Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016 Ran by AUR (2016-08-02 12:01:50) Running from C:\Users\AUR\Desktop Windows 10 Pro Version 1511 (X64) (2015-12-31 09:01:02) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-3591377754-2368323356-1095364650-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-3591377754-2368323356-1095364650-500 - Administrator - Disabled) AUR (S-1-5-21-3591377754-2368323356-1095364650-1004 - Administrator - Enabled) => C:\Users\AUR DefaultAccount (S-1-5-21-3591377754-2368323356-1095364650-503 - Limited - Disabled) Guest (S-1-5-21-3591377754-2368323356-1095364650-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3591377754-2368323356-1095364650-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) AudaEnterpriseGold (HKLM-x32\...\{EA6F213F-005F-4F96-BC28-8516B244D54C}) (Version: 3.8.266 - Audatex UK Ltd.) AudaEnterpriseGold Vehicle Data (HKLM-x32\...\{F6AB6DFF-BBF2-4266-AADA-2F2DA25F1786}) (Version: 4.37.1.0 - Audatex UK Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) FastStone Photo Resizer 3.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.3 - FastStone Soft.) FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse) Global Claims Centre (HKLM-x32\...\{057271A0-F921-45E6-A62F-018C148AD090}) (Version: 3.0.22 - Audatex UK Ltd.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{5FCDA690-8D3F-4855-BEC5-B69977D23529}) (Version: 1.1.0.0 - Hewlett-Packard) HP LaserJet 400 M401 (HKLM-x32\...\{c7d3196c-1aa1-4f83-acf7-7fe3eaf9981c}) (Version: 8.0.13067.19 - Hewlett-Packard) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Interceptor (HKLM-x32\...\Interceptor_is1) (Version: - Autoclimate Ltd) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Kaspersky Total Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab) Kaspersky Total Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 48.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-GB)) (Version: 48.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio) Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio) OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PDF-XChange Editor (HKLM\...\{A4884C03-9420-4DE4-B5B5-8C40B1CC592A}) (Version: 6.0.317.1 - Tracker Software Products (Canada) Ltd.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden StartIsBack++ (HKU\S-1-5-21-3591377754-2368323356-1095364650-1004\...\StartIsBack) (Version: 1.3.1 - startisback.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Vision (HKLM-x32\...\{AAD3673B-820A-4E72-9253-B460E2D8AC35}) (Version: 1.0.0.0 - Bluegrasscoms Ltd) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH) Zero Assumption Recovery Version 9 (HKLM-x32\...\Zero Assumption Recovery_is1) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\AUR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{865e5e76-ad83-4dca-a109-50dc2113ce9b}\InprocServer32 -> C:\Users\AUR\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\AUR\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\AUR\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{c71c41f1-ddad-42dc-a8fc-f5bfc61df958}\InprocServer32 -> C:\Users\AUR\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com) CustomCLSID: HKU\S-1-5-21-3591377754-2368323356-1095364650-1004_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\AUR\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09B43599-1AE4-4833-99D4-C54F08C29960} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {103ECC2C-B769-4C11-8333-E2961367A093} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {1331F41C-EA7C-4C80-AD8D-FF3EAB8A45CE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {16F2928C-304E-4E07-A87B-0531E0EF84C4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {1AAB4476-6ED5-419F-9693-DAF5C1B89A86} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {1D816699-CC89-48E2-8BDE-13E7A1C9A61A} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {20A9771F-625F-4441-9D2D-6BC7A55949E8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {27B57458-D4FE-46A4-931F-5E11173ECB41} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {316F333A-BA46-4EDF-A25D-95B6301E8DEC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {32959AF3-343E-41DE-8F76-91B1B6277D34} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {339E245C-F21B-4813-B050-FD31400E04AB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {390FFFFC-AF50-483F-80DF-242899158880} - System32\Tasks\{975AD5E2-A6CF-4109-BEE8-1876AC776DAD} => pcalua.exe -a F:\setup.exe -d F:\ -c launch.hta Task: {39C72344-527F-4774-AE2E-335DBF321A52} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {3AFEB861-4B78-49F8-BF82-4E4511A23449} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {3B9C407F-0558-47BC-AADE-B58D5AEEFAE5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.) Task: {40414C73-BDDC-4ECA-B8EE-4173369CCF47} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {46B9F690-E7D0-4821-B4F3-620141B5EDC8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {4F6BCBDD-5CD6-4853-9EF7-3E33A0D84E11} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {4FC092FD-40E5-407F-B8E5-EECF5F9A607B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5652AC02-2A1B-4D5D-96C3-1C032DB8746C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5C67AB8A-2064-4873-A8AA-0694C4CDFB67} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {5FE87118-83CF-471A-ABC7-CA6568D4308A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {6046DCF6-D847-47C9-A656-8A827A17C78C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {64FEB574-D94B-40C6-9F82-1D194A2D083B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {668DD589-C45F-4EBD-8AD2-99CBB1C5D206} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {6D25906E-A62C-40DF-AB71-C52B82B99C8F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {74B3C339-7C62-4B3A-9A23-99C8EB2CAC87} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {76D08856-4BB7-4896-B376-8AAFDAFB8047} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {783F39BF-86D9-4AC2-90C5-1B2494AE3742} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {82B5A01E-BC93-4AFB-A05D-102507166C53} - System32\Tasks\{81ED0083-A374-4C27-85A4-90014B68A18A} => pcalua.exe -a G:\DCSOFT2\SETUP.EXE -d G:\DCSOFT2 Task: {87F74341-225B-4098-AAA6-42FE61F28F1F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task: {88624D2B-794C-416B-871D-D6EF1341A4AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8DA6E151-2B4F-498C-9630-D0EBF793846B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {9707583E-F6B1-4E68-8EF4-0BD9E75A3322} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {97770942-0E0E-4DB0-9505-090F0B11B1E2} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () Task: {9CA27377-92D8-4C23-8CDA-29AE69B0BBC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {A3CCA2B1-44E2-45E4-9164-8DF2786CD052} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {AF34BE93-33AB-4D49-B66B-F3EDFE6A6FF0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {AFA808A7-8661-4706-87F5-C9BC003BC182} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {B21408BC-7108-437E-9F7B-D167EC2C87A9} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {B3E16941-25B7-4113-9215-5B234173CACD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B9487D86-A923-4206-9D87-8D16412BAF28} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {C6DCA586-E19B-4F92-B541-3A11237BCF20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {CB0FDA7A-57F9-4199-B175-570D7FD48013} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {CD19569E-9608-4C99-9700-1FEC86ABB9B6} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION Task: {CE899445-5BEB-47FF-BBA5-C686F53AF19F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {CEDC69B7-0472-4A88-96F7-7D7197E60DE1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-01] (Dropbox, Inc.) Task: {DC648C5C-6761-42BF-BC40-A4AA4D42D41B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {E2ACC2A3-DFD1-4656-989C-DB6F5ED67109} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {E8E8FD32-213B-4F32-A3B6-A441C92AF058} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {EA956834-7F5C-46A5-A959-4E063FB069FC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {EDDA35DC-B7DA-4323-B86E-202A735E40F7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {F182D673-F8F1-40FF-A308-6D9899662965} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-14] (Microsoft Corporation) Task: {F5EEE037-BBD2-405B-8B5A-8A04492D1175} - System32\Tasks\Microsoft Office 15 Sync Maintenance for W501-AUR W501 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2016-02-09] (Microsoft Corporation) Task: {FF7DC309-EBA9-450F-BEF6-DE7E2358E73C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {FFB18CC3-3E76-4733-A13E-DB295597589E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-13 14:07 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-13 14:07 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-24 08:16 - 2016-05-24 08:16 - 00959168 _____ () C:\Users\AUR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-04-19 08:26 - 2016-04-19 08:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-31 17:29 - 2015-12-31 17:29 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 14:09 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-13 14:07 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 14:07 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 14:07 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 14:07 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2000-04-29 18:14 - 2000-04-29 18:14 - 00192512 _____ () C:\MultiClipboard\Multi Clipboard.exe 2015-02-10 14:12 - 2015-02-10 14:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll 2015-10-13 15:10 - 2015-10-13 15:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2014-06-11 05:19 - 2014-06-11 05:19 - 00622080 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.dll 2012-04-02 12:43 - 2012-04-02 12:43 - 00774144 _____ () C:\Program Files (x86)\Audatex\GCC\GCC.exe 2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.1\kpcengine.2.3.dll 2014-04-04 00:48 - 2014-04-04 00:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-04-19 08:26 - 2016-04-19 08:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 08:26 - 2016-04-19 08:26 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-10-13 12:14 - 2015-10-13 12:14 - 26904904 _____ () C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll 2015-10-13 11:21 - 2015-10-13 11:21 - 00405504 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti 2015-10-13 12:02 - 2015-10-13 12:02 - 00430080 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti 2016-05-24 08:16 - 2016-05-24 08:16 - 00679624 _____ () C:\Users\AUR\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-10-13 11:05 - 2015-10-13 11:05 - 02351104 _____ () C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll 2016-06-30 08:25 - 2016-06-30 08:25 - 00964096 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll 2015-09-11 09:03 - 2015-09-11 09:03 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll 2016-06-29 08:25 - 2016-06-29 08:25 - 03311000 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2016-07-28 10:01 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3591377754-2368323356-1095364650-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\AUR\OneDrive\Documents\Pics\P1020818.jpg DNS Servers: 192.168.75.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{90B389D2-9ED9-4B5C-B535-B8327159936E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6BFD3D34-261C-45B9-831E-88A97DBAD1BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{43093C6D-E187-4412-A55C-E763DD95B9BE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{7E36EBF7-4289-4F97-B6CC-E5BC8AA913DA}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{86CC09DE-B4B2-4557-BE3F-F97835726ACE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{CA7CD6C7-4AFB-4BDB-810F-FED459216BC8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe FirewallRules: [{92F90DE3-C744-4221-9603-C4B7D4DA7BBF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{EBAE8480-2FD7-49D3-82EA-F6EC29013617}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9A2504F8-909F-45C1-A7CA-B047549014F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4EC5E66D-4BBE-471B-8C3B-363DE3266F13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CDFFB6EE-01CB-4C2F-9D0B-12C1031B1180}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BD6238A7-B835-437B-8E6D-9938C4457E34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{C28E0C61-F695-42C2-AAC9-52031A459A3B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{2861970E-924B-490B-9F27-CD3AE5E12B17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{7080301B-0A0A-4111-AF5D-28455F618A13}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DE594D8E-1618-4036-8506-A68F64831A64}] => (Allow) LPort=2869 FirewallRules: [{FE9F2EB3-E81F-4DBC-9E78-B483571A6A3F}] => (Allow) LPort=1900 FirewallRules: [{708C508E-4BC8-4FB5-8F95-4B14A196E269}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{07770716-653D-4A58-B7DF-D4B88333F2C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{078F0980-6670-4A3F-A9B5-C2DE1E1B2413}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B9B6EFC9-5B60-44D5-AD68-227BAC7BBC01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{94EE5A83-1840-4746-B96D-498BBE3D6E60}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{7AE91E9B-2310-4FE1-BFA8-13D3788E32EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1E712BE7-C3C3-4CA9-A763-55562500029B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{CBE92FD4-E622-4131-8017-8AF18C61EF82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E1353178-3673-4D64-A51D-ED329C0C4E31}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{25878116-E3CE-4356-A073-916C52C98755}] => (Allow) LPort=1688 FirewallRules: [{1C77630D-2DA2-442C-B6D7-0F69A5364374}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{CC7DB69D-F80A-45A6-8ECB-DC8688A3D49F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8A0A51B0-E099-47FB-B819-790818E5EBE6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{802A8842-07FA-44D9-BCE3-79DF528047B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe ==================== Restore Points ========================= 28-07-2016 08:54:12 JRT Pre-Junkware Removal 02-08-2016 10:24:44 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/02/2016 10:39:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: W501) Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/02/2016 10:39:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: W501) Description: Package Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend. Error: (08/02/2016 10:25:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/02/2016 10:07:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.494, time stamp: 0x5775e715 Faulting module name: ieapfltr.dll, version: 11.0.10586.494, time stamp: 0x5775e5df Exception code: 0xc0000005 Fault offset: 0x00000000000c3190 Faulting process id: 0x16cc Faulting application start time: 0xMicrosoftEdge.exe0 Faulting application path: MicrosoftEdge.exe1 Faulting module path: MicrosoftEdge.exe2 Report Id: MicrosoftEdge.exe3 Faulting package full name: MicrosoftEdge.exe4 Faulting package-relative application ID: MicrosoftEdge.exe5 Error: (08/02/2016 09:20:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: W501) Description: Package Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend. Error: (08/02/2016 09:04:24 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Picasa3.exe version 3.9.141.259 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2054 Start Time: 01d1ec8ed1f5baca Termination Time: 26 Application Path: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe Report Id: b70cee7a-5887-11e6-9c0e-40a8f059600e Faulting package full name: Faulting package-relative application ID: Error: (08/01/2016 10:36:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: W501) Description: Package Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend. Error: (08/01/2016 08:40:35 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb Exception code: 0xc0000409 Fault offset: 0x00000000000a9ba0 Faulting process id: 0x1898 Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report Id: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (07/28/2016 12:23:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ZAM.exe, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f Exception code: 0xc000070a Fault offset: 0x000ea1fe Faulting process id: 0x598 Faulting application start time: 0xZAM.exe0 Faulting application path: ZAM.exe1 Faulting module path: ZAM.exe2 Report Id: ZAM.exe3 Faulting package full name: ZAM.exe4 Faulting package-relative application ID: ZAM.exe5 Error: (07/28/2016 11:14:50 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb Exception code: 0xc0000409 Fault offset: 0x00000000000a9ba0 Faulting process id: 0x225c Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report Id: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 System errors: ============= Error: (08/01/2016 05:09:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_31e45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/01/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_31e45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/01/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_31e45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/01/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_31e45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/01/2016 04:45:01 PM) (Source: DCOM) (EventID: 10016) (User: W501) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}W501AURS-1-5-21-3591377754-2368323356-1095364650-1004LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (08/01/2016 08:13:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (07/29/2016 06:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_131a31 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/29/2016 06:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_131a31 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/29/2016 06:38:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_131a31 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-07-29 13:32:30.068 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-29 09:36:53.039 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-28 12:26:45.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-28 11:59:33.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-27 15:39:16.788 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-27 15:39:16.762 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-27 15:39:16.745 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-27 15:39:16.730 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-27 15:37:49.608 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-27 15:37:49.561 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G3220 @ 3.00GHz Percentage of memory in use: 73% Total physical RAM: 4024.17 MB Available physical RAM: 1066.13 MB Total Virtual: 4832.36 MB Available Virtual: 1737.75 MB ==================== Drives ================================ Drive c: (Windows ) (Fixed) (Total:919.6 GB) (Free:808.36 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:10.81 GB) (Free:1.2 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 Drive g: () (Removable) (Total:7.39 GB) (Free:7.31 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5E0632E5) Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=100 MB) - (Type=0C) ======================================================== Disk: 2 (Size: 7.4 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================