Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015 Ran by Ed (2015-10-10 07:13:52) Running from C:\Users\Ed\Desktop Windows 10 Home (X64) (2015-08-04 16:50:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1109757102-2323827611-3227408454-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1109757102-2323827611-3227408454-503 - Limited - Disabled) Ed (S-1-5-21-1109757102-2323827611-3227408454-1002 - Administrator - Enabled) => C:\Users\Ed Guest (S-1-5-21-1109757102-2323827611-3227408454-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-1109757102-2323827611-3227408454-1002\...\Amazon Kindle) (Version: - Amazon) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.241 - Amazon) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArtRage 4 (HKLM-x32\...\ArtRage 4 4.5.6) (Version: 4.5.6 - Ambient Design) ArtRage 4 (Version: 4.5.6 - Ambient Design) Hidden ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.10 - ASUSTeK Computer Inc.) Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.1.1.0 - Autodesk) Autodesk Pixlr (x32 Version: 1.1.1.0 - Autodesk) Hidden AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.) AVS Audio Editor 8.0 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 8.0.2.501 - Online Media Technologies Ltd.) AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.4.534 - Online Media Technologies Ltd.) AVS Document Converter 3.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 3.0.1.237 - Online Media Technologies Ltd.) AVS Image Converter 4.0.1.280 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.1.280 - Online Media Technologies Ltd.) AVS Media Player 4.2.5.108 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.5.108 - Online Media Technologies Ltd.) AVS Photo Editor 2.3.3.147 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.3.147 - Online Media Technologies Ltd.) AVS Registry Cleaner 3.0.2.271 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 3.0.2.271 - Online Media Technologies Ltd.) AVS Video Converter 9.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.1.4.574 - Online Media Technologies Ltd.) AVS Video Editor 7.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.1.3.263 - Online Media Technologies Ltd.) AVS Video ReMaker 5.0.1.172 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 5.0.1.172 - Online Media Technologies Ltd.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.18.1035 - Bitdefender) Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.18.1037 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre 64bit (HKLM\...\{7159D1E5-62F5-42C9-825E-BE613B5DFB0F}) (Version: 2.38.0 - Kovid Goyal) Cisco Valet Connector (HKLM-x32\...\Cisco Valet Connector) (Version: 1.2.10148.2 - Cisco Consumer Products LLC) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin BaseCamp (HKLM-x32\...\{11172DEF-77A3-418C-B980-EF0D097CA237}) (Version: 4.5.1 - Garmin Ltd or its subsidiaries) Garmin City Navigator North America NT 2016.10 (HKLM-x32\...\{F9390291-4BC2-411B-A41E-A843AC632FB1}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden OneClickdigital Media Manager (HKLM-x32\...\{FDFDEC8B-1047-49D8-B2D2-45C0B02F92FC}) (Version: 67.0.0.0 - Recorded Books) Online Backup (HKLM-x32\...\Online Backup) (Version: 2.33 - www.backup.com) Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) TwistedBrush Pro Studio (HKU\S-1-5-21-1109757102-2323827611-3227408454-1002\...\TwistedBrush Pro Studio) (Version: - ) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Средства проверки правописания Microsoft Office 2013 — русский (HKLM\...\{90150000-001F-0419-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 21-09-2015 06:10:00 Windows Backup 25-09-2015 08:07:03 Windows Update 26-09-2015 10:36:21 Windows Modules Installer 27-09-2015 19:00:36 Windows Backup 01-10-2015 01:58:01 Windows Update 04-10-2015 20:15:26 Windows Backup 07-10-2015 06:14:34 Removed AMD Catalyst Control Center 10-10-2015 06:17:18 Windows Update 10-10-2015 06:19:05 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 06:04 - 2015-10-10 07:02 - 00000970 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09275E68-CD04-40D8-9210-7F73BD4F87C1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {202BF44F-4942-499D-994C-30E0BE61DCE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] () Task: {2DC0CFD3-0700-45AA-BEB2-9A2DEDF645EA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation) Task: {3859A224-B599-47BC-BDBB-07831B667C6F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-04] (Dropbox, Inc.) Task: {73991EE6-1430-4DB8-A75F-FDA62E0B886F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {81CA4896-3E17-48BF-B90C-03B0075BDC41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-04] (Google Inc.) Task: {82F4103A-7648-4302-90D3-E55AF51DE782} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {92EBD6EF-A5E1-4CA8-8472-D7F9708F485B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-04] (Dropbox, Inc.) Task: {A98C7940-FDBF-4FA1-87A5-B87B7C7B943A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation) Task: {B9F465E5-B5E6-494F-80CA-B24189E00E55} - System32\Tasks\Quicken Back up => C:\Program Files (x86)\Quicken\qw.exe [2015-05-16] (Intuit Inc.) Task: {C5BA2F06-2B5B-48F3-B6D8-E86DF0FC1837} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-08-04 12:38 - 2015-08-04 12:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-09-28 11:16 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll 2015-09-28 11:16 - 2015-10-05 17:56 - 00338216 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdconnect.dll 2015-09-28 11:16 - 2015-09-04 17:39 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl 2015-09-28 11:16 - 2015-09-04 17:39 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl 2015-09-28 11:16 - 2015-09-04 17:39 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl 2015-09-28 11:16 - 2015-09-04 17:39 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl 2015-08-18 21:38 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-20 11:25 - 2012-06-01 17:42 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-08-04 11:56 - 2015-08-04 11:56 - 00045056 _____ () C:\WINDOWS\SysWOW64\UTSCSI.EXE 2015-08-04 10:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-10-01 01:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 01:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-09-15 06:06 - 2015-08-11 22:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-10-01 01:32 - 2015-09-17 00:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll 2015-10-01 01:30 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-01 01:30 - 2015-09-17 00:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll 2015-09-25 10:18 - 2014-08-19 12:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2015-10-01 01:31 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-10-01 01:32 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-01 01:32 - 2015-09-17 00:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-10-01 01:30 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-01 01:32 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll 2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2015-10-10 06:07 - 2015-10-10 06:08 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll 2015-08-04 10:25 - 2015-08-04 10:25 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll 2015-08-08 09:00 - 2015-08-08 09:00 - 07502848 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.Services.dll 2015-08-08 09:00 - 2015-08-08 09:00 - 01384960 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.4.9241.0_x64__8wekyb3d8bbwe\cpprest140_uwp_2_6.dll 2015-08-29 03:14 - 2015-08-29 03:14 - 07246336 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\candycrushsaga.exe 2015-10-10 06:06 - 2015-10-10 06:07 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe 2015-08-20 11:25 - 2015-10-07 21:21 - 00023040 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2015-08-20 11:25 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2015-08-04 10:24 - 2015-08-04 10:28 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 01288192 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\SB_LIBEAY32.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 00080384 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\libEGL.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 02076672 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\libGLESv2.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 00257536 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\curl.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 00293888 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\SB_SSLEAY32.dll 2015-08-04 10:10 - 2015-08-04 10:15 - 00066560 _____ () C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.580.0.0_x86__kgqvnymyfvs32\zlib.dll 2015-10-10 06:06 - 2015-10-10 06:07 - 12114432 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.dll 2015-10-09 06:09 - 2015-10-09 06:09 - 00938496 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll 2015-08-04 10:24 - 2015-08-04 10:24 - 03517616 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll 2015-09-09 07:05 - 2015-09-09 07:05 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll 2015-09-25 08:07 - 2015-09-25 08:07 - 01020928 _____ () C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\9oydo27w.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Ed\Desktop\FRST64.exe:BDU ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1109757102-2323827611-3227408454-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 68.105.28.12 - 68.105.29.12 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "BambooCore" HKU\S-1-5-21-1109757102-2323827611-3227408454-1002\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-1109757102-2323827611-3227408454-1002\...\StartupApproved\Run: => "Bitdefender Wallet Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{BDCD0D2E-F3FE-40F8-9EA8-C458CD947839}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{E380C59C-3519-4704-8A8C-9365B58B759C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C9C0F890-03B3-4771-B22C-8EE906E69C2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{208E2E8D-93A4-4446-862E-C937EFA187F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9C0960B9-E001-4064-BE97-2D9B5C541E7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7E1E97AB-B835-4B8F-B692-BEBD39CABD7A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{75FA3953-12A8-48B5-B662-3980AD024208}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{78A6E51A-A2A1-447E-ABFF-3089F7C82831}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{EF0E69B8-8FF6-4A1D-9A51-A472583EA4FF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{ECBFA2D3-8303-42C3-9559-3C4E169FA1D9}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{44CDAA7A-A2A1-4AB5-A33F-683DD077FDFB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{7B001077-C53C-4231-A3CB-22DC73B12390}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{938E02E1-506A-418F-8651-1CC793C207D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{C7C3E1A4-9148-4389-A974-3923CF9D6070}C:\users\ed\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\ed\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [UDP Query User{6606DBFF-05CD-43F1-8507-A4C26EBB46A2}C:\users\ed\appdata\local\temp\rarsfx2\x32\pcsftool.exe] => (Allow) C:\users\ed\appdata\local\temp\rarsfx2\x32\pcsftool.exe FirewallRules: [TCP Query User{DF1C3018-21AC-4DFE-9F0A-D8C8212D586C}C:\users\ed\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\ed\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [UDP Query User{F9DE654D-8F14-4433-A000-CAE865AEFA8C}C:\users\ed\appdata\local\temp\rarsfx2\x64\pcsftool.exe] => (Allow) C:\users\ed\appdata\local\temp\rarsfx2\x64\pcsftool.exe FirewallRules: [{2F120993-4D2A-4614-AFBC-DC53543406ED}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/10/2015 06:19:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (10/10/2015 06:17:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (10/09/2015 09:36:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DO6GGUR) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2015 08:31:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-DO6GGUR) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2015 08:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 47410250 Error: (10/09/2015 08:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 47410250 Error: (10/09/2015 08:30:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/09/2015 07:20:41 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1610 Error: (10/09/2015 07:20:41 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1610 Error: (10/09/2015 07:20:41 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (10/09/2015 09:36:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DO6GGUR) Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca Error: (10/09/2015 09:36:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/09/2015 09:36:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/09/2015 09:36:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/09/2015 09:36:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/09/2015 07:20:42 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (10/08/2015 08:19:44 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-DO6GGUR) Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaUnavailableUnavailable Error: (10/08/2015 08:19:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-DO6GGUR) Description: CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca Error: (10/08/2015 08:19:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (10/08/2015 08:19:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2015-09-26 21:38:09.332 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-26 21:38:09.303 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-26 21:38:09.032 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-26 21:38:08.882 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 10:23:40.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-25 10:23:40.511 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-21 17:37:59.733 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-21 17:37:59.705 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-21 17:37:59.669 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-21 17:37:59.646 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics Percentage of memory in use: 46% Total physical RAM: 5590.52 MB Available physical RAM: 3002.73 MB Total Virtual: 6486.52 MB Available Virtual: 3259.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:930.56 GB) (Free:831.28 GB) NTFS Drive f: (Back) (Fixed) (Total:900.27 GB) (Free:224.77 GB) NTFS Drive g: (From old) (Fixed) (Total:962.74 GB) (Free:802.99 GB) NTFS Drive j: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7042AFC2) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 03833706) Partition 1: (Active) - (Size=900.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=962.7 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 124 MB) (Disk ID: 6F20736B) No partition Table on disk 3. Disk 3 is a removable device. ==================== End of Addition.txt ============================