Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by salamouna2 (2016-07-04 23:34:29) Running from C:\Users\salamouna2\Desktop Windows 10 Home Version 1511 (X64) (2016-02-14 20:42:10) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1498194768-3071915256-2736199516-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1498194768-3071915256-2736199516-503 - Limited - Disabled) Guest (S-1-5-21-1498194768-3071915256-2736199516-501 - Limited - Disabled) salamouna2 (S-1-5-21-1498194768-3071915256-2736199516-1001 - Administrator - Enabled) => C:\Users\salamouna2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 9.0.318.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.381.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.2.28500 - BitTorrent Inc.) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS) AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.57 - ICEpower a/s) AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.42.2.18804 - AVG Technologies) AVG PC TuneUp (x32 Version: 16.42.6 - AVG Technologies) Hidden Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender) BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) Cent Browser (HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\CentBrowser) (Version: 1.9.13.75 - Cent Studio) DriversCloud.com (64 bits) (HKLM\...\{B3F21810-C58E-4AE1-BFBA-8327721C9F8A}) (Version: 8.0.4.0 - Cybelsoft) ESET Smart Security (HKLM\...\{11994064-51F2-45DF-A83E-539B4BFE3F5A}) (Version: 9.0.318.0 - ESET, spol. s r.o.) FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse) FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Grand Theft Auto V version v.1.0.350.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version: v.1.0.350.1 - GMT-MAX.ORG) Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software) iMacros Version 10.0.2.2823 (x64) (HKLM\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 10.0.2.2823 - Ipswitch, Inc) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation) Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) K-Lite Codec Pack 11.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.5 - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.7 - Notepad++ Team) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.5.1.0 - Duodian Technology Co. Ltd.) NVIDIA Graphics Driver 345.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.05 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.332 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7417 - Realtek Semiconductor Corp.) Rental Management (HKLM-x32\...\{4F040BE0-2E11-4CED-8AE3-047C0DA352D4}_is1) (Version: 4.0 - Jsoft.fr) Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Telegram Desktop version 0.9.51 (HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.51 - Telegram Messenger LLP) Terminals (HKLM-x32\...\{9CA99653-709D-493E-BB16-C32125D94138}) (Version: 3.6.1.0 - Robert Chartier) Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) UsbFix (HKLM-x32\...\Usbfix) (Version: 8.247 - El Desaparecido - www.usb-antivirus.com - www.sosvirus.net) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc) VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1498194768-3071915256-2736199516-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00D85E4D-BD90-4534-9802-538A333C7E76} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {0BB48EE2-C323-4B10-BAA2-9271797FD747} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION Task: {21940C9F-3DD2-43FA-A983-8CFD26DCCCE6} - \Google Update -> No File <==== ATTENTION Task: {2AFC4A1A-4624-4909-937E-C06573397783} - System32\Tasks\hfdccd => C:\Users\salamouna2\hfdccd\zvbvhivw.exe [2015-07-10] (AutoIt Team) Task: {2E6FEAF1-ECE8-4A9F-9CD7-2288AE99B277} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {3A0F3D84-AC0E-4E2D-B40B-58DE5EB9037E} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {4453AEEB-2FD2-4C95-BAEC-D8CC46163A86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {4904A467-029A-4FA3-814E-F9B60459075D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {5AB1A12D-E3A1-455C-AC75-D7E90C9983EE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-26] (Realtek Semiconductor) Task: {63273E66-DC21-4F59-99A5-6A53C79B5E96} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {68B9BCF9-1986-4BDE-A23C-32135F0929A4} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-30] () Task: {69F7916A-70C2-4898-8414-FC5CB36AD8C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {6A596AF8-E666-45AB-939B-E553FD83FF1B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {70637062-DC18-425E-AE37-B4AA5C44113A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {7D286572-9A8E-44AF-A15B-1A6955F4BBDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-03] (Google Inc.) Task: {831FB78A-A096-4006-998E-9FB9AFBE0D57} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation) Task: {93357560-2CD3-4F9E-9E01-12179707A1FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {95CF4079-9C3D-4335-B50A-3AFA122A03E8} - System32\Tasks\{6DDF7C85-E9A4-482B-8905-8345726CEC8A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/fr/abandoninstall?source=lightinstaller&page=tsMain Task: {B93A2461-7FDF-4112-B796-75DA19B35D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C3EE5D55-E77E-4BEB-804F-AF5E0575B223} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-06-01] (AVG Technologies CZ, s.r.o.) Task: {D2A52D7B-457D-4F26-8BE4-20FC5E1384C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-03] (Google Inc.) Task: {D4A92B6C-03FC-48A6-8567-B3750CF4192C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.) Task: {D76F1F42-D3C8-4816-8B45-E7486AF9DED2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.) Task: {ED056F24-4F09-4E0B-962F-AEDB747147B4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe Task: {F1C8788E-19C1-4CC3-9D48-F8BCDAB5C307} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {F90636A8-2115-4F09-BE19-FD70F9F9ACF4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {F989AEF5-BCE8-4702-BF86-0603DCB557A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-14 21:10 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-11-28 11:34 - 2014-08-20 08:27 - 00242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2016-04-13 16:53 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-13 16:53 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-24 16:20 - 2016-05-24 16:20 - 00959168 _____ () C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-05-27 13:19 - 2016-05-27 13:19 - 00052912 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-04-14 16:04 - 2014-04-14 16:04 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2015-12-19 01:08 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-02-18 19:41 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-13 16:50 - 2016-04-02 04:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-13 16:50 - 2016-04-02 04:26 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll 2016-07-03 18:28 - 2016-07-03 18:28 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-02-15 17:22 - 2016-02-15 17:22 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-02-15 17:22 - 2016-02-15 17:22 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-02-15 17:28 - 2016-02-15 17:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-13 16:51 - 2016-04-02 04:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-13 16:51 - 2016-04-02 03:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-04-13 16:52 - 2016-04-02 03:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-13 16:52 - 2016-04-02 04:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-04-14 16:41 - 2014-04-14 16:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-05-24 16:20 - 2016-05-24 16:20 - 00679624 _____ () C:\Users\salamouna2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2015-02-25 14:15 - 2015-02-25 14:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-03-09 22:49 - 2016-03-09 22:49 - 01114136 _____ () C:\Users\salamouna2\AppData\Roaming\Mozilla\Firefox\Profiles\e18oh439.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2016-02-15 17:28 - 2016-02-15 17:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-15 17:28 - 2016-02-15 17:30 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-07-03 22:40 - 2016-06-02 05:32 - 01709976 _____ () C:\Users\salamouna2\AppData\Local\CentBrowser\Application\1.9.13.75\libglesv2.dll 2016-07-03 22:40 - 2016-06-02 05:32 - 00081816 _____ () C:\Users\salamouna2\AppData\Local\CentBrowser\Application\1.9.13.75\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [306] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\salamouna2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "XboxStat" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1498194768-3071915256-2736199516-1001\...\StartupApproved\Run: => "Google Update" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{FBD6C7A3-96F4-4BA4-B3A0-DA9CA91AF2A9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{6A6F2BB9-29D3-463F-8090-3354FEBEC9BB}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{4699980F-073C-4303-BB42-625FBB00445A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{67DF7A49-CE12-4B54-85E4-E6A05882CA55}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{325C551B-50D5-43E5-A3E9-D0FB8305BBDF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2C613F3F-7EB4-460A-ADB8-45F21E3892A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{1DDB1A23-CB54-43FF-A90B-C9B82F9630EE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A8E3FC6C-B55C-4D30-87ED-B57C701C09BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{22AF13E6-D352-409E-96ED-C05F607F6C4E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{E4317E6F-6830-4DB9-B6E7-B8A4E53BEB29}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{1FA372BE-1393-4EC1-935B-65B4E3B604B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8FC7A131-1897-4E78-BD7A-A6AEA72CD200}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{104B4B33-A23A-4C0F-9163-C3EFBB452573}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{13C3B734-810C-4128-B1EC-3C6C20E20A50}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{AC680737-21CB-4946-B75C-8E811C15E7FF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{BCDF1721-6407-467D-ACCA-4F6C7C376D7F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{DCB5BA34-E321-49F3-BE47-BED2869B667F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{7BB501D3-3084-49C0-B3E4-E4988455F65E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{BFF0DB46-1C54-4110-B127-02B2900B9F9A}] => (Allow) LPort=8317 FirewallRules: [{3220E14A-35DC-4ECB-AB6B-A917CB044616}] => (Allow) C:\Users\salamouna2\AppData\Roaming\Nox\bin\Nox.exe FirewallRules: [TCP Query User{6F759F54-398C-4D55-89BC-FC71716758BC}E:\grand theft auto v\gta5.exe] => (Allow) E:\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{33D432F0-681A-4318-AB94-09B8314DCDAF}E:\grand theft auto v\gta5.exe] => (Allow) E:\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{BEDB0855-4D46-4752-853F-2E82CC21E8CD}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{9117BCA3-B01A-4217-8A9C-6181562CBB8F}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => (Allow) C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{D8289F40-1115-438A-A064-7CF6CC203D6E}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe FirewallRules: [{6516A227-8220-46E8-9303-2DD7ECE9B5B6}] => (Allow) C:\Program Files\DriversCloud.com\MCDetection.exe ==================== Restore Points ========================= 05-06-2016 18:00:39 Installed Splashtop Personal. 17-06-2016 14:10:21 Installed DirectX 30-06-2016 15:31:05 Removed Google Earth 01-07-2016 15:55:20 zoek.exe restore point 02-07-2016 14:17:45 JRT Pre-Junkware Removal 03-07-2016 19:20:23 Removed Google Talk Plugin ==================== Faulty Device Manager Devices ============= Name: Intel(R) Dynamic Platform and Thermal Framework Manager Description: Intel(R) Dynamic Platform and Thermal Framework Manager Class Guid: {c3077fcd-9c3c-482f-9317-460712f23efd} Manufacturer: Intel Service: esif_lf Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (07/04/2016 11:31:39 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (07/04/2016 03:24:54 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (07/04/2016 03:24:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest. Error: (07/03/2016 09:58:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x12c8 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/03/2016 09:25:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x14e8 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/03/2016 07:20:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/03/2016 07:12:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Faulting module name: igfxHK.exe, version: 6.15.10.4331, time stamp: 0x564cc83e Exception code: 0xc0000409 Fault offset: 0x0000000000015953 Faulting process id: 0x8d0 Faulting application start time: 0xigfxHK.exe0 Faulting application path: igfxHK.exe1 Faulting module path: igfxHK.exe2 Report Id: igfxHK.exe3 Faulting package full name: igfxHK.exe4 Faulting package-relative application ID: igfxHK.exe5 Error: (07/03/2016 05:56:03 PM) (Source: .NET Runtime) (EventID: 1022) (User: ) Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2472. Message ID: [0x2509]. Error: (07/03/2016 05:52:47 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (07/03/2016 05:52:00 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 System errors: ============= Error: (07/04/2016 03:32:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 = This driver has been blocked from loading Error: (07/04/2016 03:32:42 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\SALAMO~1\AppData\Local\Temp\ehdrv.sys Error: (07/04/2016 03:32:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 = This driver has been blocked from loading Error: (07/04/2016 03:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\SALAMO~1\AppData\Local\Temp\ehdrv.sys Error: (07/04/2016 03:32:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 = This driver has been blocked from loading Error: (07/04/2016 03:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\SALAMO~1\AppData\Local\Temp\ehdrv.sys Error: (07/04/2016 03:26:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 = This driver has been blocked from loading Error: (07/04/2016 03:26:30 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\SALAMO~1\AppData\Local\Temp\ehdrv.sys Error: (07/04/2016 03:26:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 = This driver has been blocked from loading Error: (07/04/2016 03:26:29 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\SALAMO~1\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2016-06-06 12:51:16.975 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-22 23:00:23.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-07 22:20:07.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-18 13:00:13.480 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 17:29:32.966 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 15:03:26.238 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 14:59:42.972 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-26 14:24:45.287 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-15 23:33:08.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-15 23:24:15.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz Percentage of memory in use: 64% Total physical RAM: 8091.35 MB Available physical RAM: 2861.59 MB Total Virtual: 11737.38 MB Available Virtual: 6671.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:345.23 GB) (Free:183.16 GB) NTFS Drive e: (New Volume) (Fixed) (Total:585.94 GB) (Free:387.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 12395357) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=345.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=585.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================