1 Pro with Media Center (X64) (2014-06-25 03:59:18) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-466511086-3684455779-3713664531-500 - Administrator - Disabled) Guest (S-1-5-21-466511086-3684455779-3713664531-501 - Limited - Enabled) => C:\Users\Guest.TuX TuX (S-1-5-21-466511086-3684455779-3713664531-1001 - Administrator - Enabled) => C:\Users\TuX ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated) AIDA64 Extreme Edition v1.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 1.85 - FinalWire Ltd.) AMD Catalyst Install Manager (HKLM\...\{8C49F61F-FCA6-A096-3E92-71128D8425ED}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Apple Application Support (32 bits) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Assistant de téléchargement (HKLM-x32\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.3 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DriverUpdate (HKLM-x32\...\{59661E83-9537-4502-815A-38D258FCE409}) (Version: 2.2.40266 - SlimWare Utilities, Inc.) Emerland Solitaire: Endless Journey (HKLM-x32\...\BFG-Emerland Solitaire - Endless Journey) (Version: - ) Étude pour l'amélioration du produit HP Officejet Pro 8610 (HKLM\...\{5CF3A19A-4F7E-4085-B7E1-150AF73745B4}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Filter Forge 5.007 (HKLM-x32\...\Filter Forge 5_is1) (Version: - Filter Forge, Inc.) Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Officejet Pro 8610 Aide (HKLM-x32\...\{3B2848DA-FDE6-47C5-AB5F-9E434E5E93C9}) (Version: 32.0.0 - Hewlett Packard) HP Photo Creations (HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\HP Photo Creations) (Version: 1.0.0.19192 - HP) HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E4B931AF-C59A-4D92-8767-8E2D5F53144E}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Liong: Les Amulettes Perdues (HKLM-x32\...\BFG-Liong - Les Amulettes Perdues) (Version: - ) Logiciel de base du périphérique HP Officejet Pro 8610 (HKLM\...\{F33B9E27-DBEF-43CE-A9F7-815EA09FC862}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Logiciel de téléchargement du Kit-Instants-precieux pour Studio (HKLM-x32\...\{6F9262D2-FF22-462E-BA22-4BD90B70372C}}_is1) (Version: - CDIP) Logiciel de téléchargement du Mini album « Au galop » pour Stud (HKLM-x32\...\{E4781469-532C-447D-9561-ABB3B987D299}_is1) (Version: - CDIP) Mahjongg: Ancient Mayas (HKLM-x32\...\BFG-Mahjongg - Ancient Mayas) (Version: - ) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.1 SDK (Français) (HKLM-x32\...\{5F951DA6-8F50-4E55-B2A3-DCE78BF3D185}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (Français) (HKLM-x32\...\{224757CE-5740-4E20-84CB-670D8D593A1C}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 FRA (HKLM\...\{0D4447E0-A261-43A4-AEBC-F76E983901F0}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - FRA (14.0.50616.0) (HKLM-x32\...\{4BDA02EE-4846-4D39-8D4C-683AC94F9B44}) (Version: 14.0.50616.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{67F01854-264E-44E4-9434-1107741573AA}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{9CD2AD15-115E-4F44-90A8-435B9537973B}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{296D0B70-F8D8-4D58-9E55-C86B3E82DB7C}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{855F1729-ECA5-4BF8-A8E4-9E521BB36E10}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types pour SQL Server 2014 (HKLM\...\{76582300-132C-4B08-9DFB-350E9E9260EA}) (Version: 12.0.2402.11 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{1af6dc7d-ee8d-4bf8-aea0-07c6969a7170}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{18637763-c8e5-4c49-ba8a-b854367f6b55}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{ece8cb18-c84c-4c1a-a5b5-53e3f1daa15c}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2e7a9943-de7b-4030-8f40-63502f679ace}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Paris Mahjong (HKLM-x32\...\BFG-Paris Mahjong) (Version: - ) PENTAX USB DISK Device (HKLM-x32\...\{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}) (Version: 1.02.0000 - PENTAX) Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest) Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.7.15 - Razer USA Ltd.) RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software) Service de langage T-SQL Microsoft SQL Server 2014 (HKLM-x32\...\{4152D9BF-6975-4653-B993-5CA882638A72}) (Version: 12.0.2000.8 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 2.2.00.09190 - Sony Corporation) Start8 (HKLM\...\Start8_is1) (Version: 1.0 - Stardock Corporation) Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.6.2760.35361 - SteelSeries) Studio-Scrap : Kit-Instants-precieux (HKLM-x32\...\{2CCD9B44-AAEF-4ABA-8535-6D1564A3AEF2}_is1) (Version: Kit-Instants-precieux2010 - CDIP) Studio-Scrap : Mini-album-Au-galop (HKLM-x32\...\{BFA66A13-D37F-4368-BF19-D903A6781B8B}}_is1) (Version: Mini-album-Au-galop2011 - CDIP) Studio-Scrap : Theme-tattoo (HKLM-x32\...\{205D6CD7-B678-496F-871C-42A0962D2F5A}}_is1) (Version: Theme-tattoo2013 - CDIP) Studio-Scrap 6 (HKLM-x32\...\{AF2F4120-B7B6-407E-A0BF-D6D710EE37EE}_is1) (Version: 2013.6 - CDIP) Studio-Scrap6 : Contenu graphique (HKLM-x32\...\{65143150-8B56-4F76-82AC-BE73B528925F}_is1) (Version: 2014 - CDIP) TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Utilitaires ligne de comm. Microsoft SQL Server 2012 (HKLM\...\{3835543E-37BA-4CE3-91BE-608DA8827675}) (Version: 11.1.3000.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XBMC (HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\XBMC) (Version: - Team XBMC) ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2015-12-16 06:10 - 00000747 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {020AA140-C2AF-4A00-B3E3-90C3DEC742F8} - System32\Tasks\HP AR Program Upload - c725efbcd4c04982b4abe38690e307586c738e93a3b149a79e7db1430d957bf1 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {029A294B-D96C-422F-89CF-A13B82FBAB72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {0478E68E-655B-4B6A-B902-9E2C16D02843} - System32\Tasks\HP AR Program Upload - 44e0e3dad71f4bfbbd7368c166ca2bb752d7d0576c6044fc94aa955d8f08472b => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {04F35316-C6C8-4F89-80E1-F13A79B3DE4D} - System32\Tasks\HP AR Program Upload - 0fd778a1cd2c41d4a19a02b86e0f7f71e4d4413d99c544ecacbfac22c6ac09dd => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {0CCA53CB-A939-46B1-B201-7210EAD12A7C} - System32\Tasks\HP AR Program Upload - aa6d54a02c8d497490176805022dd18ff8e5ce3b7d4a470882a14e183ecd3c4d => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {10E10945-2C15-4D77-A9B7-EA4ED051F1C9} - System32\Tasks\Start WinZip Driver Updater Schedule => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe Task: {13D67DED-1B79-4F7E-A138-00E83AB047EC} - System32\Tasks\HP AR Program Upload - 7540ee238d70418d867689178f94feaa5646865da205473a8e85a9d4c023f023 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {1BF5FE58-9B46-4189-BF5F-0294A07F5148} - System32\Tasks\HP AR Program Upload - a8d7b6c3178f46ad94bb49e01e0fd0845c45695aeb654993952f5ef213d4f8a1 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {2210FE67-48F4-4439-B1AF-2D532E1A6A7B} - System32\Tasks\HP AR Program Upload - 1aaaabf6f36c47ef87c8fd1c828664183d379f5dcd6c453ba3de28fae2e47d60 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {243FAD18-93DB-4FB2-9818-4A332B8E9737} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {2EB0C9D9-CA85-4377-B0CD-AA34CBD4C09E} - System32\Tasks\HP AR Program Upload - f622da6b1ac7408b9c7a53bb7e892adee0765878a069452bb2522bb24956d27e => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {2F70D0DF-D0F3-4D48-9AC2-B71FA90F2773} - System32\Tasks\HP AR Program Upload - 91476ce6473d47fa8206c79572809917050dd7344c6c4f5d9d5e5f1281f35365 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {3D547FAB-5C4C-4709-A4B2-B275A45798DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {4311F6C8-B9E6-4963-80B2-312F61915558} - System32\Tasks\Start WinZip Driver Updater Update => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe Task: {44121E47-E8F1-419D-A714-81D2F51534F0} - System32\Tasks\HP AR Program Upload - cec255952d4040c6a19d27f4371ea878d9989e9bd49c42248a2076526c17c167 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {473BC047-C542-4D31-97BD-ADDD3E73A96A} - System32\Tasks\HP AR Program Upload - 7019f4eb8e0f4a408d0104123de75bc7c4f1592571254d0480294905d8d22dd9 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {47677AE3-D5E6-4F0C-AA94-7161D64CB2D7} - System32\Tasks\HP AR Program Upload - 5b49e0d0720849a1bae90a69dcaf4e10762a4045c13e48398ffadc15cc30faf0 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {48540842-A37F-4DA8-A8CB-B6AE64882F48} - System32\Tasks\HP AR Program Upload - 30e34435f3e1402c86de00b0896a36427b067eb0975d4436843d2e3b61bdf109 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {4E00C8F5-9D6E-49A5-B1EB-C1125408E563} - System32\Tasks\HP AR Program Upload - f7d5c41f72e14c8b843e250ab812760beb2e4a495ce347fea5d9ef199b2b3d3e => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {52396F97-DF74-4D30-87E9-F2FBBF4BC47C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {5412A557-C194-4DDE-BFD3-62AB44FAA959} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe Task: {54527F99-A6B1-4C1D-81F0-CD85A2C4539A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {576A0945-1DF2-4948-A0D7-380AFE61F8C4} - \SPBIW_UpdateTask_Time_323633303930313638312d2d37505a2a6c55326c342341 -> No File <==== ATTENTION Task: {5C19D2F7-4380-4353-9FC5-3B5BFFE3DE52} - System32\Tasks\HP AR Program Upload - 967be67ea1204755944838228a32561e542aa7d3756a46318bd2b5cd3fda53c3 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {5C663750-EE11-4CF0-AE36-D43B9131AF78} - System32\Tasks\HP AR Program Upload - 5e811e3c374141438dba2822a55cd1dc84486ecc07e749e89b7a93ff9ce53e1d => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {64326115-8D88-4E60-980C-406C16DFD999} - System32\Tasks\HP AR Program Upload - babc64706bed4691a5518945afa24bdae16f784e048f4cf8a5066324dd26f019 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {66396AF1-D1FC-4571-BC2F-4530EA017B0D} - System32\Tasks\HP AR Program Upload - 2398517b0056420fa1a7003f0754870628fad642f8814621be510b5e8349ac49 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {6FC9CEDE-229E-43A4-A46B-2BECA7E58DB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard) Task: {708D21A5-414B-49B2-A704-867536F28BF6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd) Task: {73EF4731-ACA1-4D35-97A0-54A974F65A79} - System32\Tasks\HP AR Program Upload - 440799389ada430db14ed6f34634e3173220b3bbe74c40a7abfeb89a658b7d57 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {7695AB01-9C63-4E7E-A43C-9C4AC8E4CB06} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {7C92D5FD-4C79-4277-8CBA-FB6858679F89} - System32\Tasks\HP AR Program Upload - d11ebeca6a284a5f83561b0496b0b3b88e07d7f488e7486a9e3c597cb59e1d9a => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {7D067794-86CE-4DD2-86DB-33994BDCAFD9} - System32\Tasks\HP AR Program Upload - cd95f1a83692406f86097b941fc1ae931752c74c336143098ed4f0c351e70d02 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {7F595017-BEE8-4FEA-A6D1-D456B72CF3FC} - System32\Tasks\HP AR Program Upload - a0fae0a495ff4e6db7c1672b5a80fd2b4fb94baee5aa4e559fbcd894d927114e => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {8822330A-CE70-49F6-B192-8590AC2000BC} - System32\Tasks\HP AR Program Upload - 2c38f654e96d4bfe8cff8cdf963196d7d75641189a1a49c0a4d9e080bd68e93c => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {8B298466-0A55-42B0-9CA8-58E5796FA77F} - System32\Tasks\HP AR Program Upload - 5ae93c3226ed41be8871d6f758bc350be4a8a35d2da94be9ad128fef58d4d989 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {90B2BB3B-9382-4BAB-9B3B-AFAAF92F5659} - System32\Tasks\HP AR Program Upload - 887c9dc47eea48fe8c2776985a884dd81f3aa3e5422842c08dbd6db594a7aa4f => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {92F1FAD3-D646-4490-9A9B-E8E477532C33} - System32\Tasks\{D987E1CC-4353-44E9-8702-C99AEF25DF39} => pcalua.exe -a C:\pentaxsw14\SETUP.EXE -d C:\pentaxsw14 Task: {92FCF3D8-437F-48DA-8021-43992AE8F2D0} - System32\Tasks\{52DD8E31-5997-4AB6-944B-72B6308A58DD} => pcalua.exe -a "C:\Program Files (x86)\MediaPlayer+\Uninstall.exe" -c /fcp=1 Task: {96B2DE23-4D8E-47F1-9C0A-038657E1386D} - System32\Tasks\HP AR Program Upload - 9163a78bbe57458a8ebc0826bd44018781821a5178d04f7dbd34d28e40f403f2 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {96BA24EE-A686-41EF-8FCB-8ED203A15A3E} - \SMW_UpdateTask_Time_323633303930313638312d2d37505a2a6c55326c342341 -> No File <==== ATTENTION Task: {A13868DD-075F-4E84-BE96-6694A677CA56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {A4C66FA1-111E-4196-93B8-D5CFFE8DF62B} - System32\Tasks\HP AR Program Upload - dc83d6d20cd941c69a758b49683a356d33befd6d84c744c2bde5fc72b2f178d7 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {A63983C7-B456-480A-A46C-0FDEF7863A76} - System32\Tasks\{02C95A4B-37BB-4ADD-B353-1D357BC448A4} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=diablo3_enus --displayname="Diablo III" Task: {A8E29AF4-4488-445E-A8D9-78325DA6225F} - System32\Tasks\HP AR Program Upload - 8f7bc702d99947849f6c96624151f09cb6ed67e8823740c487305388193b408f => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {B1B3914C-78E5-4555-9A69-58B362CF14A6} - System32\Tasks\HP AR Program Upload - 62ea460e25344f4596c0d847c54ca54c5d9d2b08da3046bab2aff17d0ce87a6d => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {B4FCDD25-11C9-402F-87C4-F7D1EE1A1940} - System32\Tasks\HP AR Program Upload - 6459195ec5c3425da3a53da539307bf5ddb4724e9e444cfeb50d6a460999ad49 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {B996F618-E7BA-4D16-BEF5-9C4A739D74EC} - System32\Tasks\HP AR Program Upload - bb28c2aca9f84569b33c123af61945384cdef66fb13849e0a347ae0880bf7ebb => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {BCC83093-7E0E-4D06-A3DA-465FFB737661} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] () Task: {BDF9C5C2-A06F-41A2-8F01-209DD679C858} - System32\Tasks\{61C247E6-60FF-4F98-AB00-77A01A89F8AE} => pcalua.exe -a "C:\Program Files (x86)\PDFCreator\unins000.exe" Task: {C05CB106-1753-41C8-81D8-53E70436840C} - System32\Tasks\HP AR Program Upload - 0756b2345791437db446c597bfac118e601793d2f40a45868c501de8be53c804 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {C2FF4F85-5C3C-427A-9476-CB253D955B43} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-466511086-3684455779-3713664531-1001 Task: {C3F3CFED-47AF-49BD-B60E-54610D894079} - System32\Tasks\HP AR Program Upload - a34e9d627c74419bbb0e6efcc197954dfaed35b848c54f82bab055d8987914e4 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {CB746BE6-795E-404A-81BB-3DF10629B521} - System32\Tasks\HP AR Program Upload - 63748b7b04494028880f6cd23472b9d54c4b2f37f1af432dac4da8b08f8be30b => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {CE66A3D0-9126-41B7-AED2-4064CE58DA95} - System32\Tasks\{0882DD46-EDFB-4292-8D44-BC822E18705A} => pcalua.exe -a C:\Users\TuX\AppData\Local\WebPlayer\uninstall.exe -c _?=C:\Users\TuX\AppData\Local\WebPlayer\Online Weather Task: {CEFF9F3C-739F-411A-BB44-6B4D5D8FB631} - System32\Tasks\HP AR Program Upload - 9fe86a3056624c7eb442f46bdaa3b959d6f2f37ca8ca4750918f3ca6b1f71f46 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {D1A953B6-94A8-4EBC-B1A8-5CC18340CE31} - System32\Tasks\{72B364FB-E416-4C0A-8510-8F331ECC10DC} => pcalua.exe -a "C:\Program Files (x86)\BRS\unins000.exe" Task: {D3E239B1-F7B2-443F-9ABE-FBE0A69713A8} - System32\Tasks\START SKYDRIVE => C:\WINDOWS\System32\SkyDrive.exe [2014-11-07] (Microsoft Corporation) Task: {DB4D837B-17C7-4632-B2D5-02BB3667D63B} - System32\Tasks\Start WinZip Driver Updater for TUX@TuX(logon) => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe Task: {E26C27A8-ED23-4183-842C-4760BC9561F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation) Task: {E58ADC20-6870-4F68-AEFA-BC9DCF59D00E} - System32\Tasks\HP AR Program Upload - afc2fbdc30b1450cb00619d38fbcad0a93f58e72f7fd4eb193c00dee35cfb03d => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {E810A696-E305-4835-A656-6312FDF7DCDB} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {F7DB3F7D-4BD9-420A-9906-CE96CF3682A6} - System32\Tasks\HP AR Program Upload - 8a025544fb824236b9a91e24b7519cff409cab3b8f714899ae1e13b47d15af3e => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {FD6181D6-D82F-4EFE-89C4-229BBA0E4AAD} - System32\Tasks\HP AR Program Upload - aa6a57e9ca4e4cad9046856bccad77fa2cf66997949249e682af3561019261a8 => C:\Program Files\HP\HP Officejet Pro 8610\bin\HPRewards.exe [2014-07-21] (TODO: ) Task: {FEA0CAA9-19D5-4028-8F05-5AC88B16F2D4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe Task: C:\WINDOWS\Tasks\DriverUpdate Daily Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\TuX\AppData\Roaming\HP Photo Creations\Communicator.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForTuX.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Start WinZip Driver Updater for TUX@TuX(logon).job => C:\Program Files\WinZip Driver Updater\DriverUpdater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-04-08 14:53 - 2015-04-08 14:53 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1036.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:00D99749 AlternateDataStreams: C:\ProgramData\TEMP:036AA5DD AlternateDataStreams: C:\ProgramData\TEMP:076F9EF8 AlternateDataStreams: C:\ProgramData\TEMP:097C4B7D AlternateDataStreams: C:\ProgramData\TEMP:099BA123 AlternateDataStreams: C:\ProgramData\TEMP:0A701F26 AlternateDataStreams: C:\ProgramData\TEMP:0BCD47A5 AlternateDataStreams: C:\ProgramData\TEMP:0D060666 AlternateDataStreams: C:\ProgramData\TEMP:0DE066A7 AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB AlternateDataStreams: C:\ProgramData\TEMP:10DB9BB7 AlternateDataStreams: C:\ProgramData\TEMP:13019F4B AlternateDataStreams: C:\ProgramData\TEMP:1322DDBD AlternateDataStreams: C:\ProgramData\TEMP:1416AAA6 AlternateDataStreams: C:\ProgramData\TEMP:152FD00E AlternateDataStreams: C:\ProgramData\TEMP:1A259A13 AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC AlternateDataStreams: C:\ProgramData\TEMP:1A8FDBA3 AlternateDataStreams: C:\ProgramData\TEMP:1B7E2022 AlternateDataStreams: C:\ProgramData\TEMP:1EC13383 AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B AlternateDataStreams: C:\ProgramData\TEMP:2043337E AlternateDataStreams: C:\ProgramData\TEMP:20ABE827 AlternateDataStreams: C:\ProgramData\TEMP:2313511A AlternateDataStreams: C:\ProgramData\TEMP:27A88EF2 AlternateDataStreams: C:\ProgramData\TEMP:28DFF83F AlternateDataStreams: C:\ProgramData\TEMP:2AD33723 AlternateDataStreams: C:\ProgramData\TEMP:2B9555D8 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:2E928E6E AlternateDataStreams: C:\ProgramData\TEMP:315F23AB AlternateDataStreams: C:\ProgramData\TEMP:330E66BD AlternateDataStreams: C:\ProgramData\TEMP:33E58057 AlternateDataStreams: C:\ProgramData\TEMP:373004BD AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:394EB021 AlternateDataStreams: C:\ProgramData\TEMP:3969ACF7 AlternateDataStreams: C:\ProgramData\TEMP:3A28C54D AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8 AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C AlternateDataStreams: C:\ProgramData\TEMP:3B622E21 AlternateDataStreams: C:\ProgramData\TEMP:3B633DE9 AlternateDataStreams: C:\ProgramData\TEMP:3D033DEC AlternateDataStreams: C:\ProgramData\TEMP:3D36932D AlternateDataStreams: C:\ProgramData\TEMP:404908B5 AlternateDataStreams: C:\ProgramData\TEMP:4157BB05 AlternateDataStreams: C:\ProgramData\TEMP:426D1496 AlternateDataStreams: C:\ProgramData\TEMP:432EC713 AlternateDataStreams: C:\ProgramData\TEMP:494E4266 AlternateDataStreams: C:\ProgramData\TEMP:498B5975 AlternateDataStreams: C:\ProgramData\TEMP:49EA4410 AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B AlternateDataStreams: C:\ProgramData\TEMP:4F852702 AlternateDataStreams: C:\ProgramData\TEMP:50868536 AlternateDataStreams: C:\ProgramData\TEMP:512E1728 AlternateDataStreams: C:\ProgramData\TEMP:5197985B AlternateDataStreams: C:\ProgramData\TEMP:53BA2DF6 AlternateDataStreams: C:\ProgramData\TEMP:5539129F AlternateDataStreams: C:\ProgramData\TEMP:57173DB4 AlternateDataStreams: C:\ProgramData\TEMP:59465B40 AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5 AlternateDataStreams: C:\ProgramData\TEMP:5C717402 AlternateDataStreams: C:\ProgramData\TEMP:5CB83528 AlternateDataStreams: C:\ProgramData\TEMP:5D1BA9DE AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 AlternateDataStreams: C:\ProgramData\TEMP:63C48B80 AlternateDataStreams: C:\ProgramData\TEMP:641A21EA AlternateDataStreams: C:\ProgramData\TEMP:66C764F5 AlternateDataStreams: C:\ProgramData\TEMP:67396145 AlternateDataStreams: C:\ProgramData\TEMP:6768320F AlternateDataStreams: C:\ProgramData\TEMP:691F4D97 AlternateDataStreams: C:\ProgramData\TEMP:6A6D4AF4 AlternateDataStreams: C:\ProgramData\TEMP:6AAFAA2A AlternateDataStreams: C:\ProgramData\TEMP:6C74C778 AlternateDataStreams: C:\ProgramData\TEMP:6D65CED0 AlternateDataStreams: C:\ProgramData\TEMP:6DD124E2 AlternateDataStreams: C:\ProgramData\TEMP:6E65510A AlternateDataStreams: C:\ProgramData\TEMP:6E90EDD7 AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 AlternateDataStreams: C:\ProgramData\TEMP:72A1B66A AlternateDataStreams: C:\ProgramData\TEMP:72E5CC07 AlternateDataStreams: C:\ProgramData\TEMP:75765D7B AlternateDataStreams: C:\ProgramData\TEMP:774A0E14 AlternateDataStreams: C:\ProgramData\TEMP:77B64C59 AlternateDataStreams: C:\ProgramData\TEMP:79A7F369 AlternateDataStreams: C:\ProgramData\TEMP:7A032A04 AlternateDataStreams: C:\ProgramData\TEMP:7B8AF9AA AlternateDataStreams: C:\ProgramData\TEMP:7C27C41C AlternateDataStreams: C:\ProgramData\TEMP:7E0B06B5 AlternateDataStreams: C:\ProgramData\TEMP:819394CC AlternateDataStreams: C:\ProgramData\TEMP:8435AD8C AlternateDataStreams: C:\ProgramData\TEMP:86A7B7DD AlternateDataStreams: C:\ProgramData\TEMP:87731E5E AlternateDataStreams: C:\ProgramData\TEMP:8944C195 AlternateDataStreams: C:\ProgramData\TEMP:8AED9359 AlternateDataStreams: C:\ProgramData\TEMP:8B3C3098 AlternateDataStreams: C:\ProgramData\TEMP:8BE7A048 AlternateDataStreams: C:\ProgramData\TEMP:8EFE3D35 AlternateDataStreams: C:\ProgramData\TEMP:902C848D AlternateDataStreams: C:\ProgramData\TEMP:92BD9737 AlternateDataStreams: C:\ProgramData\TEMP:94BD36A2 AlternateDataStreams: C:\ProgramData\TEMP:96AFAB10 AlternateDataStreams: C:\ProgramData\TEMP:993185CB AlternateDataStreams: C:\ProgramData\TEMP:9A60A5B3 AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 AlternateDataStreams: C:\ProgramData\TEMP:9BB8C675 AlternateDataStreams: C:\ProgramData\TEMP:9C3AAD57 AlternateDataStreams: C:\ProgramData\TEMP:9F3CEEE6 AlternateDataStreams: C:\ProgramData\TEMP:9FCF32A8 AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6 AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537 AlternateDataStreams: C:\ProgramData\TEMP:A6D89509 AlternateDataStreams: C:\ProgramData\TEMP:A78B31DD AlternateDataStreams: C:\ProgramData\TEMP:A8185163 AlternateDataStreams: C:\ProgramData\TEMP:A8CB5EEC AlternateDataStreams: C:\ProgramData\TEMP:A8F2382B AlternateDataStreams: C:\ProgramData\TEMP:A9EBEE99 AlternateDataStreams: C:\ProgramData\TEMP:A9F13D2D AlternateDataStreams: C:\ProgramData\TEMP:AA0017FD AlternateDataStreams: C:\ProgramData\TEMP:AA93EFD3 AlternateDataStreams: C:\ProgramData\TEMP:AB0A5A80 AlternateDataStreams: C:\ProgramData\TEMP:ABBFFEA2 AlternateDataStreams: C:\ProgramData\TEMP:AE289451 AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E AlternateDataStreams: C:\ProgramData\TEMP:AEA33452 AlternateDataStreams: C:\ProgramData\TEMP:AEC59117 AlternateDataStreams: C:\ProgramData\TEMP:B2CCDB69 AlternateDataStreams: C:\ProgramData\TEMP:B2CD146E AlternateDataStreams: C:\ProgramData\TEMP:B33464A5 AlternateDataStreams: C:\ProgramData\TEMP:B54E4B5A AlternateDataStreams: C:\ProgramData\TEMP:B65E763D AlternateDataStreams: C:\ProgramData\TEMP:B69CF390 AlternateDataStreams: C:\ProgramData\TEMP:B96C57D4 AlternateDataStreams: C:\ProgramData\TEMP:BEF18713 AlternateDataStreams: C:\ProgramData\TEMP:C0893153 AlternateDataStreams: C:\ProgramData\TEMP:C3899C0B AlternateDataStreams: C:\ProgramData\TEMP:C669F3E1 AlternateDataStreams: C:\ProgramData\TEMP:C7517D0A AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C AlternateDataStreams: C:\ProgramData\TEMP:C8E3A625 AlternateDataStreams: C:\ProgramData\TEMP:C98828D3 AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30 AlternateDataStreams: C:\ProgramData\TEMP:D4F5419A AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4 AlternateDataStreams: C:\ProgramData\TEMP:D64DD961 AlternateDataStreams: C:\ProgramData\TEMP:D987CB43 AlternateDataStreams: C:\ProgramData\TEMP:DBC648D9 AlternateDataStreams: C:\ProgramData\TEMP:DC9915D2 AlternateDataStreams: C:\ProgramData\TEMP:DDA730F9 AlternateDataStreams: C:\ProgramData\TEMP:DF7A2D3E AlternateDataStreams: C:\ProgramData\TEMP:E1D06077 AlternateDataStreams: C:\ProgramData\TEMP:E2295807 AlternateDataStreams: C:\ProgramData\TEMP:E3B0ACE0 AlternateDataStreams: C:\ProgramData\TEMP:E3CEEC4C AlternateDataStreams: C:\ProgramData\TEMP:E402E439 AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D AlternateDataStreams: C:\ProgramData\TEMP:E4E83517 AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3 AlternateDataStreams: C:\ProgramData\TEMP:E8B61305 AlternateDataStreams: C:\ProgramData\TEMP:E94FA418 AlternateDataStreams: C:\ProgramData\TEMP:E96A2658 AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7 AlternateDataStreams: C:\ProgramData\TEMP:EA2D3047 AlternateDataStreams: C:\ProgramData\TEMP:EDD903C5 AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E AlternateDataStreams: C:\ProgramData\TEMP:EF123AF6 AlternateDataStreams: C:\ProgramData\TEMP:F1381B87 AlternateDataStreams: C:\ProgramData\TEMP:F176B6C6 AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF AlternateDataStreams: C:\ProgramData\TEMP:F2B81C2E AlternateDataStreams: C:\ProgramData\TEMP:F4039384 AlternateDataStreams: C:\ProgramData\TEMP:F4362715 AlternateDataStreams: C:\ProgramData\TEMP:F6DA3F39 AlternateDataStreams: C:\ProgramData\TEMP:F89F2593 AlternateDataStreams: C:\ProgramData\TEMP:F94DE3B1 AlternateDataStreams: C:\ProgramData\TEMP:FCBEDCFD AlternateDataStreams: C:\ProgramData\TEMP:FF747CFB ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-466511086-3684455779-3713664531-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\TuX\OneDrive\9cecc318b9387dbdc9ebc2b41c9ed73e.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "SoftwareUpdater.lnk" HKLM\...\StartupApproved\Run: => "AgentAntidote64" HKLM\...\StartupApproved\Run: => "AgentAntidote32" HKLM\...\StartupApproved\Run: => "My Scrap Nook Home Page Guard 64 bit" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Razer Synapse" HKLM\...\StartupApproved\Run32: => "AMD AVT" HKLM\...\StartupApproved\Run32: => "Updater" HKLM\...\StartupApproved\Run32: => "BlockAndSurf" HKLM\...\StartupApproved\Run32: => "My Scrap Nook Search Scope Monitor" HKLM\...\StartupApproved\Run32: => "My Scrap Nook EPM Support" HKLM\...\StartupApproved\Run32: => "MyScrapNook_12 Browser Plugin Loader 64" HKLM\...\StartupApproved\Run32: => "MyScrapNook_12 Browser Plugin Loader" HKLM\...\StartupApproved\Run32: => "eDealsPop" HKLM\...\StartupApproved\Run32: => "SPDriver" HKLM\...\StartupApproved\Run32: => "YTDownloader" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\StartupFolder: => "Outil de détection de support Picture Motion Browser.lnk" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "SteelSeries Engine" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "AnumanLive" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "NextLive" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "TBHostSupport" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Updater" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "IDMSQ" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "EasySpeedCheck" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Easy Speed PC" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Super Optimizer" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "SPDriver" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "YTDownloader" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "BRS" HKU\S-1-5-21-466511086-3684455779-3713664531-1001\...\StartupApproved\Run: => "Application Restart #0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{751C3E62-D3DA-48C3-9CE5-F4A28A31404D}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [TCP Query User{9CC960A2-CCC2-4883-92FA-537C88E2AC25}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe FirewallRules: [{3C508868-AB24-4C3B-BD20-B98E4FB97268}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BED0F30D-E68C-4128-AB55-F8CA9781F52E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{EFBFC38F-B752-4A05-AA71-EEFA70971E24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{08CD5560-F5A6-4B99-99B8-E2ECC41CBF6C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{7B139D45-5359-435C-99DC-0C078C5093EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{1767B0B0-E2D7-4196-81DB-13FEEC799E54}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{AF2FA1BE-F599-4B09-81CA-6B00EC57B929}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{6BC46F3F-E717-46AB-9EC5-5DE61CC1DB35}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{9F7CBEF9-25A1-433F-99AC-FF5BAB731BB4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [UDP Query User{ACFB4687-C475-4FFE-BCF9-39C546527935}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{141748E9-2BE4-4CEF-A7EB-C01FF86E3D4C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{9DE26EC3-9322-4A9B-82B0-CFC1EB32AD6E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{99DF1517-84A0-4E32-882A-1421C73F107A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3A216139-0D39-45FC-8055-ADCA1B8E8EA6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C7942682-AC3B-4A9C-B8FA-DBC56FC6B577}] => (Allow) LPort=2869 FirewallRules: [{9A9C4771-FE75-4302-AFF1-47FE44D67E8A}] => (Allow) LPort=1900 FirewallRules: [{1AB828B7-1748-4946-85E9-FE82A43508EC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [TCP Query User{CD1E4AEA-D106-4145-9ED0-F36025D58D24}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe FirewallRules: [UDP Query User{DBB963B6-0C28-4052-8D82-6B65AE31FFBF}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe FirewallRules: [{CFE3C115-41CC-4CAF-8464-D40059E04880}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe FirewallRules: [{42B866AF-0995-40F8-AFEB-F5ED1610DE44}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe FirewallRules: [{698D1269-BD92-4AF0-8893-DE917DE1BB0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe FirewallRules: [{E93BF98F-EB98-4FD0-8755-55E674552B08}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe FirewallRules: [{C2256696-0788-4FD7-B8FC-10BC42860BEE}] => (Allow) LPort=5357 FirewallRules: [{164517A2-0BB6-4AA8-A3D9-FE00AEFE10DC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe FirewallRules: [{F5DEAAA7-D8AE-4ABE-AFAC-9D9B09DC2EEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B8C548E8-71D7-4D90-BDE2-B2086824AA8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{496E1DE8-C146-48A1-AAC9-C1A6AA6398B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7AEF3999-629C-4C08-A52E-B911727B497F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{18804265-D294-4C2B-8E76-C1E4AC6CF7D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{127E3053-2F15-4490-B25A-84BA5B0ADF77}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 11:08:32 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 10:39:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 10:39:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 10:39:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 Error: (12/16/2015 10:39:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: TUX) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe5 System errors: ============= Error: (12/16/2015 06:52:23 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: Une alerte irrécupérable a été reçue du point de terminaison distant. Le code d’alerte irrécupérable défini par protocole de TLS est 20. Error: (12/16/2015 06:37:23 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Restart the service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l’erreur suivante : %%1056 Error: (12/16/2015 06:36:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Print Spooler s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Restart the service. Error: (12/16/2015 06:36:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Office Software Protection Platform s’est terminé de façon inattendue pour la 1ème fois. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service HP Support Solutions Framework Service s’est terminé de façon inattendue pour la 1ème fois. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Restart the service. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Simple TCP/IP Services s’est terminé de façon inattendue pour la 1ème fois. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Service Bonjour s’est terminé de façon inattendue pour la 1ème fois. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service Apple Mobile Device Service s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes : Restart the service. Error: (12/16/2015 06:36:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Le service Adobe Acrobat Update Service s’est terminé de façon inattendue pour la 1ème fois. CodeIntegrity: =================================== Date: 2015-12-16 06:58:15.180 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 06:36:08.901 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 06:36:08.714 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-16 05:15:05.135 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-15 21:54:21.115 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-15 21:54:20.915 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-14 22:07:44.998 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-14 22:07:44.770 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-14 07:24:01.081 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-13 03:12:27.848 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz Percentage of memory in use: 18% Total physical RAM: 12285.02 MB Available physical RAM: 9971.31 MB Total Virtual: 24573.02 MB Available Virtual: 22213.35 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1192.24 GB) (Free:1034.6 GB) NTFS Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:410.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1192.3 GB) (Disk ID: 9D4CF130) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1192.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0896969D) Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================