Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015 Ran by Ellen (2015-09-26 14:46:55) Running from C:\Users\Ellen\Desktop Windows 10 Home (X64) (2015-09-05 17:39:23) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1046601001-1906817106-3343807100-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1046601001-1906817106-3343807100-503 - Limited - Disabled) Ellen (S-1-5-21-1046601001-1906817106-3343807100-1001 - Administrator - Enabled) => C:\Users\Ellen Guest (S-1-5-21-1046601001-1906817106-3343807100-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1046601001-1906817106-3343807100-1007 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.) Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.) Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.) Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.) Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.20.0 - Canon Inc.) Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.2.10.0 - Canon Inc.) Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.) Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.) Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.10.0 - Canon Inc.) Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - Canon Inc.) Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.) Canon Utilities ZoomBrowser EX Packages (HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\...\Canon Utilities ZoomBrowser EX Packages) (Version: - ) <==== ATTENTION CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1046601001-1906817106-3343807100-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 08-09-2015 22:10:43 Windows Update 12-09-2015 00:11:47 Installed iTunes 17-09-2015 00:25:31 Removed Bonjour 21-09-2015 20:33:47 Windows Update 23-09-2015 20:56:03 Restore Point Created by FRST 23-09-2015 21:25:55 Restore Point Created by FRST 24-09-2015 22:18:32 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-09-06 03:03 - 2015-09-06 03:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0ABC42E4-654D-49C9-8C1D-DE405591DBD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A9558401-C58D-4F3E-A93D-0D839DC8438B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {C3D768AA-BAC2-4C56-999D-CBE01F80DB42} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-21 06:36 - 2015-08-21 06:36 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-21 06:36 - 2015-08-21 06:36 - 00413184 _____ () C:\WINDOWS\System32\diagtrack_win.dll 2015-09-23 22:08 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-09-23 22:08 - 2015-08-18 08:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-08-21 06:36 - 2015-08-21 06:36 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 12:00 - 2015-07-10 14:14 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-08-21 06:36 - 2015-08-21 06:36 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-08-21 06:36 - 2015-08-21 06:36 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-09-05 21:55 - 2015-02-10 15:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe 2015-09-05 21:55 - 2015-02-18 14:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll 2015-02-10 10:03 - 2015-02-10 10:03 - 00507904 _____ () C:\Program Files (x86)\Canon\EOS Utility\EDSDK.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Ellen\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1046601001-1906817106-3343807100-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg DNS Servers: 82.163.143.162 - 82.163.142.164 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2015 02:33:00 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.WindowsStore_8wekyb3d8bbwe3 Error: (09/26/2015 02:18:35 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe3 Error: (09/26/2015 02:16:52 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.WindowsStore_8wekyb3d8bbwe3 Error: (09/26/2015 02:06:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: OneDrive.exe, version: 17.3.5892.626, time stamp: 0x558cfe5a Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a Exception code: 0x80000003 Fault offset: 0x00132bd2 Faulting process id: 0x834 Faulting application start time: 0xOneDrive.exe0 Faulting application path: OneDrive.exe1 Faulting module path: OneDrive.exe2 Report Id: OneDrive.exe3 Faulting package full name: OneDrive.exe4 Faulting package-relative application ID: OneDrive.exe5 Error: (09/26/2015 01:56:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ELLEN) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/26/2015 01:56:46 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.WindowsStore_8wekyb3d8bbwe3 Error: (09/26/2015 01:56:41 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe3 Error: (09/25/2015 10:11:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe3 Error: (09/25/2015 10:11:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Microsoft.Photos.exe, version: 15.922.11070.0, time stamp: 0x56019d82 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16431, time stamp: 0x55c9bf27 Exception code: 0xc000027b Fault offset: 0x0000000000464bd7 Faulting process id: 0x3ac Faulting application start time: 0xMicrosoft.Photos.exe0 Faulting application path: Microsoft.Photos.exe1 Faulting module path: Microsoft.Photos.exe2 Report Id: Microsoft.Photos.exe3 Faulting package full name: Microsoft.Photos.exe4 Faulting package-relative application ID: Microsoft.Photos.exe5 Error: (09/25/2015 10:02:44 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: ELLEN) Description: Microsoft.Windows.Photos_8wekyb3d8bbwe3 System errors: ============= Error: (09/26/2015 02:18:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (09/26/2015 02:18:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2015-09-25 22:27:37.540 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 22:27:37.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 22:27:37.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 22:27:37.473 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 22:27:37.003 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-23 20:57:18.316 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-22 23:17:02.409 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\Haedyanurv64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-22 23:17:02.385 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\Haedyanurv64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-22 16:55:14.492 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\Haedyanurv64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-22 16:55:14.471 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\Haedyanurv64.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz Percentage of memory in use: 40% Total physical RAM: 3974.8 MB Available physical RAM: 2378.91 MB Total Virtual: 5382.8 MB Available Virtual: 3843.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:438.11 GB) (Free:382 GB) NTFS Drive d: (KIS Multi-Device) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9D808610) Partition: GPT. ==================== End of Addition.txt ============================