Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015 Ran by Regevette (2015-11-08 13:33:13) Running from C:\Users\Regevette\Desktop Windows 10 Home (X64) (2015-09-11 02:11:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1826123673-4292494960-549196744-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1826123673-4292494960-549196744-503 - Limited - Disabled) Guest (S-1-5-21-1826123673-4292494960-549196744-501 - Limited - Enabled) => C:\Users\Guest Regevette (S-1-5-21-1826123673-4292494960-549196744-1000 - Administrator - Enabled) => C:\Users\Regevette ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD USB Filter Driver (HKLM-x32\...\{5BDA2F58-1F21-4D10-9910-92B01EBCC958}) (Version: 1.0.14.91 - Advanced Micro Devices, Inc.) Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) AnyRail4EN (HKLM-x32\...\{3FEECA02-D431-4869-9337-75157612A2A5}) (Version: 4.21.0 - DRail Modelspoor Software) ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - ) Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.) Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.) ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.) Citrix Desktop Receiver (HKLM-x32\...\{9E7EAFCB-12F8-4782-A93A-7C05415679E9}) (Version: 11.1.0.19460 - Citrix Systems, Inc.) CopyFilenames 3.1 (HKLM\...\CopyFilenames_is1) (Version: 3.1 - ExtraBit Software) Cradle of Egypt (HKLM-x32\...\BFG-Cradle of Egypt) (Version: - ) Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2712 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC) Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden DVDFab Passkey 8.2.1.2 (12/03/2014) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.) eSATA300 TX2 Windows Driver 1.0.0260.38 (HKLM-x32\...\{8014763A-94BD-4CC3-8F86-35BD73C127B9}) (Version: 1.0260.3 - Promise Technology, Inc.) Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden Exorcist (x32 Version: 2.2.0.95 - WildTangent) Hidden Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5418.39 - PC-Doctor, Inc.) Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited) HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent) HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3902 - Hewlett-Packard) HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3910 - Hewlett-Packard) HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard) HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{F5C7FD70-2C0A-401E-95E9-916363567DDA}) (Version: 1.2.4048.3310 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hulu Desktop (HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC) HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!) Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation) Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2610 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2610 - CyberLink Corp.) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden Need for Speed Underground 2 Demo (HKLM-x32\...\{C5EB90E1-8A46-4ED5-009D-C793E646C04F}) (Version: - ) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.) NetWorx 5.4.1 (HKLM\...\NetWorx_is1) (Version: - Softperfect) Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.4.24 - Symantec Corporation) Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3810 - CyberLink Corp.) Power2Go (x32 Version: 6.1.3810 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2704 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.2704 - CyberLink Corp.) Hidden Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation) PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.11352 - RocketLife Inc.) RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD) RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2719 - CyberLink Corp.) Hidden Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.) SCARM 0.9.25 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.25 - Milen Peev) Seagate SeaTools English Online (HKLM-x32\...\Seagate SeaTools English Online) (Version: - Ontrack Data International, Inc.) SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect) Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - Creative Technology Limited) TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo) UltraMixer 2.4.4 (HKLM-x32\...\{32E2F180-247C-4077-B06A-20F9868568E0}_is1) (Version: 2.4.4 - UltraMixer Digital Audio Solutions) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP) WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.) Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinISO 5.3 (HKLM-x32\...\WinISO_is1) (Version: - WinISO Computing Inc.) XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation) Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - ) Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 24-10-2015 09:13:37 Windows Update 29-10-2015 17:22:32 Windows Update 30-10-2015 17:46:07 10/30/15 30-10-2015 22:43:53 Restore Operation 02-11-2015 18:17:08 Restore Point Created by FRST 04-11-2015 17:30:33 zoek.exe restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-19 08:03 - 2015-08-31 17:28 - 00000098 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {0CC86EFE-FC4C-40A0-BCF8-2412CC861433} - System32\Tasks\{D8A934C0-19D1-4558-ABF0-F0969226D794} => pcalua.exe -a "C:\Users\Regevette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPYDHQSN\jre-6u24-windows-i586-iftw[1].exe" -d C:\Users\Regevette\Desktop Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {223B7E2D-E7C3-4598-A898-3D9B530775CA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {38CE32A8-3D39-48C3-88A4-56970E6C51C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company) Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {411FCCB6-9C37-4027-A4E1-EC8B3AD5CBBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {45ECEE85-E463-4ABB-8B45-A033351B2BFC} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01] (PC-Doctor, Inc.) Task: {4996AD76-CA9D-48C2-ABA5-7A41A1A36104} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation) Task: {6817C892-20A4-42F6-8836-D5D3795DDB86} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation) Task: {6FBB4214-02FE-42C6-9CC8-811D59121D39} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company) Task: {70ACA6AD-F2D7-44EE-BF76-BA98908DC080} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {8A841A65-0A90-4F45-995E-14C8BA5527AE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {9D39A598-DA5A-4DD4-8E5B-6C9E55B85A5E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation) Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {A10B63BD-2B87-4240-8191-8B455753C8BE} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {AA83F14B-5D10-47DD-BFCF-CFA79935D08B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-26] (Adobe Systems Incorporated) Task: {B054FF37-F045-4E36-BD1A-839500BBC46F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-02-24] () Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {B2D428BD-E85D-4CFA-84A9-A31CA1EC9726} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B35BE994-BDA6-4637-91B8-79E7ACE35061} - \PrintProjects Communicator -> No File <==== ATTENTION Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {DB88891F-A346-4303-93C8-AB56752E29C3} - System32\Tasks\Malwarebytes => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Task: {DC8CA541-4FF2-4910-8FE9-6343F1682935} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation) Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F44578C6-D74D-484A-9C96-EF49C2D00778} - System32\Tasks\HPCeeScheduleForRegevette => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard) Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForRegevette.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml ==================== Loaded Modules (Whitelisted) ============== 2015-09-18 05:05 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-09-18 05:05 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2009-12-15 19:40 - 2009-12-15 19:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe 2015-09-30 23:22 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-09-30 23:22 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2010-11-15 19:29 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll 2015-09-30 23:22 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe 2015-08-21 21:09 - 2015-08-21 21:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2009-12-15 19:40 - 2009-12-15 19:40 - 00122880 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe 2009-12-15 19:41 - 2009-12-15 19:41 - 00139264 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe 2015-10-27 18:16 - 2015-10-27 18:36 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2015-10-27 18:16 - 2015-10-27 18:36 - 10958848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-10-27 18:16 - 2015-10-27 18:36 - 00245760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-11-04 17:29 - 2015-11-04 17:36 - 08717824 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2015-11-04 17:29 - 2015-11-04 17:36 - 02371072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll 2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2015-09-30 23:22 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-09-30 23:21 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-09-30 23:21 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-09-30 23:22 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2009-12-16 01:44 - 2009-12-16 01:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2010-02-09 20:58 - 2010-02-09 20:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2015-10-22 16:10 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll 2015-10-22 16:10 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\123simsen.com -> www.123simsen.com There are 7865 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1826123673-4292494960-549196744-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Regevette\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CinemaNow Service => 2 MSCONFIG\Services: GameConsoleService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LightScribeService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: nmservice => 2 MSCONFIG\Services: NU16StartManagerSvc => 2 MSCONFIG\Services: YahooAUService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Regevette^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: DVDFab Passkey => "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE MSCONFIG\startupreg: MotiveReportAgent => "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" MSCONFIG\startupreg: SPIRunE => Rundll32 SPIRunE.dll,RunDLLEntry MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe HKU\S-1-5-21-1826123673-4292494960-549196744-1000\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{6472743A-FA0A-4E7F-8FE5-C914093BB51D}] => (Allow) C:\Program Files\NetWorx\networx.exe FirewallRules: [UDP Query User{EA5019CB-F084-439D-A47D-A8EF21CF52A9}E:\emule\emule.exe] => (Allow) E:\emule\emule.exe FirewallRules: [TCP Query User{7BE4EED6-3D0D-4AE5-9AFE-05CD3A6DC6E5}E:\emule\emule.exe] => (Allow) E:\emule\emule.exe FirewallRules: [{EA69256A-E17B-4F94-AD11-A4ABE417A590}] => (Allow) LPort=15600 FirewallRules: [{8B090E00-BD42-48FB-B924-01371EB7B175}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5B0E458D-CA3A-4963-952C-C1AC432BFAA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{EFD1A2E9-B102-4356-BFE8-0BD664CFC912}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{24962036-30EB-46AF-80D6-A143848F41B2}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{9C92AB7B-5E4A-4017-A950-F090AD0C6738}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{5AC7C27D-CDD6-424B-A469-BEAD35BBF746}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [{28021089-4953-488E-92ED-7CC094C7919E}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe FirewallRules: [{50D28BC1-AF9A-4AAC-904A-EA68C2BC2375}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe FirewallRules: [{DA6A6C95-E779-422C-B504-E77047889701}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/08/2015 12:13:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Regevette-HP) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/07/2015 08:52:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program DivX Player.exe version 11.3.4.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: b98 Start Time: 01d119c7d4ae61e3 Termination Time: 12 Application Path: C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe Report Id: 611e71a3-85bb-11e5-9be6-d4856498a390 Faulting package full name: Faulting package-relative application ID: Error: (11/07/2015 08:02:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DivXConverterLauncher.exe, version: 10.2.4.155, time stamp: 0x546f13aa Faulting module name: DivXConverterLauncher.dll, version: 10.2.4.155, time stamp: 0x546f13a2 Exception code: 0xc0000005 Fault offset: 0x0008bade Faulting process id: 0xfa8 Faulting application start time: 0xDivXConverterLauncher.exe0 Faulting application path: DivXConverterLauncher.exe1 Faulting module path: DivXConverterLauncher.exe2 Report Id: DivXConverterLauncher.exe3 Faulting package full name: DivXConverterLauncher.exe4 Faulting package-relative application ID: DivXConverterLauncher.exe5 Error: (11/07/2015 11:43:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Regevette-HP) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/06/2015 11:49:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.10240.16384, time stamp: 0x559f3a8d Faulting module name: T3APO64.dll, version: 1.0.4.0, time stamp: 0x4993ecb9 Exception code: 0xc0000005 Fault offset: 0x000000000003722a Faulting process id: 0x1124 Faulting application start time: 0xAUDIODG.EXE0 Faulting application path: AUDIODG.EXE1 Faulting module path: AUDIODG.EXE2 Report Id: AUDIODG.EXE3 Faulting package full name: AUDIODG.EXE4 Faulting package-relative application ID: AUDIODG.EXE5 Error: (11/06/2015 11:49:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Regevette-HP) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/06/2015 10:28:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Regevette-HP) Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/06/2015 10:13:07 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest. Error: (11/06/2015 10:12:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Regevette-HP) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/06/2015 09:31:54 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest. System errors: ============= Error: (11/07/2015 08:24:42 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer LEOVIRGO7068-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{983CCE6B-0653-4340-A933-1E5C72D22DCB}. The master browser is stopping or an election is being forced. Error: (11/06/2015 10:20:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Xbox Live Auth Manager service terminated with the following service-specific error: %%0 Error: (11/06/2015 10:11:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: %%1058 Error: (11/06/2015 10:10:46 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (11/06/2015 10:10:46 PM) (Source: DCOM) (EventID: 10005) (User: Regevette-HP) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/06/2015 10:10:44 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/06/2015 10:10:44 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/06/2015 10:10:44 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/06/2015 10:10:44 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (11/06/2015 10:10:44 PM) (Source: DCOM) (EventID: 10010) (User: Regevette-HP) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} CodeIntegrity: =================================== Date: 2015-11-06 09:18:24.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:24.624 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:24.575 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:24.486 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:24.453 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:24.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:23.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:18:22.571 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:11:36.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2015-11-06 09:11:36.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X4 635 Processor Percentage of memory in use: 37% Total physical RAM: 6135.89 MB Available physical RAM: 3859.37 MB Total Virtual: 18135.89 MB Available Virtual: 15289.89 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:686.2 GB) (Free:265.9 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.75 GB) (Free:1.39 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: BB7C8AB9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=686.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=11.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================