Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 Ran by CRISS (2016-04-10 16:46:01) Running from C:\Users\CRISS\Downloads Windows 10 Home Version 1511 (X64) (2016-02-21 15:03:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2970289936-2773803776-1462311369-500 - Administrator - Disabled) CRISS (S-1-5-21-2970289936-2773803776-1462311369-1002 - Administrator - Enabled) => C:\Users\CRISS DefaultAccount (S-1-5-21-2970289936-2773803776-1462311369-503 - Limited - Disabled) Guest (S-1-5-21-2970289936-2773803776-1462311369-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\uTorrent) (Version: 3.4.5.41821 - BitTorrent Inc.) 7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.695 - Broadcom Corporation) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Flvto YouTube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 0.6.7 - Hotger) Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.) Google Photos Backup (HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.2.8.17 - HP) HP System Event Utility (HKLM-x32\...\{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}) (Version: 1.0.4 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT) Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit) IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz) NVIDIA GeForce Experience 2.11.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.1.2 - NVIDIA Corporation) NVIDIA Graphics Driver 362.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.00 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SHIELD Streaming (Version: 5.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.1.2 - NVIDIA Corporation) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated) TorrentRover v0.23.4 beta (HKLM-x32\...\{46BD5F0D-9692-49B5-8340-1DE3BCC83140}) (Version: 0.23.4 - John Loper II (All Rights Reserved)) Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3114846) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{286F464B-2FDF-4107-83A5-DEB08D2AD268}) (Version: - Microsoft) Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\CRISS\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\CRISS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\CRISS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1399A125-6719-47AB-9BF7-0B76522375DA} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe Task: {158E5F17-E7D7-49AF-8DC5-1FCF10DD641D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {17E198A6-FA94-425D-9C53-32CCF2A1A56A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-08] (Microsoft Corporation) Task: {19C848C9-E990-4984-A727-D2E680625FA5} - System32\Tasks\User_Feed_Synchronization-{77D17AB1-3221-40A0-B96A-A2A03692AFEA} => C:\Windows\system32\msfeedssync.exe [2015-10-30] (Microsoft Corporation) <==== ATTENTION Task: {26B306A0-EF48-4E5D-BBA5-F5F9EBBE0AD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.) Task: {3528C26E-7AAF-4140-B8CE-64BD8E5BBC2B} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-9C72-4A91-9935-8891A867A11E} for CRISS => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe <==== ATTENTION Task: {3A54EA79-08E4-483E-93F4-1B349126493E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe Task: {4186E4DA-9684-42EB-87CE-A675427882D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.) Task: {41BD89A1-4E7C-4D55-87B6-655C5AB74ECE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard) Task: {5D62591C-4FB9-45B5-B4AF-61483439E553} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.) Task: {5E9208B1-0EAC-46B6-BBB4-B484C6843B69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.) Task: {605B08C2-617A-4447-96B7-3FA74791EEE0} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe Task: {6E432EB7-8D7E-435B-9B08-5D9988F7E3D6} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-02-22] () Task: {92E94761-43AC-4618-9EE5-E966332C4729} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard) Task: {9A82E051-20DD-4689-B2DC-966E1F236BA5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard) Task: {9D07F308-6AA1-42EC-933D-CBBA1DF9C59A} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-FA9A-4E75-AC50-C9E42237C966} for CRISS => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe <==== ATTENTION Task: {9DA551B8-FA74-40DF-A8CC-609FEB1E77A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard) Task: {9DFBDDB6-A028-403F-9CD9-6B54F5960C77} - System32\Tasks\Computer Protector Job => C:\Program Files (x86)\Computer Protector\astask.exe [2016-03-24] () <==== ATTENTION Task: {AA21104C-C80E-49EC-A1F2-B35D6DF43298} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard) Task: {B3FDE9CB-5F9F-4BCE-B92A-5845F7B0F47A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002UA => C:\Users\CRISS\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.) Task: {BB93CD9A-631E-49D7-83DF-18D519A864E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {BF654FD4-564B-4968-96EA-686170B1EDC3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002Core => C:\Users\CRISS\AppData\Local\Google\Update\GoogleUpdate.exe [2016-02-21] (Google Inc.) Task: {CCB54DA7-72A7-47D3-B783-A372A8DFEADB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {DCA17799-2DA8-4716-8610-606F88EF0AB6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-12-09] (Synaptics Incorporated) Task: {E0CC83FA-EAD7-47DB-96A5-D7749AC5DCDD} - System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-9FA0-4FA8-A727-E7FCF500D3C7} for CRISS => C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe <==== ATTENTION Task: {FFB59FD0-963C-4DFC-A5BD-3F08852BCD41} - System32\Tasks\Program Defender Uninstaller => C:\Program Files (x86)\Program Defender\ProgramDefender.exe [2016-02-25] () <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002Core.job => C:\Users\CRISS\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2970289936-2773803776-1462311369-1002UA.job => C:\Users\CRISS\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-03-01 18:30 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-01 18:30 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-11-10 12:55 - 2015-11-10 12:55 - 08901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-02-21 12:21 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-21 12:21 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-01 18:31 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-02-21 12:22 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-21 12:21 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-02-21 12:22 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-21 12:22 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-03-28 18:26 - 2016-03-28 18:27 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-28 18:26 - 2016-03-28 18:27 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-03 20:12 - 2016-03-03 20:14 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-02-21 10:58 - 2016-02-21 10:58 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-02-21 10:58 - 2016-02-21 10:58 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-03-10 20:04 - 2016-03-10 20:04 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2016-04-10 16:30 - 2016-04-10 16:30 - 19765320 _____ () C:\Users\CRISS\Downloads\RogueKiller.exe 2016-03-06 09:06 - 2015-12-23 17:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2014-06-21 02:42 - 2013-02-15 19:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97191624.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97191624.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\chrysler.com -> hxxps://dealerconnect.chrysler.com IE trusted site: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\chrysleracademy.com -> hxxps://cms.chrysler.chrysleracademy.com IE trusted site: HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\google.com -> hxxps://www.google.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 00:26 - 2016-02-25 21:27 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: CCleaner Monitoring => MSCONFIG\startupreg: Google Photos Backup => "c:\users\criss\appdata\local\programs\google\google photos backup\google photos backup.exe" /autostart MSCONFIG\startupreg: Google Update => "c:\users\criss\appdata\local\google\update\googleupdate.exe" /c MSCONFIG\startupreg: HotKeysCmds => c:\windows\system32\hkcmd.exe MSCONFIG\startupreg: OneDrive => "c:\users\criss\appdata\local\microsoft\onedrive\onedrive.exe" /background MSCONFIG\startupreg: Persistence => c:\windows\system32\igfxpers.exe MSCONFIG\startupreg: ShadowPlay => HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "Google Photos Backup" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "kpm.exe" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "Flvto YouTube Downloader" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-2970289936-2773803776-1462311369-1002\...\StartupApproved\Run: => "SideSync" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{8B269289-70FB-4F31-90DF-796C75C2E542}C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe] => (Allow) C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe FirewallRules: [UDP Query User{1FB9C4E6-B687-4353-BBB4-F7E267264F34}C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe] => (Allow) C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe FirewallRules: [{797A0807-E56D-4918-B158-DB4375B38057}] => (Block) C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe FirewallRules: [{2077C9AF-C794-46AA-AC23-9B0CBD507741}] => (Block) C:\users\criss\appdata\local\temp\7zs7ee8\enterprisedu.exe FirewallRules: [{BBCBFC99-744E-4D7F-B881-B25E07F9CDC1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{F8A95888-7480-4DFF-9F4B-208C901BA4A6}] => (Allow) LPort=5357 FirewallRules: [{B07A469A-ECF3-4F4B-BE5A-7D558761DF04}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [TCP Query User{3D91E8EB-DCCF-4F16-9141-B419E886B5D5}C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe] => (Allow) C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe FirewallRules: [UDP Query User{14902804-4090-4D27-804E-61A7D04C2D75}C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe] => (Allow) C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe FirewallRules: [{1BB09CB8-6980-4FA5-A765-F2AAADF15CC7}] => (Block) C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe FirewallRules: [{25B897D9-8003-4A00-8050-044FB802DEA1}] => (Block) C:\users\criss\appdata\local\temp\7zs0e6e\enterprisedu.exe ==================== Restore Points ========================= 29-03-2016 19:32:27 Scheduled Checkpoint 03-04-2016 19:27:48 Windows Update 10-04-2016 09:07:15 JRT Pre-Junkware Removal 10-04-2016 16:00:15 JRT Pre-Junkware Removal 10-04-2016 16:19:21 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth Device (Personal Area Network) Description: Bluetooth Device (Personal Area Network) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/10/2016 04:19:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/10/2016 04:15:36 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver Error: (04/10/2016 04:05:22 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver Error: (04/10/2016 04:00:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/10/2016 03:52:43 PM) (Source: ISCTAgent) (EventID: 1000) (User: ) Description: ISCT - CISCTPnpDriverApi::CreateInstance *****Unable to open the ISCT device driver Error: (04/10/2016 03:03:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hp_u_23822.exe, version: 1.7.0.9, time stamp: 0x57081592 Faulting module name: hp_u_23822.exe, version: 1.7.0.9, time stamp: 0x57081592 Exception code: 0xc0000409 Fault offset: 0x000a2449 Faulting process id: 0x22d8 Faulting application start time: 0xhp_u_23822.exe0 Faulting application path: hp_u_23822.exe1 Faulting module path: hp_u_23822.exe2 Report Id: hp_u_23822.exe3 Faulting package full name: hp_u_23822.exe4 Faulting package-relative application ID: hp_u_23822.exe5 Error: (04/10/2016 10:44:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ntdll.dll, version: 10.0.10586.122, time stamp: 0x56cbf9dd Exception code: 0xc0000008 Fault offset: 0x00000000000a8c6a Faulting process id: 0x9e8 Faulting application start time: 0xsvchost.exe_stisvc0 Faulting application path: svchost.exe_stisvc1 Faulting module path: svchost.exe_stisvc2 Report Id: svchost.exe_stisvc3 Faulting package full name: svchost.exe_stisvc4 Faulting package-relative application ID: svchost.exe_stisvc5 Error: (04/10/2016 10:14:55 AM) (Source: MsiInstaller) (EventID: 10023) (User: MOM) Description: Product: HP Deskjet 2540 series Basic Device Software -- Data error (cyclic redundancy check). (NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/10/2016 10:14:41 AM) (Source: MsiInstaller) (EventID: 10023) (User: MOM) Description: Product: HP Deskjet 2540 series Basic Device Software -- Data error (cyclic redundancy check). (NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/10/2016 09:07:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . System errors: ============= Error: (04/10/2016 04:31:16 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\System32\drivers\TrueSight.sys Error: (04/10/2016 04:22:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Validity WBF Policy Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/10/2016 04:19:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/10/2016 04:15:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMService service failed to start due to the following error: %%2 Error: (04/10/2016 04:14:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (04/10/2016 04:14:26 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/10/2016 04:14:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_5b70b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/10/2016 04:14:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_5b70b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/10/2016 04:14:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_5b70b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/10/2016 04:14:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_5b70b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-04-09 22:32:09.886 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-08 20:48:28.372 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-07 20:22:49.270 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-07 19:57:42.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 04:09:58.337 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-04 04:55:44.673 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-04-02 20:35:38.542 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-01 20:48:43.268 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-31 20:30:26.510 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-30 18:47:23.123 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz Percentage of memory in use: 34% Total physical RAM: 8124.02 MB Available physical RAM: 5319.98 MB Total Virtual: 16316.02 MB Available Virtual: 13900.29 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:667.66 GB) (Free:605.96 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:29.73 GB) (Free:3 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 392C9A91) Partition: GPT. ==================== End of Addition.txt ============================