Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-05-2016 01 Ran by nikon (2016-05-25 16:15:15) Running from C:\Users\nikon\Downloads Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2012-10-19 06:29:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-27391591-736041179-2425490622-500 - Administrator - Disabled) Guest (S-1-5-21-27391591-736041179-2425490622-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-27391591-736041179-2425490622-1002 - Limited - Enabled) nikon (S-1-5-21-27391591-736041179-2425490622-1000 - Administrator - Enabled) => C:\Users\nikon ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 3.6 (HKLM\...\{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}) (Version: 3.6.1 - Adobe) Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) ArcSoft Panorama Maker 4 (HKLM\...\{1F3A9498-0F8F-43B1-97A9-5B809A99AA0A}) (Version: 4.5.0.107 - ArcSoft) AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies) AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden BitTorrent (HKU\S-1-5-21-27391591-736041179-2425490622-1000\...\BitTorrent) (Version: 7.9.7.42331 - BitTorrent Inc.) BrowserDefender (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc) <==== ATTENTION BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.) Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) Defaulttab (HKLM\...\DefaultTab) (Version: 2.4.8.1 - Search Results, LLC) <==== ATTENTION Detector Winamp (HKU\S-1-5-21-27391591-736041179-2425490622-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) DxO FilmPack 3 (HKLM\...\{730807CC-8D94-486C-9DFC-E242A423B918}) (Version: 3.4.94.0 - DxO Labs) Express Burn (HKLM\...\ExpressBurn) (Version: 4.68 - NCH Software) FLVPlayer4Free Free FLV Player 5.2.0.0 (HKLM\...\FLVPlayer4Free Free FLV Player_is1) (Version: - Sakysoft s.r.l. uninominale) <==== ATTENTION FMW 1 (Version: 1.82.3 - AVG Technologies) Hidden GeoVision AAC (HKLM\...\GeoAAC) (Version: - ) GeoVision ADPCM (HKLM\...\GeoADPCM) (Version: - ) GeoVision H264 (HKLM\...\Codec_264) (Version: - ) GeoVision JPEG (HKLM\...\Codec_jpeg) (Version: - ) GeoVision MPEG2 (HKLM\...\Codec_mp2) (Version: - ) GeoVision MPEG4 (HKLM\...\GEOXCodec) (Version: - ) GeoVision MPEG4 ASP (HKLM\...\Codec_amp4) (Version: - ) GeoVision MPEG4 AVC (HKLM\...\Codec_AVC) (Version: - ) GeoVision MXPG (HKLM\...\Codec_MXPG) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-27391591-736041179-2425490622-1000\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline) H264 Video Codec (HKLM\...\H264) (Version: - T,DP5) HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{0564C76B-8E1F-4157-8654-B0F9F308BEE9}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Help (HKLM\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{34E90074-C80C-4182-A995-65E88B5B56E0}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) HP Support Solutions Framework (HKLM\...\{A81D2B28-09D0-42E1-BB2E-2A63C407B478}) (Version: 12.4.18.7 - HP) HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) IMM4 VCM Codec 4.0.0.3 (HKLM\...\IMM4 Codec_is1) (Version: - ) inSSIDer 3 (HKLM\...\{5BB0D82A-4EED-477B-858E-1D5B01560BF5}) (Version: 3.0.5.80 - MetaGeek, LLC) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intellex Player (HKLM\...\{C124BC7E-1C94-44C7-A8CA-70D10644FB05}) (Version: 4.0 - Sensormatic-VPD) Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation) Lvf Plus (HKLM\...\{EB1FDC67-EFB5-4DDC-AB08-2A21487FBA82}) (Version: 1.0.0 - ) Media File Player (HKLM\...\{CEBCC2CA-89B0-4E07-9A78-3A2060B65841}) (Version: 1.4.202 - Sony Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MPC-HC 1.7.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon) Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version: - Orban, Inc.) PhotoPad Image Editor (HKLM\...\PhotoPad) (Version: - NCH Software) PhotoStage Slideshow Producer (HKLM\...\PhotoStage) (Version: - NCH Software) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon) Pillar Backup Viewer (HKLM\...\{371682E7-50E8-4E22-B374-8ABE09D3B486}) (Version: 1.00.0000 - ComArt System) PlayerLiteHJ 1.0.3.0.LHJ (HKLM\...\{B435433C-110A-4853-843A-7BD1EE59624E}_is1) (Version: 1.0.3.0.LHJ - AVTECH) PMK4 (HKLM\...\{614D9B97-7DA7-4089-AF94-A0CDCA2562A9}) (Version: - ) PowerISO (HKLM\...\PowerISO) (Version: - ) Remote Playback Client (HKLM\...\{475F2CF2-2170-4CDC-AF0D-8DB62ABD8D65}) (Version: 1.0 - NoBrand) Smart Player (HKLM\...\Smart Player3.00.0) (Version: 3.00.0 - Zhejiang Dahua Technology Co.,LTD.) SopCast Tv Plugin 5.9 Setup (HKLM\...\SopCast Tv Plugin 5.9 Setup) (Version: - ) SuperPlay (HKLM\...\{3EFB52E7-AF75-4BDB-931A-8533AB88A55A}) (Version: 1.0.0 - SuperPlay) SuperPlay (HKLM\...\{DBABA511-7108-4239-8B84-78C67BEA117D}) (Version: 1.0.0 - SuperPlay) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.) TIPCI (Version: 2.00.0002 - Texas Instruments Inc.) Hidden Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Video Server E (HKLM\...\Video Server E) (Version: 1.0.6.6 - ) VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) ViewNX 2 (HKLM\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WaveReader Ver 4-2 (HKLM\...\{8FD245B2-8709-4D55-BC4A-F3A69EABF360}) (Version: 4.2.0047 - GE Security) Winamp (HKLM\...\Winamp) (Version: 5.65 - Nullsoft, Inc) WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-27391591-736041179-2425490622-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1147054E-3869-43E1-A897-D7EBAB0DCBFB} - System32\Tasks\hpwebreg_CN15B3965J05HX => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.) Task: {35A38BEE-E025-40C1-ACCE-D9BA030FF108} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {46725668-7E61-4B90-B35A-C1DC0415E588} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {4756A306-C029-44D4-AF79-8A478C010D71} - System32\Tasks\{09FA063F-7C3D-43A7-AF74-950B30843B91} => pcalua.exe -a H:\Setup.exe -d H:\ Task: {4FF5F562-B621-4660-9E77-B25F4D8C3D51} - System32\Tasks\{2074E222-DE04-4762-B8A1-9E3BD8677AD5} => pcalua.exe -a "F:\backup viewer\Drivers\ComArtDrvInstaller.exe" -d "F:\backup viewer\Drivers" Task: {587F447D-A5ED-4E8B-920B-5C8ECC16A412} - System32\Tasks\NCH Software\PhotoPadReminder => C:\Program Files\NCH Software\PhotoPad\PhotoPad.exe [2012-11-29] (NCH Software) Task: {58908F8B-A6DE-4E07-A15E-722B10B89B42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {89B6E97F-8252-4D4D-9D2C-B58C5FF8D1B2} - System32\Tasks\{D5B493C2-1B3E-4977-9048-E96DAD77D663} => pcalua.exe -a F:\VideoPlay\h264codec.exe -d F:\VideoPlay Task: {A1FDD439-7A1D-4C2D-890B-52A2078787F7} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2015-06-23] () <==== ATTENTION Task: {AB4479D1-6691-438E-BC5E-03D7A68AE84E} - System32\Tasks\4724 => Wscript.exe C:\Users\nikon\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {ACFE3A7D-A854-45D5-A24C-ABA494F5C6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {C27B7E74-D8B1-4AE6-9C9F-045084335BB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-25] (Adobe Systems Incorporated) Task: {C574C33E-9C1F-46EE-90C8-1ABACD8AF191} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe Task: {CFDFDF2D-611B-4974-AAE9-5C9D357BAC7A} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2015-06-23] () <==== ATTENTION Task: {D4873449-FB79-4753-91A6-BA7A4099F53F} - System32\Tasks\{23E9A509-B03E-495F-9CE2-6C254A1D8F92} => pcalua.exe -a "F:\Ag Arad 07,12noi2013\Decoder.exe" -d "F:\Ag Arad 07,12noi2013" Task: {F134EC8D-31CF-4A14-8AB4-7A28D06A1036} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard) Task: {FEC28936-DE60-4FF4-8593-250092008D1F} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\hpwebreg_CN15B3965J05HX.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HpWebReg.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-06-22 13:09 - 2009-10-10 11:57 - 00246272 _____ () C:\Program Files\Join Air\AssistantServices.exe 2010-07-05 00:32 - 2010-07-05 00:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll 2010-07-04 22:51 - 2010-07-04 22:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe 2016-05-25 15:41 - 2016-05-25 15:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll 2016-05-24 15:47 - 2016-05-11 14:48 - 01738904 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-24 15:47 - 2016-05-11 14:48 - 00086168 _____ () C:\Program Files\Google\Chrome\Application\50.0.2661.102\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:04 - 2016-05-25 15:07 - 00001086 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 systweak.com 127.0.0.1 updateservice1.systweak.com 127.0.0.1 www.systweak.com 127.0.0.1 systemspeedup.systweak.com 127.0.0.1 systweak.com/STCheckGenuineness ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-27391591-736041179-2425490622-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\nikon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F8CB1D30-E546-4BC5-AD7B-01B62172A2B3}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe FirewallRules: [{3708F0C6-838D-4C4A-B81D-9C98F5BDB626}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe FirewallRules: [TCP Query User{B3179FD0-4075-4A57-A9B9-F8AD465AD8EC}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{DEF39ADB-812B-48D4-9A6E-6E6E91A5B84D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{D1AC5ADC-6210-4786-A3F8-2CDEB7CFF903}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{013CE152-F56D-485D-9117-DCF70DBB61B4}C:\program files\winamp\winamp.exe] => (Block) C:\program files\winamp\winamp.exe FirewallRules: [TCP Query User{11664C99-5184-42D7-B0BC-8608057B59C2}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{10D2DBDC-0F8E-4E59-A110-006776EC0EFB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{27AB11F7-C146-4CF6-B544-76C354AF0138}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [UDP Query User{6CF10497-8267-4554-8E7E-3C421AC409CC}C:\program files\winamp\winamp.exe] => (Allow) C:\program files\winamp\winamp.exe FirewallRules: [{A15CD5AA-C1BD-4A86-86F1-C0E02989D8A8}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe FirewallRules: [{115AE4A4-4B45-4CC0-9968-35DDF5298032}] => (Allow) C:\Program Files\AVG\AVG2013\avgnsx.exe FirewallRules: [{0287438D-0F1E-4FAB-8C7E-5F005D2C0EBE}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe FirewallRules: [{3B437F26-D7CF-47C0-ADB9-A2D6DFC3A1B6}] => (Allow) C:\Program Files\AVG\AVG2013\avgdiagex.exe FirewallRules: [{8F1DBC86-5FE2-49C4-8484-A5403050E86F}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe FirewallRules: [{DA4CFDF2-388A-4236-9912-01A7191A94C2}] => (Allow) C:\Program Files\AVG\AVG2013\avgemcx.exe FirewallRules: [{CCBABCEA-8E6C-408A-97E4-3C82AC99A099}] => (Allow) C:\Users\nikon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{20F4EC52-CFB5-41AF-A0D1-492B3CE672FA}] => (Allow) C:\Users\nikon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{B1C5BDBC-C0D0-4D36-89F6-682C4E4CDBD1}C:\users\nikon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nikon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{E380774C-71C7-41E9-B2ED-9E5C17DD17DA}C:\users\nikon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\nikon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{9B11D8B9-8DE4-4E63-85BA-BCDBDD42AD26}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{D5897EEC-E8E2-467D-9051-0ED228463FB5}] => (Allow) C:\Program Files\Winamp\winamp.exe FirewallRules: [{1F967A77-F069-495E-8F0A-461F1F62F368}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe FirewallRules: [{C2F2708C-4204-4002-A734-0F27F54A2F24}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D6F48E1D-4254-4DAD-BD48-F8037628A102}] => (Allow) C:\Windows\System32\muzapp.exe FirewallRules: [{AE9E4ED0-DA75-4914-A3D7-6FD3C2946154}] => (Allow) C:\Windows\System32\muzapp.exe FirewallRules: [{FADEC402-A20B-4F11-9077-548D6A939099}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe FirewallRules: [{8E2DDE0F-FEE1-474E-87B0-B634E8D9F99A}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe FirewallRules: [{ACB42D7A-393E-4DF8-945D-69D1D6ABD3D4}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe FirewallRules: [{5975978E-0480-4AB7-B2A9-A45F5530BEFD}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe FirewallRules: [{2E09C7BF-8032-4C1A-8C8A-FEE00306619E}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe FirewallRules: [{9C561D4A-170A-47D7-BE28-F95508401079}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe FirewallRules: [{C6D17F55-69E5-442F-9707-96B16D416061}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe FirewallRules: [{C70278CF-8704-4BFF-A24E-A9E3F9166C14}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe FirewallRules: [{51201320-76DD-4E76-AAD0-300B84E263C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{BED99026-E2AE-49DC-A4A4-19E294980919}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{24B64E34-DE94-4AFB-B0AB-4B74D5950EF8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{D9868B4A-F8BA-46D4-B7E8-07BD64E934DA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{2D91586A-F0D2-4C82-BFA6-C06ED2CF7D40}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{2F0A6F58-8FF5-43C4-9AB2-396F0B2FBA26}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{88980982-B296-4168-81A8-61D83F7EE571}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{5FFFA66F-AC0E-4E1A-B8F1-E756F72A02F3}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B78ADCBC-C54D-4C38-94F6-99B0A2BABC65}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B720D8E6-7984-47FB-AF29-751ECDF38350}] => (Allow) C:\Users\nikon\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{1B79817C-7E3D-4808-A140-0EEBB5EE1AC2}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{60A59F4D-9E5F-48EF-921F-AA3B2A68F6CD}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{65A362FA-8836-4F7B-B81E-ACFF86E4883C}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe ==================== Restore Points ========================= 25-05-2016 15:21:52 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2016 03:59:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Faulting module name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Exception code: 0xc0000417 Fault offset: 0x0000282f Faulting process id: 0x90c Faulting application start time: 0xUIExec.exe0 Faulting application path: UIExec.exe1 Faulting module path: UIExec.exe2 Report Id: UIExec.exe3 Error: (05/25/2016 03:25:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Faulting module name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Exception code: 0xc0000417 Fault offset: 0x0000282f Faulting process id: 0x89c Faulting application start time: 0xUIExec.exe0 Faulting application path: UIExec.exe1 Faulting module path: UIExec.exe2 Report Id: UIExec.exe3 Error: (05/25/2016 03:21:49 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e8a77b8b-611b-4331-927d-64f091a71d5f} Error: (05/25/2016 03:20:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: DLLEscort.exe, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: Qt5Core.dll, version: 5.3.0.0, time stamp: 0x777a675f Exception code: 0xc0000005 Fault offset: 0x001bf0e3 Faulting process id: 0xdd4 Faulting application start time: 0xDLLEscort.exe0 Faulting application path: DLLEscort.exe1 Faulting module path: DLLEscort.exe2 Report Id: DLLEscort.exe3 Error: (05/25/2016 02:50:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: TruNavPlayer.exe, version: 4.0.0.0, time stamp: 0x4df766c5 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fb9 Exception code: 0xc06d007e Fault offset: 0x0000845d Faulting process id: 0x84c Faulting application start time: 0xTruNavPlayer.exe0 Faulting application path: TruNavPlayer.exe1 Faulting module path: TruNavPlayer.exe2 Report Id: TruNavPlayer.exe3 Error: (05/25/2016 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: R002.exe, version: 0.0.0.0, time stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fb9 Exception code: 0x0eedfade Fault offset: 0x0000845d Faulting process id: 0xe88 Faulting application start time: 0xR002.exe0 Faulting application path: R002.exe1 Faulting module path: R002.exe2 Report Id: R002.exe3 Error: (05/25/2016 10:45:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HPSSFUpdater.exe, version: 8.1.0.37, time stamp: 0x56e79cff Faulting module name: KERNELBASE.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fb9 Exception code: 0xe0434352 Fault offset: 0x0000845d Faulting process id: 0xd68 Faulting application start time: 0xHPSSFUpdater.exe0 Faulting application path: HPSSFUpdater.exe1 Faulting module path: HPSSFUpdater.exe2 Report Id: HPSSFUpdater.exe3 Error: (05/25/2016 10:45:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: HPSSFUpdater.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.IO.FileNotFoundException Stack: at HPSSFUpdater.Report.PostIISLog(HPSSFUpdater.StatusCodeEnum, Int32, Int32, System.String, System.String, System.String) at HPSSFUpdater.ExecuteCommand.Execute() at HPSSFUpdater.Program.Main(System.String[]) Error: (05/25/2016 08:37:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Faulting module name: UIExec.exe, version: 0.0.0.0, time stamp: 0x4ad005f9 Exception code: 0xc0000417 Fault offset: 0x0000282f Faulting process id: 0x6f8 Faulting application start time: 0xUIExec.exe0 Faulting application path: UIExec.exe1 Faulting module path: UIExec.exe2 Report Id: UIExec.exe3 Error: (05/24/2016 04:32:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: R002.exe, version: 0.0.0.0, time stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.19135, time stamp: 0x56a1c680 Exception code: 0x0eedfade Fault offset: 0x000080d7 Faulting process id: 0x4a0 Faulting application start time: 0xR002.exe0 Faulting application path: R002.exe1 Faulting module path: R002.exe2 Report Id: R002.exe3 System errors: ============= Error: (05/25/2016 03:58:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DefaultTabUpdate service failed to start due to the following error: %%2 Error: (05/25/2016 03:24:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DefaultTabUpdate service failed to start due to the following error: %%2 Error: (05/25/2016 09:14:17 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (05/25/2016 08:35:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DefaultTabUpdate service failed to start due to the following error: %%2 Error: (05/25/2016 08:24:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DefaultTabUpdate service failed to start due to the following error: %%2 Error: (05/25/2016 08:24:39 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 19:27:11 on ‎24.‎05.‎2016 was unexpected. Error: (05/24/2016 04:03:50 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (05/24/2016 10:40:13 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (05/24/2016 03:38:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The DefaultTabUpdate service failed to start due to the following error: %%2 Error: (05/23/2016 10:48:57 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU 530 @ 1.73GHz Percentage of memory in use: 54% Total physical RAM: 2038.43 MB Available physical RAM: 932.63 MB Total Virtual: 4076.86 MB Available Virtual: 2813.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:39.06 GB) (Free:1.97 GB) NTFS Drive d: () (Fixed) (Total:39.06 GB) (Free:15.53 GB) NTFS Drive e: () (Fixed) (Total:33.57 GB) (Free:12.29 GB) NTFS Drive f: (Disc) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 9B5A9B5A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=33.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================