Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015 Ran by User (2015-09-26 15:51:18) Running from C:\Users\User\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2013-03-08 03:58:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2252590582-4192995194-4039708225-500 - Administrator - Disabled) ASPNET (S-1-5-21-2252590582-4192995194-4039708225-1004 - Limited - Enabled) Guest (S-1-5-21-2252590582-4192995194-4039708225-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2252590582-4192995194-4039708225-1002 - Limited - Enabled) User (S-1-5-21-2252590582-4192995194-4039708225-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Design Standard (HKLM-x32\...\Adobe_1e3ba55b33b1e8227645fb9c82acca3) (Version: 4.0 - Adobe Systems Incorporated) Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 Plugin (HKLM-x32\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.) Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated) Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden Azteca (HKLM-x32\...\Azteca) (Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dr Monocle's Opticle Experiment (HKLM-x32\...\Dr Monocle's Opticle Experiment) (Version: - ) Elven Mists (HKLM-x32\...\Elven Mists) (Version: - ) Epson Easy Photo Print 2 (HKLM-x32\...\{1FE8D36C-4441-4115-BCA3-9339ED003C36}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION) EPSON NX130 TX130 Series Printer Uninstall (HKLM\...\EPSON NX130 TX130 Series) (Version: - SEIKO EPSON Corporation) Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden Fairy Jewels (HKLM-x32\...\Fairy Jewels) (Version: - ) FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Fun Learning Shape and Colour (HKLM-x32\...\Fun Learning Shape and Colour) (Version: - ) Golden Sub (fullversion) (HKLM-x32\...\Golden Sub (fullversion)) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden Jigsaw Mania (HKLM-x32\...\Jigsaw Mania) (Version: - ) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kobo (HKLM-x32\...\Kobo) (Version: - ) kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden LEGO Alpha Team (HKLM-x32\...\{C5C8DE40-1AB7-11D4-854E-00A0C99F6AF9}) (Version: - ) LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe) Macromedia Flash Player 8 (HKLM-x32\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia) McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.) McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.167 - McAfee, Inc.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Basic 2007 (HKLM-x32\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Nonoh (HKLM-x32\...\Nonoh_is1) (Version: 4.12 build 704 - Finarea S.A. Switzerland) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company) Pirateville (Fullversion) (HKLM-x32\...\Pirateville (Fullversion)) (Version: - ) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6104 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden SCREENSEVEN GAME CENTER (HKLM-x32\...\UKGplayer) (Version: - ) SecEditCtl.BOC (仅用做移除) (HKLM-x32\...\SecEditCtl.BOC) (Version: 1.0.1.7 - CFCA) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden TumbleJumble (HKLM-x32\...\TumbleJumble) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) XRD i1d3 (x32 Version: 1.0.135 - X-Rite) Hidden Yan_Button & OSD (HKLM-x32\...\{BA4F5E73-14AD-4416-96C4-46E0F3CE9144}) (Version: 1.0.0.4 - Hewlett-Packard) Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden 搜狗五笔输入法 2.0正式版 (HKLM-x32\...\Sogou WBInput) (Version: - Sogou.com Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 16-09-2015 03:17:48 Windows Update 25-09-2015 14:24:56 Scheduled Checkpoint 26-09-2015 11:06:23 Restore Operation ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3ADACE7D-2098-43A4-85B4-A021840D72A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {557701B5-78C3-4D2D-A9C1-463CC8FF297D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {72690F18-5022-4F1A-AA11-79C659CAE363} - System32\Tasks\{679EACE1-BE35-48FD-A1FC-BB17B3D58A43} => pcalua.exe -a E:\setup.exe -d E:\ Task: {7A81D310-CF20-428B-B751-DA8DB4CE8E55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe Task: {829A4ACF-D28B-4C59-B060-EFC415B6BCF1} - System32\Tasks\{F0716501-AABC-435B-BF8B-EB94ABA72DBF} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/go/help.faq.installer?LastError=1603 Task: {9413786D-B1DF-4C6C-8D25-BC88201E3581} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.) Task: {996E91BE-3410-484F-8386-6D61E67BE2A8} - System32\Tasks\{AD3A3E38-E834-4146-A3F9-577EE09E601A} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/go/help.faq.installer?LastError=1603 Task: {9CDB5139-741F-4903-A11C-EEC196E3426F} - System32\Tasks\{A62FB803-F28C-444B-9A4E-CFE824A754AE} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {B5332316-4D52-463B-B714-088B92809294} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {BEFDD3FD-4D19-4CF5-9182-FC6F7261B0ED} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {CB0ED5A9-67FA-432B-8712-8882B107BE10} - System32\Tasks\{415A1E5D-4288-4715-B345-9A7175D6F6EC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall BASICR /dll OSETUP.DLL Task: {CDAC3EBA-F7E6-42FF-BDB1-424E06F2AB0C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.) Task: {CF3F56E3-40C8-48B5-8A33-90715B3D3347} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] () Task: {D7CCB675-0A4F-404E-AF7A-489AFFCBD291} - System32\Tasks\{55CE3C05-694B-4D27-BE32-A40178B43361} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.271/en/go/help.faq.installer?LastError=1603 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2010-01-30 09:38 - 2010-01-30 09:38 - 00208896 _____ () C:\Program Files (x86)\Hewlett-Packard\Yan_Button & OSD\HKBD.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2010-02-10 11:58 - 2010-02-10 11:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2014-08-25 11:45 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-08-25 11:45 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\User\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2015-09-26 14:29 - 2015-09-24 12:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\bankofchina.com -> hxxp://www.bankofchina.com IE trusted site: HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\...\boc.cn -> hxxps://ebs.boc.cn ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2252590582-4192995194-4039708225-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{12E669F8-D8CD-467D-9808-2A4EA11C37E6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{57B1D596-4CAB-4EA3-84B7-925523729A68}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{D0C216FA-D1CE-4C75-B726-3FF8AE464CF4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{176E130A-0A70-4120-8B89-8B2D85CB0CFE}] => (Allow) svchost.exe FirewallRules: [{554364BF-81CF-4FB3-9AEE-D43563CAEE1E}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{24005581-4983-4FC6-8D79-E3AD301B0693}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{78915A9E-0A67-468B-BBFB-3A79026136BF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [TCP Query User{6879782C-9317-4912-80B6-D0E938685F32}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{8AB4CCB2-D998-4369-AA8A-732E3CF75E18}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{1324D8F6-80BE-44C0-BF14-2D7254234984}] => (Allow) LPort=5353 FirewallRules: [{0CB3ECFB-F3D3-46F6-80CC-A2701D882EF5}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [{1CEA9B18-A186-4A68-953B-3D4125327B22}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [TCP Query User{3BB398AD-9CDF-45CB-BEF6-6A6DA41F5CFD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{A6D4EBA4-6DDC-46F2-A201-61B33A8B1AC8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{3BCEF1EF-D689-4FDC-8870-7AD820B8188A}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{81DBF2EA-2E1F-4EA0-AFC1-608CB3233243}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe FirewallRules: [{F881725F-713E-4B2D-AC83-84B35C44C779}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{741EBA1B-BFBC-4465-B5BF-D2FE976EFE04}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe FirewallRules: [{3795CB92-2573-4EB2-A83B-29731F2FFB86}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{9368B02C-DC0C-4C99-844D-18050E13CE52}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe FirewallRules: [{7DF5D73A-47F8-4011-9748-6802CB306E5C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D79E0889-0D62-4B5B-8D47-1E1796449AAB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe FirewallRules: [{EE8A561D-2E08-427B-A8DF-C0B048AC8441}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe FirewallRules: [{F8BB76B1-3254-4A45-BB57-54F46A0B7446}] => (Allow) LPort=5454 FirewallRules: [{C883330D-2C0A-4FFD-BB6F-4550786C55DF}] => (Allow) C:\Windows\System32\hasplms.exe FirewallRules: [{157994B1-17F8-42C3-B6A3-63F98C4EC002}] => (Allow) C:\Windows\System32\hasplms.exe FirewallRules: [{54694985-A6E7-4A6F-A266-584A59D719D2}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe FirewallRules: [{52EC2016-CB96-4DC0-BFA3-C0AAFA5AA115}] => (Allow) C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe FirewallRules: [{D5696B85-E66F-4FE8-B97F-0385417D5196}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe FirewallRules: [{80BFBA84-A273-4C3A-820A-CF07F82FAC84}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe FirewallRules: [{EFC2EB8F-8776-4A7B-8AEA-6D14CADEBDDF}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe FirewallRules: [{1DACA45D-33F8-4FC2-BFD6-A66FC35DB0CB}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe FirewallRules: [{181E9944-CF2C-4665-8558-53519C648B59}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe FirewallRules: [{EE8865A3-2BA5-409A-8C13-D5D206C82A73}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe FirewallRules: [{98852F11-81E5-46FA-BCCE-483B6F9E62B5}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\IEProc.exe FirewallRules: [{C08B6281-FBD4-4AA1-ACA2-2BCC83639D1F}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe FirewallRules: [{A8426A50-6780-496B-895B-845CB8A3E53E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{3CD566B7-4D10-4C18-87C1-CF2CC6EE47B7}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe FirewallRules: [{21DCB060-8B69-4477-B294-C27AD9A1911D}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe FirewallRules: [{2AA6B3FA-401B-4A6F-A637-03006D146A04}] => (Allow) C:\Users\User\AppData\Roaming\Tencent\QQ\STemp\BackupDLTmp\Download\MiniQTUpdate.exe FirewallRules: [{4F60F7AA-59ED-44BA-AAFC-C4274E0C5641}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{26DD5C96-2C7E-4518-BC05-C91BD447236A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{98F95A4E-AA40-406C-9A0E-1950669EDBE2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2015 11:16:17 AM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005. Error: (09/26/2015 09:38:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 13b0 Start Time: 01d0f7eabf2f0a84 Termination Time: 6505 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (09/18/2015 10:34:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program McUICnt.exe version 7.0.4063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 848 Start Time: 01d0f0e334ee87dd Termination Time: 269 Application Path: C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe Report Id: e7699529-5d9c-11e5-97e7-7071bc789bf4 Error: (09/17/2015 05:00:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: The specified server cannot perform the requested operation. . Error: (09/17/2015 05:00:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: with error: This operation returned because the timeout period expired. . System errors: ============= Error: (09/26/2015 03:40:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: %%1053 Error: (09/26/2015 03:40:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect. Error: (09/26/2015 03:40:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: %%1053 Error: (09/26/2015 03:40:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect. Error: (09/26/2015 03:39:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: %%1053 Error: (09/26/2015 03:39:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect. Error: (09/26/2015 02:51:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: %%1053 Error: (09/26/2015 02:51:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect. Error: (09/26/2015 02:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Validation Trust Protection Service service failed to start due to the following error: %%1053 Error: (09/26/2015 02:51:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Validation Trust Protection Service service to connect. ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU D425 @ 1.80GHz Percentage of memory in use: 58% Total physical RAM: 2038.18 MB Available physical RAM: 835.8 MB Total Virtual: 4076.36 MB Available Virtual: 2028.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:465.66 GB) (Free:283.58 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: FF6F7792) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================