Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016 Ran by Sebastian (2016-02-13 21:56:44) Running from C:\Users\Sebastian\Downloads Windows 10 Home (X64) (2015-12-22 19:06:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2838070824-1440406882-916843619-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2838070824-1440406882-916843619-503 - Limited - Disabled) Guest (S-1-5-21-2838070824-1440406882-916843619-501 - Limited - Disabled) Sebastian (S-1-5-21-2838070824-1440406882-916843619-1001 - Administrator - Enabled) => C:\Users\Sebastian ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2838070824-1440406882-916843619-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adguard (HKLM-x32\...\{2960946f-f694-40cd-ac0f-6550b65bd3a8}) (Version: 6.0.189.984 - Insoft LLC) Adguard (x32 Version: 6.0.189.984 - Performix LLC) Hidden Auslogics Anti-Malware (HKLM-x32\...\{A5A6F7C9-F91E-45C7-8DAA-289CBB0C817D}_is1) (Version: 1.7.0.0 - Auslogics Labs Pty Ltd) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: - Broadcom Corporation) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.695 - Broadcom Corporation) Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.00 - Canon Inc.) Canon MX470 series On-screen Manual (HKLM-x32\...\Canon MX470 series On-screen Manual) (Version: 7.6.1 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.) Canon Narzędzie szybkiego wybierania (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.4.6303 - CyberLink Corp.) Hidden CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.) CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.3.3812 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden HD Video Converter Factory Pro 9.2 (HKLM-x32\...\HD Video Converter Factory Pro) (Version: 9.2 - WonderFox Soft, Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{6AAEDF97-4B93-4169-8FCA-FCB0378CED52}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.46 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.1.52.1 - HP) HP Support Solutions Framework (HKLM-x32\...\{2AD02988-163A-45E2-AC71-530B080D1A73}) (Version: 12.0.30.473 - HP) HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.46 - Softex Inc.) Hidden Inst5676 (Version: 8.01.46 - Softex Inc.) Hidden Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation) Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation) PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 4.3.01.06011 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.3.01 - Sony Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.) Rejestracja użytkownika drukarki Canon MX470 series (HKLM-x32\...\Rejestracja użytkownika drukarki Canon MX470 series) (Version: - ‭Canon Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated) VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2838070824-1440406882-916843619-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sebastian\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F47974A-D597-4D4C-BF06-272E1202536C} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation) Task: {195AA664-AF06-474D-BA80-9994E91F8313} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company) Task: {1BBBEB21-312C-4F0B-97F8-F7E7B408F8E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard) Task: {1CED3F4D-192E-444F-85AB-EAB18C13A9EE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.) Task: {26557038-E55E-4B32-B60A-A93A6A064E7D} - System32\Tasks\HPCeeScheduleForSebastian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {30191752-9418-43AA-B20C-53E468CDAC68} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-07-02] (Hewlett-Packard) Task: {32D1F219-4749-41F2-B1B9-603670C862DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-12-21] (Hewlett-Packard Company) Task: {37A34F53-745A-45C7-AB34-7E36E938A9F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {3B5682AA-C28C-4589-8259-8606C7A8283B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3EE4A3F4-FF22-4199-8617-4BFECFDCAF7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {4048CA78-D55D-4409-B98C-D2578788B83B} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.) Task: {4590D5F7-6EE6-4857-9990-20227B25633B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {4907D9AA-659D-48F4-A55D-22927468DADB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {5589E0CB-E3EC-43CA-9982-D110E8281CC1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {5B84EC29-D9EC-4E87-B816-A83C57A2A869} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5C5567DA-4345-46DD-BB26-983C9ACE138C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-13] (Microsoft Corporation) Task: {5CEBD473-A4C5-48B0-9425-CEEEF85D75FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {649B849F-0B8C-4E77-9826-A0881AEEBE59} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {64A52875-437D-455C-A331-495C575DB918} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {64BC485C-01D7-4A3F-85E3-1FF5F6EA8533} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company) Task: {67C54970-6EF5-499D-9A1E-46D0E1B593E1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {6B22BF38-C5F2-4A40-8319-709C519AE967} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-07-02] (Hewlett-Packard) Task: {7E8A1DB9-04FA-4FC5-9C41-7BF6D6A6A938} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2014-09-15] () Task: {8A083EB4-8B86-4304-BB0E-FC83E2953D90} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation) Task: {8DC89401-F55B-4B69-9E07-D806A75B3684} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {943BC93B-5ACA-43D4-ADCE-1D4CF68E06CF} - System32\Tasks\AciIslan41 => Rundll32.exe C:\Users\SEBAST~1\AppData\Local\SMOOTE~1\Smsegment.dll,Enum Task: {9A8D3C4B-4915-4F3F-83E5-B30CE535DFF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard) Task: {9CADB475-D2D9-4C18-B8B6-6F3F0AF09276} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.) Task: {A5A92D6F-7E5D-4368-9827-01E60F56B195} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B45918AE-A47B-492E-A11D-2A75A25E486C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation) Task: {B9655046-977C-4DDB-A6D0-483BEE85AE86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.) Task: {C1E61B8D-3686-4CDF-8773-0F6A553FF94F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation) Task: {D7C7466A-A035-4B24-8FC9-168A9B539C20} - System32\Tasks\Auslogics\Anti-Malware\Start Anti-Malware оn Sebastian logon => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe [2015-12-08] (Auslogics) Task: {E131F148-5049-41EA-BCB6-2D9E6E61DB8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {E42B3DA2-4094-4E3E-9D83-496B38937944} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-07-02] (Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AciIslan41.job => C:\WINDOWS\system32\rundll32.exe C:\Users\SEBAST~1\AppData\Local\SMOOTE~1\Smsegment.dll Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForSebastian.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.booking.com/index.en-us.html?aid=398438&label=dticon ==================== Loaded Modules (Whitelisted) ============== 2015-04-13 13:04 - 2013-06-28 06:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 2015-06-25 09:32 - 2014-04-14 17:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-23 00:21 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-23 00:21 - 2015-11-22 10:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-02-01 20:03 - 2016-02-01 20:03 - 01426424 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL 2016-02-01 20:03 - 2016-02-01 20:03 - 00140280 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL 2015-06-25 10:15 - 2015-02-09 02:48 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll 2015-06-25 10:15 - 2013-12-30 01:20 - 01339352 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\PLK\P2GRC.dll 2015-06-25 10:15 - 2011-07-01 12:45 - 00770856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\runtime\mediacache\MediaObj.dll 2015-06-25 10:15 - 2015-02-09 02:48 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll 2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2016-02-10 21:12 - 2016-02-09 11:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll 2016-02-10 21:12 - 2016-02-09 11:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2015-09-11 18:29 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2838070824-1440406882-916843619-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{7e816961-2338-4e8e-b2cb-acd8a1ca082e}.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKU\S-1-5-21-2838070824-1440406882-916843619-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-2838070824-1440406882-916843619-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2F0711205C7292E7EE0F1172A986D667" HKU\S-1-5-21-2838070824-1440406882-916843619-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [TCP Query User{E688DC72-EDCB-46B3-ACA3-556F6D88FD8F}C:\users\sebastian\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sebastian\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{83824F7F-B1A3-4015-9D9F-E5CE18778D96}C:\users\sebastian\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sebastian\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{0C6F61C1-69AD-48C6-BB3B-03D51CFE6967}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{FC873228-429A-4082-A607-0EE609FCD862}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{EC78478A-48E4-4E98-88DE-6D6288F42006}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{24F1C047-5A28-405E-887F-1AE986F00817}] => (Allow) C:\Program Files (x86)\Adguard\AdguardSvc.exe ==================== Restore Points ========================= 28-01-2016 20:24:38 Scheduled Checkpoint 31-01-2016 20:03:13 HPSF Applying updates 09-02-2016 10:32:16 Removed Evernote v. 5.8.13 11-02-2016 15:48:11 Usunięte Call of Duty(R) 4 - Modern Warfare(TM) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. Error: (02/13/2016 09:57:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP) Description: Aktywacja aplikacji Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 nie powiodła się. Błąd: -2144927141. Więcej informacji można znaleźć w dzienniku Microsoft-Windows-TWinUI/Działa. System errors: ============= Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:31 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:30 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca Error: (02/13/2016 09:57:30 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: App.AppXck5aaxyarfx8gxrgfk6pvakmmxeqvepc.mca CodeIntegrity: =================================== Date: 2016-02-13 20:47:42.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-12 02:12:07.756 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 12:58:47.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 12:58:21.397 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 12:57:14.433 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 12:22:02.858 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-11 01:50:36.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-31 03:40:04.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-13 04:22:57.236 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-11 20:30:33.484 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz Percentage of memory in use: 34% Total physical RAM: 8114.27 MB Available physical RAM: 5286.76 MB Total Virtual: 9394.27 MB Available Virtual: 6318.75 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:906.37 GB) (Free:481.89 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:23.28 GB) (Free:2.61 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F376C629) Partition: GPT. ==================== End of Addition.txt ============================