Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by user (01-11-2016 19:47:09)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-08-21 01:13:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3596991858-899571758-1917397009-500 - Administrator - Disabled)
Guest (S-1-5-21-3596991858-899571758-1917397009-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3596991858-899571758-1917397009-1002 - Limited - Enabled)
Naftali (S-1-5-21-3596991858-899571758-1917397009-1003 - Limited - Enabled) => C:\Users\Naftali
user (S-1-5-21-3596991858-899571758-1917397009-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft)
AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_deed1aa8968e381d5c0b3135a30616a) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) - FranÃ§ais (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Antidote 8 (HKLM-x32\...\{09AAAB09-6DBA-4DD9-9865-54597D3FBCA8}) (Version: 8.02.67 - Druide informatique inc.)
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Assistant de tÃ©lÃ©chargement (HKLM-x32\...\{92154A3C-9BB7-49D7-A571-4EB6373FA5AD}) (Version: 6.65.13 - Druide informatique inc.)
Bluetooth Stack for Windows by Toshiba (HKLM-x32\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v5.10.04(T) - )
calibre 64bit (HKLM\...\{020EB053-529D-4FFB-AD9F-40374ACB949A}) (Version: 2.57.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
K-Lite Mega Codec Pack 8.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.1.0 - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Hebrew ×¢××¨××ª (HKLM-x32\...\Office14.OMUI.he-il) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-040D-0000-0000000FF1CE}_Office14.OMUI.he-il_{687F46DC-5532-4DDE-843D-EBF8AC32AA9D}) (Version:  - Microsoft)
Suite Shared Configuration CS4 (x32 Version: 1.1.1 - Adobe Systems Incorporated) Hidden
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSoftME (Version: 1.0 - Adobe Systems Incorporated) Hidden
WinSoftME (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3596991858-899571758-1917397009-1001_Classes\CLSID\{5563940C-ABF0-47B4-BB0E-B5D8680B570A}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3596991858-899571758-1917397009-1001_Classes\CLSID\{5563940D-49FD-4F1A-96AA-147B474290EE}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\MoteurIntegration.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3596991858-899571758-1917397009-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8E}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\AgentAntidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3596991858-899571758-1917397009-1001_Classes\CLSID\{A12A9CAB-1C75-4AA3-A980-74F25AB94C8F}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)
CustomCLSID: HKU\S-1-5-21-3596991858-899571758-1917397009-1001_Classes\CLSID\{AD630E0F-BF29-4791-AD3B-A289E884E37C}\localserver32 -> C:\Program Files (x86)\Druide\Antidote 8\Programmes64\Antidote.exe (Druide informatique inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09054B49-6212-44A4-BD75-A5E449BDC952} - System32\Tasks\{7ABC23B5-6662-4195-ACAA-916EF2FBEC67} => pcalua.exe -a "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\As0.exe" -d "C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack" -c /MODE=0
Task: {60B28FCC-7FD1-4938-92B7-270F70E8A155} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {926424D6-DF1D-40BA-A589-DAD6A76B4BFA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9447E4FE-6C3C-4A5A-BCFA-8A6F4E307F12} - System32\Tasks\RimonCrt => C:\RimonCrt\RimonCrt.exe [2015-04-12] ()
Task: {9F297F9C-A60B-4990-81C3-48901F0713BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C6B3E27B-76E4-43DE-ABB4-8A4D6EA0EC6E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-31] (Adobe Systems Incorporated)
Task: {F50EC5E6-1473-4168-9B23-65775C482113} - System32\Tasks\{DBFC149A-74EC-4E5B-B8A0-255C09C0CAA7} => pcalua.exe -a C:\Users\user\Downloads\util_bt_monitor_25884A(1).exe -d C:\Users\user\Downloads
Task: {F7084932-916A-43AC-8595-0D4348723B96} - System32\Tasks\{F5DD8DAC-BCA9-4BA8-AA3C-43784E66A1A5} => pcalua.exe -a C:\Users\user\Downloads\util_bt_monitor_25884A.exe -d C:\Users\user\Downloads
Task: {F77C177B-ED46-4893-8629-0178022B99C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F8C214B9-A0E5-4C78-A982-604022B42CA1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-28 16:44 - 2016-01-28 16:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
2016-01-28 16:47 - 2016-01-28 16:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareShellExtension.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
2016-01-28 16:48 - 2016-01-28 16:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
2016-01-28 16:48 - 2016-01-28 16:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\fr_fr\acrotray.fra
2014-08-01 13:05 - 2014-08-01 13:05 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-10 05:18 - 2010-01-10 05:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 19:43 - 2012-09-23 19:43 - 00102912 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Locale\fr_fr\PDFMaker\PDFMOfficeAddin.FRA

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [422]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Software\Classes\.reg:  =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3596991858-899571758-1917397009-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 168.0.0.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{081D5874-9C13-46FF-8EC5-255FE4C43CF2}] => (Allow) LPort=5353
FirewallRules: [{2BCEAC4C-ACB7-49D2-BA90-41DF5DA419D6}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{67E710E2-1F56-430A-B1DA-714901AB6F66}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [TCP Query User{27D27D55-1600-499E-8687-3A8EC375F6D6}E:\medal of honor allied assault\mohaa.exe] => (Allow) E:\medal of honor allied assault\mohaa.exe
FirewallRules: [UDP Query User{7F88D61E-1774-498B-AC24-FEF671D69C0B}E:\medal of honor allied assault\mohaa.exe] => (Allow) E:\medal of honor allied assault\mohaa.exe
FirewallRules: [TCP Query User{67A60CB1-3FDE-4357-B554-445F73D50C40}E:\medal of honor allied assault\mohaa_server.exe] => (Allow) E:\medal of honor allied assault\mohaa_server.exe
FirewallRules: [UDP Query User{1C06E2C8-F453-424D-81AD-0F8F58953E11}E:\medal of honor allied assault\mohaa_server.exe] => (Allow) E:\medal of honor allied assault\mohaa_server.exe
FirewallRules: [TCP Query User{DE000DEB-D429-4883-B587-8990B8B3915B}C:2\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:2\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{76E53197-5630-4C97-8968-355909F9AC0D}C:2\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) C:2\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{1E62CCDE-9B15-42C3-ACD5-3FBAEB6929C2}H:\call of duty 4 - modern warfare\iw3mp.exe] => (Block) H:\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{FB94D2D9-BC33-4262-9F98-A5BD30969660}H:\call of duty 4 - modern warfare\iw3mp.exe] => (Block) H:\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [{56F5C177-BB43-4292-89E6-A5BD441FF81F}] => (Allow) LPort=51001
FirewallRules: [{CE2DD8A1-0B0C-4D21-9B18-FDDDDAD874B9}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{14BF333F-2EE9-4293-BCA3-8111DA88CD5C}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe
FirewallRules: [UDP Query User{55779315-587B-43D6-A9A0-6F56AE154BD7}C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe] => (Allow) C:\program files (x86)\lego software\lego mindstorms ev3 home edition\mindstormsev3.exe
FirewallRules: [{2560E6DB-F2C5-44A9-B677-335CD1C229FD}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{D750971C-7E24-4E1D-88D8-F1E1128CD4A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E6A30EB2-B6D3-48F5-BB3F-978AD83CC42D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{791A7704-6C6E-4EAB-9406-38357103577C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{D6B7CAC4-2D4A-45F5-9078-4365E939B3C1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{03A3C304-59F1-4600-8638-983A76CA3E15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E74DEB87-0355-4EB0-98BF-0498E7FD00EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{960E00FB-F17F-4287-AC86-5CA50FE77F21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{88ECBBB9-042A-450C-A631-E234CCAFF6EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{D3E4D07B-CB20-4B70-8855-4D278555483E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{75587633-80C3-42B4-B874-753089459E40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{B279A2ED-EDF0-4648-85BA-66260577E051}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{DDB3F55D-F096-4C72-AF59-BA29DC179209}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{E0726CC9-059C-4906-87BC-2358656A8AE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6B433D06-7B45-4785-A17F-D90C96685430}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{13B6CC20-E095-4F11-AAD6-DE60DAE7A4E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2741332-545E-4204-8076-2E97975893EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F6CD3DE0-1DDD-4E0D-8BE6-9E5E332AB15E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1FC78E34-FBB9-4DB5-8C5F-FB0D6F812AC5}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe

==================== Restore Points =========================

05-06-2016 14:25:09 Installed Dragon NaturallySpeaking 12.5 Upgrade.
27-07-2016 12:25:12 Windows Update
05-10-2016 16:05:50 Windows Update
01-11-2016 16:00:31 Dragon NaturallySpeaking 12.0 supprimÃ©.
01-11-2016 16:13:36 Removed calibre
01-11-2016 16:24:36 Removed LEGO MINDSTORMS NXT Software v2.0
01-11-2016 16:28:37 Removed LEGO MINDSTORMS NXT Migration Package
01-11-2016 16:30:48 Removed LEGO MINDSTORMS NXT x64 Driver
01-11-2016 16:33:44 Removed Photoshop Camera Raw_x64
01-11-2016 16:38:32 Removed LEGO MINDSTORMS NXT - English Language Pack
01-11-2016 17:20:08 Removed HP Update
01-11-2016 19:24:13 Removed HP Update

==================== Faulty Device Manager Devices =============

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2016 07:33:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 06:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 05:33:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/01/2016 05:33:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/01/2016 05:27:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 04:34:05 PM) (Source: MsiInstaller) (EventID: 10005) (User: LAPTOP)
Description: Product: Photoshop Camera Raw_x64 -- Please install Photoshop Camera Raw_x64 using Setup.exe

Error: (11/01/2016 04:22:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/01/2016 04:22:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/01/2016 04:19:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/01/2016 04:09:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LAPTOP)
Description: Application or service 'Dragon Service' could not be restarted.


System errors:
=============
Error: (11/01/2016 05:28:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (11/01/2016 05:28:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Error: (11/01/2016 04:15:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (11/01/2016 03:37:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (11/01/2016 03:32:03 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/01/2016 09:07:24 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/31/2016 08:02:51 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/31/2016 07:40:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (10/31/2016 07:38:40 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (10/31/2016 07:33:54 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Event-ID 2001


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 81%
Total physical RAM: 3062.12 MB
Available physical RAM: 561.59 MB
Total Virtual: 6122.44 MB
Available Virtual: 3854.52 MB

==================== Drives ================================

Drive c: (Maine  Disk) (Fixed) (Total:465.76 GB) (Free:278.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3144E6F3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================