Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016 Ran by Spirit (12-12-2016 13:51:34) Running from C:\Users\Spirit\Desktop Microsoft Windows 10 Pro Version 1607 (X86) (2016-10-31 03:54:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1562041459-4216995153-4248193827-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1562041459-4216995153-4248193827-503 - Limited - Disabled) Guest (S-1-5-21-1562041459-4216995153-4248193827-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1562041459-4216995153-4248193827-1002 - Limited - Enabled) Spirit (S-1-5-21-1562041459-4216995153-4248193827-1000 - Administrator - Enabled) => C:\Users\Spirit ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM\...\InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}) (Version: 1.3.17.05006 - Alcor Micro Corp.) Alcor Micro USB Card Reader (Version: 1.3.17.05006 - Alcor Micro Corp.) Hidden CorelDRAW Graphics Suite X3 (HKLM\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Uw bedrijfsnaam) FontNav (Version: 5.0 - Corel Corporation) Hidden Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Malwarebytes versie 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes) Microsoft Office Language Pack 2010 - Dutch/Nederlands (HKLM\...\Office14.OMUI.nl-nl) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM\...\Office14.PROOFKIT) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 47.0 (x86 nl) (HKLM\...\Mozilla Firefox 47.0 (x86 nl)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NL (Version: 13.0 - Uw bedrijfsnaam) Hidden Norton 360 Online (HKLM\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6050 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.30 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated) Update Manager (Version: 4.60 - Corel Corporation) Hidden VBA (Version: 6.2 - Corel Corporation) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN) Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-1562041459-4216995153-4248193827-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0274274E-24E2-4511-95CF-5557AC6FDC63} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Online\Upgrade.exe [2016-02-26] (Symantec Corporation) Task: {07D51F85-BDE3-436D-A837-FDB0C9B8D981} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {0EDF7EE7-CBBA-435B-A94E-D96ED7F49750} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {10334EB2-EC66-445F-9A98-31381A06CEC9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {117B6234-E0B2-467B-8FEB-00C534E1C883} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {14D2CAFD-95C0-462E-B2B7-91BDD5E126E9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {1654CA70-9F4F-48EF-93FF-7C847DBFF7D2} - System32\Tasks\DriverWhiz_RebootScan => C:\Program Files\DriverWhiz\DriverWhiz.exe Task: {1ABC8D0F-1193-4D24-960E-70B22554C527} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2178A1B8-CDB7-46B8-9FC9-EC05D6F7B042} - System32\Tasks\{BB4EF408-C895-4F94-BA84-5D67BB282E65} => pcalua.exe -a D:\WinWDF\x64\setup.exe -d D:\WinWDF\x64 Task: {29B2B57A-232B-4C0A-85EE-9110878AB083} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2A373772-178C-4144-997F-9239F20A34B3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation) Task: {2A917DE1-C507-4F3F-A849-6BFF0D827031} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {307F2A75-C41D-4BE6-BAFB-0FA80C02CB7F} - System32\Tasks\KMSAuto => C:\Program Files\KMSAutoS\KMSAutoXP.exe Task: {31B5FEB6-6C29-450D-8800-A83369A26DD3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4021A525-8139-4802-88EF-9F950C984CF7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {41060110-9649-4D3D-95FE-A81F592A4F3D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {4E431AB1-F5A5-415D-B346-4BD2DA2C9CC2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4F1D10ED-BB92-43A6-A554-106376FC7BA4} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {529FB168-8869-4CB2-ACAE-B9BE98DB3267} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-16] (Google Inc.) Task: {539953C4-8F2F-4939-B3DF-54E41BB176BF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5473D6C2-5F0E-44AA-A852-4EB42332A535} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe Task: {55743EC2-F4AB-4B90-B077-0A088F620E55} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {582C52AE-F2A3-46F8-BB2D-E11E4F24A591} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {5BA5D521-1259-4CF7-A3B8-4C5B481F4437} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {5CA01228-8C89-452B-9C2F-3C09B47BECC4} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5CF8EF21-FE4E-4C3F-BEE9-CACC2042D886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {61A6DD05-D339-4755-9671-1E386D8B6447} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6C0FC48D-059B-4210-9E0F-6FE5501A708D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {86E8F224-B608-47A9-8F04-F6535D4B4B00} - System32\Tasks\InstallShield Update Service => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11] (Macrovision Corporation) Task: {905691E0-4288-48DC-8087-5BD45BC666AD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {921345D8-C8D3-4609-99EB-B48A40CEE6B4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9E1CD155-8137-4739-B43D-679F7063E87A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9F8563F5-2C70-49FA-8D18-4278C99FE6D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-05-16] (Google Inc.) Task: {9F96704E-09C6-46E5-8082-61FA58667195} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A0662D6F-1820-4C53-8B08-B4053A61F0DE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B2E7449C-AABA-4BDB-B1DE-7591B4975BAB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B3A431DA-8ABC-43B7-B50A-C1F57A4BEBD5} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files\Norton 360\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {BCC55EC6-F17F-45D0-B62E-2EAE512F941B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C0A96455-865F-4AF6-A8FD-CBA9CFFBFB17} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {C5CA005F-8B14-4521-9D9C-38C1948FC91A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-19] (Adobe Systems Incorporated) Task: {CF40019A-590F-4276-9649-92D144F5E478} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {D1801CDB-4F0A-44E1-9C46-FF28390D7645} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D278868C-D900-4B99-A098-CC84095D669A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {DBB7BBDB-5F7C-4339-BA51-83FD33456073} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E3DB9E04-20C5-42DF-B242-66A403521781} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {E6A9F27F-63E2-4027-ACB6-0F5983901117} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F209A7BC-C32F-49C8-BD2B-D2AB260A25C6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {F5D77FA1-96DF-444B-B3CD-FEE200AFD5BC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-12-09 09:39 - 2016-11-29 06:27 - 01729312 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-09 09:39 - 2016-11-29 06:27 - 02084304 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-12-09 09:39 - 2016-11-29 06:27 - 01713104 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-07-16 09:25 - 2016-07-16 09:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-10 10:15 - 2016-11-11 08:56 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-10 10:15 - 2016-11-11 08:56 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-31 05:02 - 2016-10-31 05:02 - 01383616 _____ () C:\Users\Spirit\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-07-16 09:25 - 2016-07-16 09:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-10 10:15 - 2016-11-11 08:23 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-10 09:00 - 2016-11-02 11:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-10 09:00 - 2016-11-02 11:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-31 13:09 - 2016-10-31 13:09 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-10 09:00 - 2016-11-02 11:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-10 09:00 - 2016-11-02 11:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-11-17 08:59 - 2016-11-17 09:00 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2016-11-17 08:59 - 2016-11-17 09:00 - 00151552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-11-17 08:59 - 2016-11-17 09:00 - 29915136 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x86__kzf8qxf38zg5c\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2016-12-07 12:23 - 00000830 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1562041459-4216995153-4248193827-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "IAAnotif" HKLM\...\StartupApproved\Run: => "ISUSScheduler" HKLM\...\StartupApproved\Run: => "BCSSync" HKU\S-1-5-21-1562041459-4216995153-4248193827-1000\...\StartupApproved\Run: => "ISUSPM Startup" HKU\S-1-5-21-1562041459-4216995153-4248193827-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1562041459-4216995153-4248193827-1000\...\StartupApproved\Run: => "Messenger (Yahoo!)" HKU\S-1-5-21-1562041459-4216995153-4248193827-1000\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808 FirewallRules: [{94B58B5E-7519-400D-A8C5-0712BC28CF06}] => C:\Program Files\AVG\Av\avgmfapx.exe FirewallRules: [{AA24B666-D7C3-4499-B8A8-94A4379A2A7A}] => C:\Program Files\AVG\Av\avgmfapx.exe FirewallRules: [{DAB023FA-B333-47D3-9D4C-FC6DE813C28D}] => C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [UDP Query User{C426D767-E3C1-464E-A336-3E229160F4B9}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{1D72DBB1-8641-4AFB-BB46-F948753DE44E}C:\program files\mozilla firefox\firefox.exe] => C:\program files\mozilla firefox\firefox.exe FirewallRules: [{3BDBFED2-BE9E-4E0A-AD58-749C47F27EE2}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{D44F788B-E2B1-45F3-97EC-BBDBCA15C2B9}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{F2697E85-5C98-4C6F-B71D-E1C019942365}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{EA421DAB-AFE6-42C0-83AB-92D8C27D8BF6}] => C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{5C4BD326-6E07-4CE5-AF25-DFA53E8047E5}] => C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 19-11-2016 08:51:50 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 26-11-2016 12:20:59 Scheduled Checkpoint 28-11-2016 10:10:05 RegCure Pro Backup 06-12-2016 12:25:37 Scheduled Checkpoint 10-12-2016 12:00:48 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/12/2016 10:06:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: plugin-container.exe, versie: 50.0.2.6177, tijdstempel: 0x583e5197 Naam van module met fout: mozglue.dll, versie: 50.0.2.6177, tijdstempel: 0x583e4b91 Uitzonderingscode: 0x80000003 Foutmarge: 0x0000ed43 Id van proces met fout: 0x24c4 Starttijd van toepassing met fout: 0x01d2544d783b6e67 Pad naar toepassing met fout: C:\Program Files\Mozilla Firefox\plugin-container.exe Pad naar module met fout: C:\Program Files\Mozilla Firefox\mozglue.dll Rapport-id: 1075f2cc-00cc-474c-9315-b37dc64f09bf Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (12/12/2016 10:00:04 AM) (Source: MsiInstaller) (EventID: 11706) (User: TimeLine) Description: Product: Update Manager -- Error 1706.No valid source could be found for product Update Manager. The Windows Installer cannot continue. Error: (12/12/2016 09:32:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Naam van toepassing met fout: DaS_21.exe, versie: 2.1.0.4, tijdstempel: 0x540c90b2 Naam van module met fout: KERNELBASE.dll, versie: 10.0.14393.479, tijdstempel: 0x58256d13 Uitzonderingscode: 0xe0434352 Foutmarge: 0x000c24c2 Id van proces met fout: 0x17b8 Starttijd van toepassing met fout: 0x01d254523aef85bb Pad naar toepassing met fout: C:\Users\Spirit\AppData\Local\Temp\DaS_21.exe Pad naar module met fout: C:\WINDOWS\System32\KERNELBASE.dll Rapport-id: 5d3681b9-bb78-4ce2-af20-1ce63ecbcac9 Volledige pakketnaam met fout: Relatieve toepassings-id van pakket met fout: Error: (12/12/2016 09:32:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Toepassing: DaS_21.exe Framework-versie: v4.0.30319 Beschrijving: het proces is beëindigd als gevolg van een onverwerkte uitzondering. Uitzonderingsinformatie: System.ArgumentOutOfRangeException bij System.String.Substring(Int32, Int32) bij DriverAndServicesOut.GetProcess.GetPathName(System.String) bij DriverAndServicesOut.GetProcess.GetAllServices(System.String) bij DriverAndServicesOut.Program.Main(System.String[]) Error: (12/12/2016 09:32:17 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/12/2016 09:31:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (12/12/2016 08:42:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TimeLine) Description: Het activeren van de app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 is mislukt door de fout -2147023170. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (12/11/2016 08:55:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TimeLine) Description: Het activeren van de app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo is mislukt door de fout -2144927141. Kijk in het logboek Microsoft-Windows-TWinUI/Operational voor aanvullende informatie. Error: (12/10/2016 12:02:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (12/10/2016 11:20:14 AM) (Source: MsiInstaller) (EventID: 1013) (User: TimeLine) Description: Product: Adobe Reader 6.0.1 -- Setup has detected that you already have a more functional product installed. Setup will now terminate. System errors: ============= Error: (12/12/2016 01:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (12/12/2016 11:50:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: In de machtigingsinstellingen application-specific wordt de machtiging Activation niet verleend aan Local voor de COM-servertoepassing met CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} en APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC) die wordt uitgevoerd in de toepassingscontainer Unavailable SID (Unavailable). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services. Error: (12/12/2016 11:49:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De NetTcpActivator-service is afhankelijk van de NetTcpPortSharing-service, die vanwege de volgende fout niet kan worden gestart: Kan de service niet starten omdat deze is uitgeschakeld of omdat het geen ingeschakelde apparaten met zich heeft verbonden. Error: (12/12/2016 11:49:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De InstallerService-service kan vanwege de volgende fout niet worden gestart: Het systeem kan het opgegeven bestand niet vinden. Error: (12/12/2016 10:06:44 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (12/12/2016 10:06:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (12/12/2016 10:06:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (12/12/2016 10:06:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (12/12/2016 10:06:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error: (12/12/2016 10:06:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. CodeIntegrity: =================================== Date: 2016-12-09 13:36:19.339 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-08 15:30:24.885 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-28 11:33:59.310 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-23 12:40:48.933 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-20 11:05:03.506 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-11 08:46:15.765 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-10 10:46:29.997 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-02 11:14:39.713 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz Percentage of memory in use: 60% Total physical RAM: 3002.91 MB Available physical RAM: 1191.72 MB Total Virtual: 4026.91 MB Available Virtual: 1888.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.55 GB) (Free:251.45 GB) NTFS Drive f: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 63B215C6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 976.5 MB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================