Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01 Ran by Antonio at 2015-04-30 11:36:05 Running from C:\Users\Antonio\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1596431099-4026986612-2164781503-500 - Administrator - Disabled) Antonio (S-1-5-21-1596431099-4026986612-2164781503-1001 - Administrator - Enabled) => C:\Users\Antonio Guest (S-1-5-21-1596431099-4026986612-2164781503-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67} FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 3.0.2.59 - WildTangent) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation) Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5529 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.3.5529 - CyberLink Corp.) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3317 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2.3317 - CyberLink Corp.) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC) DVDStyler v2.9.2 (HKLM-x32\...\DVDStyler_is1) (Version: - ) f.lux (HKU\S-1-5-21-1596431099-4026986612-2164781503-1001\...\Flux) (Version: - ) Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Five Nights at Freddy's 3 (HKLM-x32\...\Steam App 354140) (Version: - Scott Cawthon) Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{198B2800-6C16-4F2A-BC52-EA0F7FD67095}) (Version: 1.3.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation) NVIDIA Graphics Driver 335.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.69 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security) Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0002 - Panda Security) Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30175 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Roads of Rome 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - Firaxis Games) Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam) Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden Watchtower Library 2014 - English (HKLM-x32\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 16-04-2015 05:15:16 Windows Update 18-04-2015 16:52:32 Revo Uninstaller's restore point - WildTangent Games 27-04-2015 23:22:43 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AE4F2D7-685D-423A-A4EC-D08C4E215DD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.) Task: {11E75BF8-276C-4E1B-915A-2A13E0960671} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation) Task: {124F7BC9-ACA2-4F39-9BC0-C634233A0A7F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: {13069E42-2599-4619-B0B8-C1B1E1265FE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3CGFVGN2 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {1DE8A393-B229-44D3-AB54-FF0616DA2994} - \Start SimplePass No Task File <==== ATTENTION Task: {4637CDAD-24F2-4FF4-8391-1E3AD37D39DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd) Task: {4C58AF94-2C5C-401A-93DF-9CAB1A448CA1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: {55630ACE-97AB-41A4-AA2D-FFF965274D91} - System32\Tasks\HPCeeScheduleForAntonio => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {61DE756C-6047-42CF-AFCE-A2654390F72D} - \Start OPBHOBroker No Task File <==== ATTENTION Task: {691002D8-3B5F-431F-849C-A37CFF58998C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {75259C18-C2AF-4B4C-8924-1B2A312EEAB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company) Task: {7E55C67F-5463-4A87-8CAF-58702D8BED23} - \Start OPBHOBrokerDesktop No Task File <==== ATTENTION Task: {7E5F9F08-874C-46EE-81CF-8CAC64D7405A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation) Task: {84CF534F-7138-4512-ABA1-77F8F2AFA662} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard) Task: {A40256E1-0CFA-4CE6-B0CA-9ABC5AC44724} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {AED36578-AA5D-40D7-8030-50EB76D9BEB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-25] (Google Inc.) Task: {B10879B7-76F6-4685-A688-A4BD712327E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company) Task: {BC86911B-4C2C-4986-8E4C-5EC11646A1A9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\HPCeeScheduleForAntonio.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-20 16:04 - 2014-07-06 12:59 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-04-14 18:40 - 2011-02-28 15:37 - 00095008 _____ () C:\windows\System32\Primomonnt.dll 2015-03-20 16:42 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2013-04-12 10:23 - 2013-04-12 10:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2015-04-17 07:48 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll 2015-04-17 07:48 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll 2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2015-04-17 07:48 - 2015-04-13 14:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll 2015-03-25 13:48 - 2015-03-09 23:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-03-25 13:48 - 2014-12-01 17:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-03-25 13:48 - 2015-04-13 16:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll 2015-03-25 13:48 - 2014-12-01 17:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-03-25 13:48 - 2014-12-01 17:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-03-25 13:48 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-03-25 13:48 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-03-25 13:48 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-03-25 13:48 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-03-25 13:48 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-03-25 13:48 - 2015-04-13 16:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2015-03-25 13:48 - 2015-02-24 18:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2014-08-13 10:54 - 2014-08-13 10:54 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Antonio\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1596431099-4026986612-2164781503-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Antonio\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg DNS Servers: 192.168.29.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{E8E2344E-89BB-4104-A5A0-65EE30380221}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2163DDDD-6C6F-4C73-8021-40D1F8A03935}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B0A854E0-DF4F-4A97-B7BF-CDDFCEC6E416}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{333041D6-F3F1-47CB-ADE9-C9987FF6814E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{C7219C7E-CF05-4561-A4F7-6A01514201A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{977BF083-092C-4F66-9BBA-64FF30A474C7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F8935901-E75E-42B0-AA30-186925045BD3}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{98E32C29-0BBD-448F-9F27-E24B4AB905F2}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{F4F4D266-6448-4A42-8461-E79CC17D16E1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{240E1088-8653-47F8-A16C-C40FACEF63EE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{00F4D66C-F949-4ECA-918D-BCEB681D35FB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{DAD03674-9A42-4943-9AFC-19E3C12D80F0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{BF78FDD1-B181-4163-9B37-C77E40CA771B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{4431B801-B526-4AB9-BB80-3B405D3E8B8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8E4D26E5-643A-4F38-8057-8317C7EC3BE6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5C470667-1EB2-4992-A1A8-8699C0DE9ABD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{83A60457-4620-4DCF-AB80-3BC23298FEB7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D30D46D8-9FAB-4A51-9A1F-1E39AC66E5BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{CF216058-C06C-4472-97CF-80140745B872}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{CE74F23C-797A-4897-BEDF-D4EF81F2FFFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe FirewallRules: [{2D89841C-23E6-4FEA-A135-6F1EFC3585B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe FirewallRules: [{589468F3-3B74-44F0-8B9B-6E96165A6AF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{3764B9F2-4018-48FC-AAB3-EFA0E0AA5FE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{DC38287B-AC5B-490E-995C-7E61B0676CA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe FirewallRules: [{D5E85000-B21D-4D91-9094-64938731D310}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe FirewallRules: [{EAC011A3-FA3F-42EB-8F74-C564C9B6C906}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe FirewallRules: [{E27AAD88-E1C4-4E87-A6D9-EBB254A61B5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe FirewallRules: [{07D87A31-A3D9-437C-9A1E-B8DAC2DBEF1F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{1FDDBE8E-D811-4F69-A41D-6AD932AA6C78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/30/2015 09:14:18 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (04/30/2015 05:48:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/30/2015 05:48:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/30/2015 01:47:48 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (04/29/2015 03:00:59 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/29/2015 03:00:59 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/29/2015 02:43:06 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/29/2015 02:43:06 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/29/2015 01:01:26 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (04/28/2015 02:53:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "PDR.X,type="win32",version="1.0.0.0"1". Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (04/30/2015 09:16:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%1053 Error: (04/30/2015 09:16:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. Error: (04/30/2015 09:16:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/30/2015 09:16:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/30/2015 09:14:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (04/30/2015 09:14:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP SimplePass Service service failed to start due to the following error: %%2 Error: (04/30/2015 09:14:04 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:09:53 AM on ‎4/‎30/‎2015 was unexpected. Error: (04/27/2015 04:30:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (04/27/2015 04:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP SimplePass Service service failed to start due to the following error: %%2 Error: (04/27/2015 04:29:56 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007a (0xfffff6fc80a133d0, 0xffffffffc000003f, 0x000000015b3ca880, 0xfffff9014267a048)C:\windows\MEMORY.DMP042715-30328-01 Microsoft Office Sessions: ========================= Error: (04/30/2015 09:14:18 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcX509CertManager::KeyCertInit failed [0] Error: (04/30/2015 05:48:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest Error: (04/30/2015 05:48:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest Error: (04/30/2015 01:47:48 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (04/29/2015 03:00:59 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest Error: (04/29/2015 03:00:59 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest Error: (04/29/2015 02:43:06 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest Error: (04/29/2015 02:43:06 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest Error: (04/29/2015 01:01:26 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: .NETFrameworkC:\windows\system32\mscoree.dll8 Error: (04/28/2015 02:53:38 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: PDR.X,type="win32",version="1.0.0.0"c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest CodeIntegrity Errors: =================================== Date: 2015-04-15 18:15:40.293 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoRun.exe that did not meet the Store signing level requirements. Date: 2015-04-14 18:41:57.693 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoRun.exe that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz Percentage of memory in use: 22% Total physical RAM: 12226.09 MB Available physical RAM: 9450.52 MB Total Pagefile: 24514.09 MB Available Pagefile: 21048.47 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1842.82 GB) (Free:1739.09 GB) NTFS Drive d: (Recovery Image) (Fixed) (Total:18.72 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: () (Fixed) (Total:465.66 GB) (Free:438.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (WTLIB14E) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 21AF4009) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A1F9A144) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================