Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01 Ran by Joe (10-06-2017 09:05:47) Running from C:\Users\Joe\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-02-29 11:07:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3292478683-1069677828-4044609029-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-3292478683-1069677828-4044609029-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3292478683-1069677828-4044609029-1002 - Limited - Enabled) Joe (S-1-5-21-3292478683-1069677828-4044609029-1000 - Administrator - Enabled) => C:\Users\Joe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus) AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS) AVG (Version: 1.191.1 - AVG Technologies) Hidden AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies) CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden ETDWare PS/2-X64 8.0.5.1_WHQL (HKLM\...\Elantech) (Version: 8.0.5.1 - ELAN Microelectronic Corp.) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS) FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.2.183.13 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP OfficeJet 4650 series Basic Device Software (HKLM\...\{AD2313B9-714F-496E-AD7F-20532E833EB2}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{C60E2D8F-0FC0-497D-A149-90F3B361937C}) (Version: 12.3.6.9 - HP) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel) Ipswitch WS_FTP LE (HKLM-x32\...\{B3A31EEE-7C65-4EE6-BB0D-5549FD2D67B9}) (Version: 6.00 - ) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Money 2003 (HKLM-x32\...\{019210C1-32C8-423C-BEFD-763C8E7A188F}) (Version: 11.0.120 - Microsoft) Microsoft Money 2003 System Pack (HKLM-x32\...\{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}) (Version: 11.0.120 - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOKR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation) NetObjects Fusion 12.0 (HKLM-x32\...\{2E5FC13B-CF5D-4D2C-9353-A0E28B5DED1E}) (Version: 12.0 - NetObjects) NetObjects Fusion 12.0 (x32 Version: 12.00.0000.5024 - NetObjects) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS) winSPMBT (HKU\S-1-5-21-3292478683-1069677828-4044609029-1000\...\winSPMBT) (Version: - ) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS) 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation) 適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CA635E2-5039-4F00-B98B-EF2FB639F53F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {100A99C2-370D-42B4-9969-0BB419FC90F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {19CCFC5A-D7B5-4AA8-8973-9333BF64DAA7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-05-21] (AVG Technologies CZ, s.r.o.) Task: {1D6B746D-CBE0-4267-9A35-834F752E4067} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {31D51453-EF6D-4075-918E-286C83840748} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {33D120CE-906B-41D7-AEB9-87D89B7CD905} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {4C75A80B-A7F6-4971-A920-51A8386F12B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.) Task: {77E0E1B0-2CE9-42C4-A53E-F75B7EA86167} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {82625265-548E-453D-9C7A-FAD315B0BFC9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {83431E4B-58FA-4E94-A685-4A8C24ACE11F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd) Task: {8B761605-8C6F-4434-B44F-17ABCAA1EA16} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe Task: {9E38AD59-D36C-4EA6-A00C-52342AD410E4} - System32\Tasks\HP AR Program Upload - 0c1d50f6dfb8448cbb5e34adf0f3a94dd764fa0704d04fe1918a73ed1b429183 => C:\Program Files\HP\HP OfficeJet 4650 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP) Task: {C2DC2DC2-2F7C-4E11-AD34-AFEBB4234E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.) Task: {E610E3AF-C82A-4ED9-84BC-5D7854EBD4B2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-21 08:39 - 2017-05-21 08:39 - 00163152 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00827088 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00276904 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll 2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-09-23 19:53 - 2010-09-23 19:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2017-05-21 08:39 - 2017-05-21 08:39 - 00171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00178120 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00224352 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll 2017-06-09 05:46 - 2017-06-09 05:46 - 05996032 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17060900\algo.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00685784 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00231760 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll 2017-06-10 08:36 - 2017-06-10 08:36 - 05996032 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17060904\algo.dll 2017-05-21 08:37 - 2017-05-21 08:36 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 00999024 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll 2017-05-21 08:39 - 2017-05-21 08:39 - 67717632 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll 2015-12-02 11:58 - 2015-11-16 13:32 - 00919040 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3292478683-1069677828-4044609029-1000\...\adobe.com -> hxxps://www.get.adobe.com IE trusted site: HKU\S-1-5-21-3292478683-1069677828-4044609029-1000\...\microsoft.com -> hxxps://answers.microsoft.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3292478683-1069677828-4044609029-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AeLookupSvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\Windows\pss\AsusVibeLauncher.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe MSCONFIG\startupreg: HP OfficeJet 4650 series (NET) => "C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH6A74B16P0662:NW" -scfn "HP OfficeJet 4650 series (NET)" -AutoStart 1 MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe" MSCONFIG\startupreg: IntelTBRunOnce => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" MSCONFIG\startupreg: MoneyAgent => "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe" MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe" MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 MSCONFIG\startupreg: Setwallpaper => c:\programdata\SetWallpaper.cmd MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869 FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900 FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353 FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182 FirewallRules: [{33DC8018-2E9C-45C4-AF91-CCD3DCC36FC4}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS70CE\HPDiagnosticCoreUI.exe FirewallRules: [{A75C05C2-B426-4E50-AE40-F2F4C3F7CB30}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS70CE\HPDiagnosticCoreUI.exe FirewallRules: [{725AB2F3-4E3F-42A9-B18C-296BCCDF729F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{1FD59BC5-DECD-4A31-BB5D-13F8E11B0A60}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{2D64BE87-690D-4EAA-BD77-304BFB0B44BD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{A5932B3C-4765-44A7-BCD8-3ACE2E17C982}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{D5657996-6BD7-4229-8E73-0ADEB7ACEBFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{BA728FDC-02DA-494F-89F6-AFBE88AFC5A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{FAFA8DB9-A60C-4C14-843B-4B301F93C5E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{D5EEDE53-9DD5-4D9C-9724-F1B9C52A66BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{8B27EC77-ACFC-43E6-976D-2096B002D345}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{C1508BBB-7602-41D1-9DC4-341EA6791D94}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{D2C97427-F402-4CC7-8DB8-DBAA364FE9DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{DDC97219-C1F4-4493-9210-7A3A3BBF2A42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{186B1B5B-1828-4DC5-9482-AE282D485A0D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{9EDC2E83-B6DE-425C-8744-DBA327B3CAEF}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{CEE32A35-0CE6-4842-ADDB-0C07AAC37878}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS013D\HP.EasyStart.exe FirewallRules: [{F8C02DCE-F371-49A9-82C0-6C49DCF9D37E}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe FirewallRules: [{B012D855-9CBD-4034-B7A9-E1D7737DAB11}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe FirewallRules: [{03D91D14-94BC-4F48-B861-FABFCD58878C}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe FirewallRules: [{9F78C7C9-0D35-4D43-B0C2-35129BB7412A}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe FirewallRules: [{B87B2FD7-8B92-4E15-9DD0-A77463969450}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe FirewallRules: [{6B41BF42-F1CC-491A-8033-64532629A2C0}] => (Allow) LPort=5357 FirewallRules: [{01CD6BD1-C9A4-4408-8021-34CD8F4F02E8}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{FA5CF614-059D-4996-9EB3-B9E7D703C563}] => (Allow) C:\Users\Joe\AppData\Local\Temp\Temp1_DCS-930L_REVA_SETUPWIZARD_1.04.10_WIN.ZIP\wizard\autorun.exe FirewallRules: [{F5BD66EA-9C2F-4B0F-B8ED-DC8A3B6F8D62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A6AAB548-51A4-4FC1-AF4E-A78FB353EF62}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS5097\HPDiagnosticCoreUI.exe FirewallRules: [{2AC68D65-ED80-479B-B6D5-8E39452B6766}] => (Allow) C:\Users\Joe\AppData\Local\Temp\7zS5097\HPDiagnosticCoreUI.exe ==================== Restore Points ========================= 27-05-2017 11:05:49 Windows Modules Installer 27-05-2017 16:12:58 Windows Modules Installer 28-05-2017 16:16:21 Installed inSSIDer Home 05-06-2017 08:49:17 Intel® Driver Update Utility 08-06-2017 20:54:36 Intel® Driver Update Utility ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2017 05:55:00 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1230 Start Time: 01d2e10e661068fb Termination Time: 15 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (06/09/2017 05:47:28 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:28 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:28 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:28 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: Element not found. (HRESULT : 0x80070490) (0x80070490) Error: (06/09/2017 05:47:25 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:25 AM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: The Windows Search Service cannot load the property store information. Context: Windows Application, SystemIndex Catalog Details: The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800) Error: (06/09/2017 05:47:25 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:25 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) Error: (06/09/2017 05:47:25 AM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: The Windows Search Service cannot open the Jet property store. Details: 0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800)) System errors: ============= Error: (06/09/2017 05:47:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (06/09/2017 05:47:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error: (06/09/2017 05:47:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/09/2017 05:47:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz Percentage of memory in use: 24% Total physical RAM: 7970.21 MB Available physical RAM: 6032.82 MB Total Virtual: 15938.64 MB Available Virtual: 14204.16 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:377.62 GB) NTFS ==>[drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08956373) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=440.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================