Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2016 01 Ran by joey (19-11-2016 21:08:19) Running from C:\Users\joey\Desktop Windows 7 Professional Service Pack 1 (X64) (2015-12-28 14:14:57) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3334329050-1205438810-3444544024-500 - Administrator - Disabled) Guest (S-1-5-21-3334329050-1205438810-3444544024-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3334329050-1205438810-3444544024-1002 - Limited - Enabled) joey (S-1-5-21-3334329050-1205438810-3444544024-1000 - Administrator - Enabled) => C:\Users\joey ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AV: AVG Internet Security (Disabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.18 - Adobe Systems) AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk) Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk) Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) AVG (HKLM\...\AvgZen) (Version: 1.111.2.45832 - AVG Technologies) AVG (Version: 16.131.7924 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4664 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.131.7924 - AVG Technologies) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies) AVG Zen (Version: 1.111.9 - AVG Technologies) Hidden Bentley OpenSTAADOEM (HKLM-x32\...\{4F180E04-ED69-40A7-95F0-2228E5C60AB2}) (Version: 08.02.09.41 - Bentley Systems, Inc.) Bentley SPC Server v8i SS4 (HKLM-x32\...\{C88234D5-2327-4B3D-9D75-9F2749930B04}) (Version: 8.11.11.14 - Bentley Systems, Inc.) Bentley Structure Property Catalog V8i SS4 v3.1.4.2 (HKLM-x32\...\{1D70E5D3-34E6-4EE8-BFB7-AB1DDC8DE0D1}) (Version: 3.1.4.2 - Bentley Systems, Inc.) Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.62 - Conexant) DriverDoc (x32 Version: 1.3.2 - Solvusoft Corporation) Hidden Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.8 - Lenovo) FMW 1 (Version: 1.132.1 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP DeskJet 2130 series Basic Device Software (HKLM\...\{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) HP DeskJet 2130 series Help (HKLM-x32\...\{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation) Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.38.2.4 - Silicon Motion) Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.38.2.4 - Silicon Motion) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation) Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo) PipeLink for STAAD.Pro V8i (Build 20.14.11.04) (HKLM-x32\...\{A7979F57-9431-4CD4-AE4B-50D407EBA400}) (Version: 20.14.11.04 - Bentley Systems, Inc.) Product Improvement Study for HP DeskJet 2130 series (HKLM\...\{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) SketchUp 2015 (HKLM\...\{319CD380-1AAB-4CAD-BE1D-59189A780FA6}) (Version: 15.2.685 - Trimble Navigation Limited) SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk) STAAD.foundation V8i (SELECTseries 4) Release 5.3 (HKLM-x32\...\{EF9432B0-F705-46FB-A864-2AE17F571E7A}) (Version: 05.03.00.37 - Bentley Systems Inc.) STAAD.Pro V8i SELECTseries 6 (HKLM-x32\...\{8A6D0892-27A0-4429-8C85-15DCF73B8529}) (Version: 20.07.11.33 - Bentley Systems, Inc.) StrucLink for STAAD.Pro V8i (Build 20.14.11.05) (HKLM-x32\...\{127FE612-C33A-410E-B11C-A98025A6D366}) (Version: 20.14.11.05 - Bentley Systems, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3334329050-1205438810-3444544024-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {609C0955-D202-4C46-BAC3-0A17B40E1164} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) Task: {7819E578-BC76-4965-AE5B-8AD3811D046D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.) Task: {BD46C086-9A9E-4793-853F-19CAD91AA8FC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {C228B85B-C298-47C9-98EA-00620EF063A5} - \DriverDoc Auto Start -> No File <==== ATTENTION Task: {C266F004-4397-4429-B0A9-8827E69C46AB} - \AVAST Software\Avast settings backup -> No File <==== ATTENTION Task: {F18AC037-012D-451D-AB2D-6C2AE1296242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.) Task: {F7E06DE4-2323-47AF-88E7-55AA775A787D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-29] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\joey\Desktop\Shortcuts\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic ShortcutWithArgument: C:\Users\joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ==================== Loaded Modules (Whitelisted) ============== 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-11-15 10:31 - 2016-11-15 10:31 - 17772736 _____ () C:\Users\joey\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" e" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-10-24 23:58 - 2016-10-26 21:14 - 00000828 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3334329050-1205438810-3444544024-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\joey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: BitTorrent => "C:\Users\joey\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Energy Management => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe MSCONFIG\startupreg: EnergyUtility => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{FC761DEB-9513-494F-AF3B-A2BB17AD68AC}] => (Allow) LPort=50248 FirewallRules: [{71AA814A-4BC7-4225-B86F-64CE3514385B}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe FirewallRules: [{4B08A3D5-E199-4CE6-83E5-A7E9601BAE46}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{EE75F78E-92CE-4569-8889-D616C60B0D39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{F7E79DDB-CBB0-4D8D-91B7-4BB0C998AD2C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{42800C58-74E2-4BF8-8309-789E3DC3CA34}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{4BF0C8D7-D3A3-4A23-A1EC-0AF6CB55242A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{D0C1DD3E-2A61-4EB0-ABEC-0FBD2AF9DF7B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{3363FBCB-84BC-496F-B614-FC8A45DB0542}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{2FBBF327-6965-4B34-BA97-825A1956A604}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Restore Points ========================= 24-10-2016 21:22:28 Windows Update 25-10-2016 03:00:30 Windows Update 10-11-2016 09:04:02 Windows Update 15-11-2016 18:54:57 Windows Update 19-11-2016 10:30:18 Installed AVG 2016 19-11-2016 10:33:45 Installed AVG 19-11-2016 16:32:46 JRT Pre-Junkware Removal 19-11-2016 16:46:46 Windows Update ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (11/19/2016 08:57:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/19/2016 08:27:00 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8007000e) Error: (11/19/2016 08:21:32 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x80070008) Error: (11/19/2016 04:47:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service vToolbarUpdater40.3.6 since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (11/19/2016 04:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/19/2016 11:13:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/19/2016 08:15:17 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/17/2016 10:07:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/17/2016 07:18:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/16/2016 10:03:19 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (11/19/2016 09:07:21 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. Error: (11/19/2016 09:06:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. CodeIntegrity: =================================== Date: 2016-10-26 02:45:19.803 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:19.787 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:19.756 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:19.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:19.725 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:19.693 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:11.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:11.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:11.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-26 02:45:11.769 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz Percentage of memory in use: 42% Total physical RAM: 1974.85 MB Available physical RAM: 1144.66 MB Total Virtual: 4935.85 MB Available Virtual: 4135.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.21 GB) (Free:134.73 GB) NTFS Drive d: (Data) (Fixed) (Total:269.36 GB) (Free:221.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=269.4 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=1.1 GB) - (Type=12) ==================== End of Addition.txt ============================