Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-05-2017 01 Ran by William (04-05-2017 10:19:02) Running from C:\Users\William\Desktop Windows 10 Home Version 1607 (X64) (2016-10-22 08:33:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3526073170-1583772248-2959233235-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3526073170-1583772248-2959233235-503 - Limited - Disabled) Guest (S-1-5-21-3526073170-1583772248-2959233235-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3526073170-1583772248-2959233235-1002 - Limited - Enabled) William (S-1-5-21-3526073170-1583772248-2959233235-1001 - Administrator - Enabled) => C:\Users\William ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Maximum Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Trend Micro Maximum Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden AVG Online Backup (x32 Version: 6.5.1.108 - AVG) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent) HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard) HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard) HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard) HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard) HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden Hulu Desktop (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe) Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - ) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.6 - NVIDIA Corporation) PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com) Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) YourTemplateFinder Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\YourTemplateFinderTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02D7F76C-397B-49EB-8B7B-CD8B61FA8283} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {08AB6384-9A09-493C-BD2F-0BABE25C4AD0} - System32\Tasks\HPCeeScheduleForWilliam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {0B7D27A5-EEB9-4075-B0F9-FDD9439A1B83} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink) Task: {14C4F043-2625-4D3A-A396-667EE3F0C315} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {1859C22B-680D-4A04-A8B9-D81BA5399772} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {21DDFA2F-3A7D-47D5-8654-475D093D246D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {238E40ED-4D14-4F07-A95D-FA7DEC5D0C39} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {260FDA65-96D7-4923-A7B5-5238E57B5E38} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {261FCE89-8502-4429-A596-52CC845BC41B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {2B22E2C5-EA49-4559-AFBD-F73C72654617} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {364D2656-A8FA-4C0C-9072-C49D0A1D72E2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {3AF7C009-E76B-413D-A643-CB06582CE06A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {44776A2E-3338-4A7D-A5AC-AA7A9818B812} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {4738408D-1C65-4040-9C23-73E1E6DE4F89} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {533043F3-61A5-4EB5-9062-70A31D6129A7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {5B147D90-4D80-41F5-BE0E-40BE7FB8BEBF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\William\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe Task: {60F567A5-1DE5-43F8-8452-525B5125375E} - System32\Tasks\AVG Online Backup - AVG78224 => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [2016-08-30] (AVG Online Backup) Task: {676CF028-ABE1-4747-BFE4-F62A742560EE} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {7BD1D809-2F0F-4238-BD1E-A71C519D7222} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {840EDF36-3607-40E5-90B6-E93DF12D6BF7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {A2D368AE-5279-4D03-915D-76BF45312D5E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {A45D4F49-E07D-4CD3-957D-EE8F242D4A59} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe Task: {AC301344-A8D4-4C8E-9CF2-988ED88980DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {C8624761-CE01-4ED2-A931-BBDAE1529B61} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {CAC9649C-A26A-43AD-9786-EC630F8AB23B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard) Task: {CAEAD46F-5CA1-4803-A721-3B5D58EAD8F0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {CD2928B4-8046-483C-9521-F4F7CF9BE3CD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {D0A23BE4-1996-4F79-8758-299B109C0DBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {D5CB447C-7878-41BF-8E67-1D20D6C7DBF6} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION Task: {E2081106-BE16-4EB3-B52F-AA2FE434917F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {F36D7E41-4DFE-4BBE-9D59-90ED3DBAC7BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {F918362F-DECA-4F39-B635-29FBC3ECD68A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {FCCA2E56-E461-4CBD-A7F3-41EB9F56F907} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-09-21 18:43 - 2015-03-31 07:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll 2016-09-21 18:43 - 2015-03-31 07:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2016-09-21 18:40 - 2015-07-16 14:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2016-09-21 18:43 - 2015-07-16 14:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-22 15:40 - 2017-03-04 03:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-22 07:58 - 2016-10-22 07:58 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-22 15:46 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-22 15:39 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-03-22 15:39 - 2017-03-04 02:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-22 15:39 - 2017-03-04 02:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-07 03:38 - 2016-10-11 04:52 - 00077072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2017-05-03 17:44 - 2017-03-22 10:24 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-05-03 17:44 - 2017-03-23 19:40 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-04-01 17:17 - 2017-04-01 17:17 - 14350336 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.52.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll 2009-10-22 22:50 - 2009-10-22 22:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgApiWrapper => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AvgUpgrade => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClientManager => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\hp\Hp_1.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AvgApiWrapper => 2 MSCONFIG\Services: AvgUpgrade => 2 MSCONFIG\Services: ClientManager => 2 MSCONFIG\Services: sagentservice => 2 HKLM\...\StartupApproved\StartupFolder: => "PictureMover.lnk" HKLM\...\StartupApproved\Run: => "PC-Doctor for Windows localizer" HKLM\...\StartupApproved\Run32: => "AVG_UI" HKLM\...\StartupApproved\Run32: => "AvgUi" HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\StartupApproved\Run: => "HPADVISOR" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5E0BE303-10B5-414A-AC68-242CD90DE656}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{365FF2AE-C101-4DFC-B458-2BC56542BA3A}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{C2434B2C-1748-4808-B9CC-BA26A9058EA3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe FirewallRules: [{E9E5EAD7-10C8-4328-A177-7D61EBF24558}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe FirewallRules: [{1D9F9192-241F-4B65-AF6B-79CDA00F109A}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe FirewallRules: [{321EE818-508D-465C-8E42-671720692AF7}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe FirewallRules: [{7BDF9A3E-F198-4F6B-B44C-F0E4C299FCD3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [{4880A744-175E-4894-824F-13A151A2A132}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe FirewallRules: [{1D054CA5-E329-40AF-A202-1479C4FCD6DE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe FirewallRules: [{18B8E588-C53C-479E-A225-CED02417B9B3}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe FirewallRules: [{866089F2-FBAC-4F31-B012-69AFE1A98C37}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe FirewallRules: [{772D1779-862C-4621-9AB8-321BB6AD39AD}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe FirewallRules: [{DB1572C1-3FA6-4D06-A23D-44948DB3CF44}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe FirewallRules: [{19099448-427F-4897-984C-74B433E97D96}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{7FFE5900-3116-4649-9157-4C8AB7647095}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{6DE2D9DE-38B3-4B6D-BD8F-974956CCE4AB}] => (Allow) svchost.exe FirewallRules: [{30A44DB5-4E2C-4B38-BC1F-A162FBC750E3}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{16D4F267-82E9-41C2-97CD-A56881C68FAC}] => (Allow) LPort=4158 FirewallRules: [{EE6D7340-D9FD-49AE-987F-DE2DF7DFA24C}] => (Allow) LPort=30861 FirewallRules: [{CDE2D2B6-A9FA-4393-955C-3FF0FED6C89C}] => (Allow) LPort=30869 FirewallRules: [{19357686-8590-4010-9EBF-F0CE3F0CF65A}] => (Allow) LPort=30870 FirewallRules: [{BE2774AE-AE5C-4C04-8F04-D9D0285DB934}] => (Allow) LPort=30871 FirewallRules: [{B053DAB0-BC1C-4972-A9B5-C0FAE72AEC9B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{38157AB0-1413-4B5B-B110-0BB0B4CC5105}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{D69F4EC7-13D5-420F-82D3-482CD6A2FC4B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{3EEAD8DE-504C-44BC-B236-5847EC394699}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BB8AEF9E-1F04-415A-88F1-B5B560FA190E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 04-04-2017 13:10:13 Scheduled Checkpoint 13-04-2017 23:34:59 Scheduled Checkpoint 16-04-2017 19:00:04 Windows Backup 30-04-2017 13:39:01 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/04/2017 08:51:25 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (05/04/2017 08:51:23 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (05/04/2017 12:02:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/04/2017 12:02:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/04/2017 12:00:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:59:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (05/03/2017 11:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: 14189-WILLIAM-L) Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (05/04/2017 09:23:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:44:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:43:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout. Error: (05/04/2017 08:43:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Update Orchestrator Service for Windows Update service terminated with the following error: The class is configured to run as a security id different from the caller Error: (05/04/2017 08:43:04 AM) (Source: DCOM) (EventID: 10010) (User: 14189-WILLIAM-L) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (05/04/2017 08:34:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:15:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 08:09:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). Error: (05/04/2017 07:33:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/04/2017 12:08:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-05-04 07:38:33.495 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:38:26.045 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:35.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:05.954 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:37:05.508 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:36:50.855 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 07:36:09.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:08.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:08.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-04 00:12:07.275 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. [0x7FF9E90970E3] ANOMALY: use of REX.w is meaningless (default operand size is 64) ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 250 Processor Percentage of memory in use: 51% Total physical RAM: 3839.3 MB Available physical RAM: 1859.16 MB Total Virtual: 7679.3 MB Available Virtual: 5565.22 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:584.87 GB) (Free:520.41 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.77 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=584.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=10.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================