Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017 Ran by Danielle (18-05-2017 11:46:41) Running from C:\Users\Danielle\Downloads Windows 7 Enterprise Service Pack 1 (X64) (2015-12-15 12:43:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Danielle (S-1-5-21-4277049813-1552598357-2010247912-1003 - Administrator - Enabled) => C:\Users\Danielle DBol (S-1-5-21-4277049813-1552598357-2010247912-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4277049813-1552598357-2010247912-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems) Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\{3CA17ADC-2146-49C2-A375-972BB57CF7F6}) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies) AVG (Version: 1.181.4 - AVG Technologies) Hidden AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies) Configuration Manager Client (Version: 5.00.8239.1000 - Microsoft Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.) De Sims™ 3 Luxe Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) De Sims™ 3 Na Middernacht (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts) De Sims™ 3 Sim Creëren (HKLM-x32\...\{89173B88-384A-459B-B687-9C0BBC934EF4}) (Version: 1.0.26 - Electronic Arts) De Sims™ 3 Studententijd (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell ControlVault Host Components Installer 64 bit (Version: 2.3.309.1625 - Broadcom Corporation) Hidden Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.) Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.) FMW 1 (Version: 1.192.3 - AVG Technologies) Hidden GemPcCCID (Version: 2.0.1 - Gemalto) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Internet Explorer 11 (x32 Version: 11.0 - Microsoft Corporation) Hidden Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0413-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.) PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.9.15.0 - Optimal Software s.r.o.) <==== ATTENTION PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.) Product Improvement Study for HP ENVY 4520 series (HKLM\...\{B722B235-7C2E-46B0-8DA8-69B01FE5E886}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {047D90C6-D1A3-43FB-8937-1F16485AA3D2} - System32\Tasks\UDI_Regcleanup => reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v RunAppInstall /f Task: {2EE4EA8F-19C1-432B-B945-0E6FD806AD24} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {51B13406-F012-496A-BDAB-D4C142D520C5} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-04-14] (Microsoft Corporation) Task: {610D0CD3-1FD8-4971-82EA-C750F883F445} - System32\Tasks\UDI_cleanup => cmd /c rd /s /q C:\Windows\UDI Task: {7704260D-1366-4790-A753-895CD23DA5DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-06] (Google Inc.) Task: {78106E58-5023-4B4B-B46D-5DC0B08E7D23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-15] (Adobe Systems Incorporated) Task: {8EEC21B3-0CF9-41A4-9C5B-9A527F1CA204} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe Task: {A2F6C08D-01F9-42E5-ABD8-E1C4DE7C3615} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-04-03] (AVG Technologies CZ, s.r.o.) Task: {C8412CA4-3B2E-4A2D-9638-D1A9BDB1EE7C} - System32\Tasks\{060CCC91-84A1-471D-9117-A0FF5DD91EEF} => pcalua.exe -a "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe" -c -remove Task: {C8ACF98E-57C1-44B2-AE5B-CBC44EA7B843} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2016-01-28] (Optimal Software s.r.o.) <==== ATTENTION Task: {DBF7695D-3F4F-406A-A1AC-DC32116B155F} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [2015-03-09] (Hewlett-Packard Development Company, LP) Task: {DDD6DAAD-0260-4998-8EA9-AE9BCD329FD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-06] (Google Inc.) Task: {F4CC1D78-F172-443C-8991-17C0AEA92952} - System32\Tasks\{0752D471-7C2F-403C-B3EB-0DB502756735} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.17.0.106&LastError=404 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\App-opstartprogramma van Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\App-opstartprogramma van Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\The Sims FreePlay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Danielle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safesurfs.net/?ssid=1472496541&a=1054667&src=sh&uuid=898637f4-5333-4709-b410-570652a43b5b" ==================== Loaded Modules (Whitelisted) ============== 2015-12-15 17:59 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00163016 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\vaarclient.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00791536 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\ffl2.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00276760 _____ () c:\Program Files (x86)\AVG\Antivirus\x64\StreamBack.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-10-03 04:45 - 2011-10-03 04:45 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-10-15 20:08 - 2010-10-15 20:08 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2016-08-29 20:49 - 2012-01-16 21:06 - 00577621 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll 2017-05-18 10:59 - 2017-05-18 11:00 - 05978624 _____ () C:\Program Files (x86)\AVG\Antivirus\defs\17051802\algo.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 00231616 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll 2016-11-28 20:29 - 2016-11-28 20:29 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll 2017-04-03 14:38 - 2017-04-03 14:38 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2016-08-29 20:51 - 00001006 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: 89.101.251.229 - 89.101.251.228 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 4) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{5AD841DB-43BD-4231-B620-4C07EF038925}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe FirewallRules: [{1356A084-0F05-41C2-9FCD-C43457DA2E60}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe FirewallRules: [{707556DB-FAD6-4E5D-A8B0-BB1A9D32479D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe FirewallRules: [{4D3EFD98-E814-40D7-B5A3-2351AD92872A}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe FirewallRules: [{259ECF67-F3A1-4CED-9412-B7830E45B819}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{86F256C4-0962-4ADB-8796-AC5320E60BDF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{73D662E4-4A0F-40A2-ACEF-9738BCA19940}] => (Allow) C:\Users\Danielle\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{E007D4B6-B618-46A3-A636-F28C094EF949}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0FE1461D-716E-4BE2-9351-863C38BCC1F7}] => (Allow) LPort=2869 FirewallRules: [{BF10A78D-3982-4C85-8BF5-462B0C6D4DC4}] => (Allow) LPort=1900 FirewallRules: [{82AA002A-D107-48F8-96CD-8935EBE9BDCD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{EA9A635E-B468-4889-83CC-2235A27820F4}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe FirewallRules: [TCP Query User{ACA16D00-FE89-4016-8C73-FF8941F8A081}C:\users\danielle\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\danielle\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{EDD7ECF1-DD87-45AF-81ED-A91DF399BF5C}C:\users\danielle\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\danielle\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{8B9418CF-D86E-44FB-8A8B-1ED8A86D7794}C:\users\danielle\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielle\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{3FF803A0-F849-4E0D-841B-220E1029F5E9}C:\users\danielle\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\danielle\appdata\roaming\spotify\spotify.exe FirewallRules: [{57982D36-0188-496B-9C0C-08D878FC0355}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{8BCA235B-F266-49C2-8F27-F315B4E44EFD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{C14F159D-884F-4225-8548-EA0432B30AC4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{54498CCD-429D-4B86-A9BF-B827348E1FCC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{531F3B74-47D1-4632-B1E6-48B3B97A76F6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{A0788EB0-B46E-4737-9167-4D1F1DBE5E7E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{4EA9AD28-1C02-43DF-B65E-766710E419CD}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe FirewallRules: [{E50970C4-DC17-47A9-8862-1B1944148167}] => (Allow) LPort=5357 FirewallRules: [{19229203-38E4-42EB-83B3-545709238865}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{99481E4D-BDD0-4C5E-A7D0-35E4A8F463E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 17-05-2017 23:35:40 Removed Windows Movie Maker 2.6 17-05-2017 23:40:27 Removed Visual Studio 2012 x64 Redistributables 17-05-2017 23:43:07 Removed Skype™ 7.33 17-05-2017 23:55:27 Windows Backup 18-05-2017 00:43:47 DirectX is geïnstalleerd. 18-05-2017 00:45:29 DirectX is geïnstalleerd. 18-05-2017 00:48:56 DirectX is geïnstalleerd. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/18/2017 11:10:04 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Het programma Explorer.EXE, versie 6.1.7601.23418 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm. Proces-id: 1594 Starttijd: 01d2cf507d72072a Eindtijd: 0 Toepassingspad: C:\Windows\Explorer.EXE Rapport-id: Error: (05/18/2017 11:10:04 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Het programma FRST64.exe, versie 14.5.2017.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm. Proces-id: 11dc Starttijd: 01d2cfb504283962 Eindtijd: 2 Toepassingspad: C:\Users\Danielle\Downloads\FRST64.exe Rapport-id: Error: (05/18/2017 12:34:27 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: De back-up is niet geslaagd. Fout: The request could not be performed because of an I/O device error. (0x8007045D). Error: (05/18/2017 12:28:21 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Het programma RSITx64.exe, versie 0.0.0.0 reageert niet meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in het Configuratiescherm. Proces-id: 1348 Starttijd: 01d2cf5b1fa25562 Eindtijd: 3 Toepassingspad: C:\Users\Danielle\Downloads\RSITx64.exe Rapport-id: Error: (05/18/2017 12:06:07 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Kan activeringscontext voor C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe niet maken. Fout in manifest of beleidsbestand op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/18/2017 12:06:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Kan activeringscontext voor C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe niet maken. Fout in manifest of beleidsbestand op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/17/2017 11:27:17 PM) (Source: Windows Backup) (EventID: 4100) (User: ) Description: De back-up is niet met succes voltooid omdat er geen schaduwkopie kan worden gemaakt. Maak schijfruimte vrij op de schijf waarvan u een back-up maakt door onnodige bestanden te verwijderen en probeer het opnieuw. Error: (05/17/2017 11:27:16 PM) (Source: VSS) (EventID: 12298) (User: ) Description: Fout in de Volume Shadow Copy-service: de I/O-schrijfbewerkingen kunnen niet worden vastgelegd tijdens het maken van de schaduwkopie op volume \\?\Volume{7bc8e976-a328-11e5-8bb3-806e6f6e6963}\. De volume-index in de set met schaduwkopieën is 0. Foutdetails: Openen [0x00000000, The operation completed successfully. ], Leegmaken[0x00000000, The operation completed successfully. ], Vrijgeven[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced. ], Uitvoeren[0x00000000, The operation completed successfully. ]. Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (05/17/2017 11:13:30 PM) (Source: Windows Backup) (EventID: 4100) (User: ) Description: De back-up is niet met succes voltooid omdat er geen schaduwkopie kan worden gemaakt. Maak schijfruimte vrij op de schijf waarvan u een back-up maakt door onnodige bestanden te verwijderen en probeer het opnieuw. Error: (05/17/2017 10:26:38 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Kan activeringscontext voor C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe niet maken. Fout in manifest of beleidsbestand op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. System errors: ============= Error: (05/18/2017 11:40:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: De machtigingsinstellingen (application-specific) verlenen geen machtiging aan Launch (Local) voor de COM-servertoepassing met CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} en APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services. Error: (05/18/2017 11:40:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: De Origin Web Helper Service-service kan vanwege de volgende fout niet worden gestart: De service heeft de start- of stuuropdracht niet op juiste wijze beantwoord. Error: (05/18/2017 11:40:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Time-out (60000 seconden) tijdens het wachten op het verbinden van deze service: Origin Web Helper Service. Error: (05/18/2017 11:38:48 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: De vorige afsluiting van het systeem om 11:37:29 op ‎18-‎05-‎2017 is onverwacht gebeurd. Error: (05/17/2017 11:27:16 PM) (Source: volsnap) (EventID: 8) (User: ) Description: Er heeft een time-out van de bewerking voor het leegmaken en vastleggen van schrijfbewerkingen op volume C: plaatsgevonden tijdens het wachten op een opdracht voor het vrijgeven van schrijfbewerkingen. Error: (05/17/2017 11:25:45 PM) (Source: volsnap) (EventID: 15) (User: ) Description: De schaduwkopieën van volume C: zijn afgebroken vanwege onvoldoende wisselbare heap. Error: (05/17/2017 10:59:09 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: De server {51FA2736-5DEE-11D4-98E8-006008BF430C} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd. Error: (05/17/2017 10:58:31 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: De server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} heeft zich binnen de vereiste termijn niet bij DCOM geregistreerd. Error: (05/17/2017 10:08:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: De machtigingsinstellingen (application-specific) verlenen geen machtiging aan Launch (Local) voor de COM-servertoepassing met CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885} en APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} aan de gebruiker NT AUTHORITY\SYSTEM SID (S-1-5-18) met het adres LocalHost (Using LRPC). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerdershulpprogramma van Component Services. Error: (05/17/2017 10:04:11 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: DCOM kreeg foutmelding '1053' bij het starten van de MSIServer-service met de argumenten '' om de server {000C101C-0000-0000-C000-000000000046} te starten ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz Percentage of memory in use: 48% Total physical RAM: 3977.05 MB Available physical RAM: 2054.41 MB Total Virtual: 8252.29 MB Available Virtual: 6308.07 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:465.27 GB) (Free:227.32 GB) NTFS Drive f: (BDEDrive) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E01142F9) Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================