Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-05-2016 Ran by Z (2016-05-10 22:07:08) Running from C:\Users\Z\Desktop Windows 10 Home Version 1511 (X64) (2015-12-04 16:11:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2112759670-3577205592-1219129408-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2112759670-3577205592-1219129408-503 - Limited - Disabled) Guest (S-1-5-21-2112759670-3577205592-1219129408-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2112759670-3577205592-1219129408-1005 - Limited - Enabled) UpdatusUser (S-1-5-21-2112759670-3577205592-1219129408-1003 - Limited - Enabled) => C:\Users\UpdatusUser Z (S-1-5-21-2112759670-3577205592-1219129408-1002 - Administrator - Enabled) => C:\Users\Z ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) All Free Video Joiner 8.6.2 (HKLM-x32\...\All Free Video Joiner_is1) (Version: - FreeAudioVideoSoftTech, Inc.) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon) AnVir Task Manager Free (HKLM-x32\...\AnVir Task Manager Free) (Version: - AnVir Software) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.12.160304 - ) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - ) Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated) CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.1 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.1 - Dell Inc.) Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) DVDFab 8.2.2.6 (25/12/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.) DVDFab 9.0.6.6 (11/09/2013) Beta (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) DVDFab Passkey 8.1.0.4 (04/09/2013) (HKLM-x32\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) HandBrake 0.10.1 (HKLM-x32\...\HandBrake) (Version: 0.10.1 - ) HD Video Converter Factory Pro (HKU\S-1-5-21-2112759670-3577205592-1219129408-1002\...\HDVideoConverterFactoryPro) (Version: - WonderFox Soft, Inc. All Rights Reserved.) HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.1.6.0 - Brother Industries, Ltd.) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.8.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.5 - ) K-Lite Codec Pack 9.8.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.5 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LibreOffice 4.0 Help Pack (English) (HKLM-x32\...\{F4273C60-F105-49C3-B980-7F4AF3DEA929}) (Version: 4.0.2.2 - The Document Foundation) LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation) Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean) Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) MKVToolNix 7.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus) Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Nero 11 DiscSpeed (HKLM-x32\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Kakao Corp.) PrintMyCouponAnywhere (HKLM-x32\...\{9E5A9316-541D-4F22-BE19-AFE969C00B06}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Remove Logo Now! 1.5 (HKLM-x32\...\Remove Logo Now!_is1) (Version: 1.5 - SoftOrbits) RevTraxPrintMyCoupon (HKLM-x32\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Subtitle Edit 3.3.13 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.13.131 - Nikse) SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinX HD Video Converter Deluxe 3.12.6 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software,Inc.) Wise Care 365 version 2.26 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.26 - WiseCleaner.com, Inc.) XMedia Recode version 3.2.1.7 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.1.7 - XMedia Recode) YAMB (HKLM-x32\...\YAMB) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Z\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-2112759670-3577205592-1219129408-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Z\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B6ABAA5-66FA-4DB3-8F33-F05BA469A557} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0CCCA9F8-D19D-476E-9042-525E98F79A4A} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC) Task: {1460ECC9-0B64-4A46-814E-14853FA17B1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2112759670-3577205592-1219129408-1002UA => C:\Users\Z\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {25960F9B-06BB-4C42-A015-0C437F856659} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {2972B404-E7FD-4BD6-8F74-5E03B4B7C6A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-10] (Microsoft Corporation) Task: {3142F402-43E3-4774-B141-FD859678F075} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {508BEC41-0069-428A-947C-E65DC7FE0151} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {675701CB-638E-48E9-B562-FD3FEEA7AECD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {6F8FFDDD-5564-4427-8270-AB168C9EDE4C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated) Task: {A27EC444-5E09-4FE7-B42F-40058C4D4ED2} - System32\Tasks\AnVir Task Manager => C:\Program Files (x86)\AnVir Task Manager Free\anvir.exe [2013-02-13] (AnVir Software) Task: {A8871FC6-A1EF-4995-B374-CEAF0FB10A28} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {AFB40FCE-6373-4566-818D-92F01641C51E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {B6BB37BF-7819-4FC9-88AD-0FB5F4A730BD} - System32\Tasks\Uninstaller_SkipUac_Z => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-03-31] (IObit) Task: {B768AA03-8233-4EEF-926B-EC8835AA3999} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {BCCA6E44-FF89-46CC-9EB2-980E5F589457} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DA56389F-F325-4037-BD89-C2FC79F1AD10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2112759670-3577205592-1219129408-1002Core => C:\Users\Z\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E17E24F3-CA29-4754-81AA-07B69020BDB1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {E9827CAA-4799-4847-8E36-89EACD4359C9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {EEC03B5F-A91A-4A13-9078-3E5CFE4503DC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2112759670-3577205592-1219129408-1002Core.job => C:\Users\Z\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2112759670-3577205592-1219129408-1002UA.job => C:\Users\Z\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Z.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-03-13 22:47 - 2012-04-24 18:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-04 10:53 - 2015-08-06 19:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-13 14:07 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-13 14:07 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2016-04-13 14:07 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-18 11:18 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-13 14:06 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-13 14:07 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-04-13 14:07 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-04-13 14:07 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-18 14:56 - 2016-04-18 14:57 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2013-10-22 19:33 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-03-13 22:53 - 2012-08-09 13:51 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-03-13 22:53 - 2012-08-06 10:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2013-03-13 22:53 - 2012-08-06 10:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2016-04-18 14:56 - 2016-04-18 14:57 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 14:56 - 2016-04-18 14:59 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2013-03-26 22:53 - 2013-03-26 22:53 - 01005744 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxml2.dll 2013-03-26 22:53 - 2013-03-26 22:53 - 00102064 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\librdf.dll 2013-03-26 22:53 - 2013-03-26 22:53 - 00175280 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxslt.dll 2013-03-26 22:53 - 2013-03-26 22:53 - 00289968 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\raptor.dll 2013-03-26 22:53 - 2013-03-26 22:53 - 00158384 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\rasqal.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2016-05-07 23:23 - 00000021 _RASH C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2112759670-3577205592-1219129408-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2112759670-3577205592-1219129408-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "DivXUpdate" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3664E916-E881-4B92-8E20-58A1F5C7A824}] => (Allow) LPort=15600 FirewallRules: [{37B67A09-B652-4664-A9F4-CC7904868419}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FDD07AF1-2DE0-4FFC-895F-E606892E7FE8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{257ED167-E9F8-4E01-81A2-C36B3E00C273}] => (Block) %ProgramFiles%\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [{562D258B-14FC-4766-AC31-C5A5A91029E7}] => (Allow) LPort=1900 FirewallRules: [{835421F3-BBD1-4E58-AFDA-1FFB69C8752E}] => (Allow) LPort=2869 FirewallRules: [{A4E6E0CD-BA49-4360-928E-57D5A4305F6C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{60555F36-C757-4503-B132-E89033A54D5D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{AEB96119-6D5A-4F43-8309-BADE0F76D38E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{6B4C6FB4-88B8-4AB7-A1A0-83D19C99C7D9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{F3D49AF2-8E37-47B1-BB2A-24D04846BE07}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{CDCD1AA7-65C4-464C-92E7-629C40EAF6F5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{63726B47-6BFB-4B9B-97A8-FD0A7A127806}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E2684CF6-59E7-444A-812D-8D5E91D0D9BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{9CDA4157-06AC-4529-941A-6BC89D6D3E67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{21019031-A877-450A-8B9F-5BD0E0AB02EA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe ==================== Restore Points ========================= 23-04-2016 21:36:40 Scheduled Checkpoint 02-05-2016 11:48:58 Scheduled Checkpoint 10-05-2016 17:22:36 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/10/2016 05:27:01 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/10/2016 05:22:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (05/03/2016 09:39:00 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 46.0.0.5955, time stamp: 0x5719583c Faulting module name: mozglue.dll, version: 46.0.0.5955, time stamp: 0x571948a7 Exception code: 0x80000003 Fault offset: 0x0000effc Faulting process id: 0x18bc Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (05/03/2016 09:38:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 46.0.0.5955, time stamp: 0x5719583c Faulting module name: mozglue.dll, version: 46.0.0.5955, time stamp: 0x571948a7 Exception code: 0x80000003 Fault offset: 0x0000effc Faulting process id: 0xbd0 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (05/02/2016 11:49:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/27/2016 10:48:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-PAEQJ93) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/27/2016 12:25:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WINDOWS-PAEQJ93) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/23/2016 09:36:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (04/22/2016 03:41:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686 Exception code: 0xc0000602 Fault offset: 0x000000000022885f Faulting process id: 0x998 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Faulting package full name: svchost.exe4 Faulting package-relative application ID: svchost.exe5 Error: (04/22/2016 03:41:34 PM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2456) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) System errors: ============= Error: (05/10/2016 06:30:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/10/2016 02:26:30 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/10/2016 10:42:34 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/09/2016 02:12:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/08/2016 11:54:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (05/08/2016 06:40:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/08/2016 04:44:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/08/2016 03:20:19 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (05/08/2016 03:19:58 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom0, has a bad block. Error: (05/08/2016 03:19:50 PM) (Source: cdrom) (EventID: 7) (User: ) Description: The device, \Device\CdRom0, has a bad block. CodeIntegrity: =================================== Date: 2016-05-10 14:09:21.944 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.931 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.917 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.902 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.890 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.875 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.860 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:21.833 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-10 14:09:20.548 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz Percentage of memory in use: 32% Total physical RAM: 8153.03 MB Available physical RAM: 5540.98 MB Total Virtual: 9433.03 MB Available Virtual: 6358.04 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:921.22 GB) (Free:842.24 GB) NTFS Drive d: (WD Passport) (Fixed) (Total:298.09 GB) (Free:155 GB) NTFS Drive x: (PBR Image) (Fixed) (Total:7.23 GB) (Free:0.75 GB) NTFS Drive y: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CDCBEE62) Partition: GPT. ======================================================== Disk: 5 (Size: 298.1 GB) (Disk ID: 41FFC810) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================