Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by arsteige (2016-03-28 08:41:07) Running from C:\Users\arsteige\Downloads Windows 8.1 (X64) (2015-08-15 17:51:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1528496886-270073939-2523521886-500 - Administrator - Disabled) arsteige (S-1-5-21-1528496886-270073939-2523521886-1001 - Administrator - Enabled) => C:\Users\arsteige Guest (S-1-5-21-1528496886-270073939-2523521886-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1528496886-270073939-2523521886-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.) DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 3.8.142.1 - Intel Security) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.183 - McAfee, Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2036 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1528496886-270073939-2523521886-1001\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden ProScore Email 1.0 (HKLM-x32\...\ProScore Email Support_is1) (Version: - Auburn Electronics Group, Inc.) ProScore v5 (HKLM-x32\...\AEG-PROSCORE5_is1) (Version: 5.1.2 - Auburn Electronics Group) Punch! Home Design - Architectural Series (HKLM-x32\...\Punch! Home Design - Architectural Series) (Version: - ) Punch! Landscape, Deck and Patio Designer (HKLM-x32\...\{EA87AC40-8BE6-4357-9812-5C5AA1ADA1D5}) (Version: 14.2.3 - Punch! Software, LLC) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4008.2403 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.25.108.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7514 - Realtek Semiconductor Corp.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) Sweet Home 3D version 2.1 (HKLM-x32\...\Sweet Home 3D_is1) (Version: - eTeks) The Print Shop 12 (HKLM-x32\...\{3DD1FE66-5536-41E3-B786-70068887B3F4}) (Version: - Broderbund LLC) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.3.532 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {107942E5-8B9A-46B8-BA12-C9C618C8B316} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {1533F627-C3E5-40F1-82DC-8D5FCC2461AB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {17674EBE-9091-486A-A4DC-62B1CF717C49} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION Task: {1AF13274-8BCD-4D6D-85AA-0B0CD053AE51} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation) Task: {1DBB8120-7452-4F66-85BD-84EA4AE33DC8} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.) Task: {1F9B4635-C2A9-4EC6-B0DF-0190C620997D} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {21460AAC-17BC-43A0-81A4-57EF76CC9496} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.) Task: {2F3C57A6-B828-4BAE-BDFA-AB1BCE33152E} - System32\Tasks\DNSWALTERS => C:\Program Files (x86)\DNS Unlocker\dnswalters.exe <==== ATTENTION Task: {2FB48729-E925-47BE-B742-D47CD0A18476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.) Task: {345FD385-286F-4B81-9C92-27EF52ACE6DB} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {4767F5A3-C816-4395-A010-62271CA849B2} - System32\Tasks\{32E43B32-5E45-A6A2-B2EF-EE04F46D2867} => C:\Windows\system32\regsvr32.exe [2014-10-28] (Microsoft Corporation) Task: {479FBE31-8874-4C4A-A095-08B4217FB069} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-02] (Microsoft Corporation) Task: {47DD8DC7-0CA9-4B0F-B123-AF1AC268E6E5} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1528496886-270073939-2523521886-1001 => C:\Users\arsteige\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-03-13] (Microsoft Corporation) Task: {4E72AAB6-F12E-4851-A68C-808DBB54743A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {87B837AE-F124-4A8E-98B1-FAE5D91EE98C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-05-15] (Realtek Semiconductor) Task: {910DB859-8CA6-4AC8-A05E-7884580326A8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {A86113CC-3AB0-4EFC-9602-2990F12E8550} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {B0F4C23B-DAA7-4635-B4E2-4577131B08DE} - System32\Tasks\{69E6356F-B762-4484-BF69-7E7D9E56FDA6} => pcalua.exe -a C:\PROGRA~2\BRODER~1\THEPRI~1\ps.exe -d "E:\IRRIGATION M.D" -c "E:\IRRIGATION M.D\Proposal Sheet - Customer Copy.sig" Task: {B5289C5D-1D00-4839-9C14-2043EFF01820} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor) Task: {B5D97100-4CBB-4504-92F1-6BC6385CCDC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {B81FDCD3-648F-4D22-BCC4-20DF8DBCA93D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.) Task: {BEB4D32A-C04C-4292-A06A-165FDE6B4E74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.) Task: {C1AA9627-E598-4A35-AEB2-356016A3D2CA} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.) Task: {C7D6F22A-D4D1-4367-BD24-BFD3E6053009} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {E5D26483-F9C8-4EDA-B3E8-D181A6E22B5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {EB00D574-5751-4490-96C3-F8369FFA6174} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {F947D282-7130-4A10-81C5-A5C60C3207D5} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {FDEB8684-B9D6-4D61-A6A7-8560877DD2DA} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-11] (McAfee, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-04 09:04 - 2016-02-28 02:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-12-07 11:14 - 2010-09-07 02:47 - 07809536 _____ () C:\ProScore5\Server\nxServer.exe 2016-03-14 21:17 - 2016-02-28 05:22 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-03-14 15:35 - 2016-03-14 15:35 - 03596544 _____ () C:\Program Files\Intel Security\True Key\Application\truekey.exe 2016-03-14 15:35 - 2016-03-14 15:35 - 59692480 _____ () C:\Program Files\Intel Security\True Key\Application\libcef.dll 2014-04-02 16:46 - 2014-04-02 16:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 16:46 - 2014-04-02 16:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 16:46 - 2014-04-02 16:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 16:46 - 2014-04-02 16:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-04 01:46 - 2015-11-04 01:46 - 00623384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll 2015-11-04 01:46 - 2015-11-04 01:46 - 00582424 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll 2015-11-04 01:48 - 2015-11-04 01:48 - 00021272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll 2015-11-04 01:48 - 2015-11-04 01:48 - 00142616 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll 2015-11-04 01:47 - 2015-11-04 01:47 - 00623896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll 2015-11-04 01:48 - 2015-11-04 01:48 - 00149272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll 2014-12-09 23:57 - 2014-12-09 23:57 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll 2015-11-04 01:46 - 2015-11-04 01:46 - 00247064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll 2015-11-04 01:47 - 2015-11-04 01:47 - 00793368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll 2015-11-04 01:48 - 2015-11-04 01:48 - 00043800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1528496886-270073939-2523521886-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{BC6D6199-B3EE-4BA2-ACC3-74A621C5BB50}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{FAD1B9BB-984A-44AF-A5D6-EF2A7ED86189}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{32D2474D-C88B-44AC-B7AD-DEAAFC596991}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{231C54FF-7CD6-4DDA-AD2E-E652444BDD43}] => (Allow) C:\Users\arsteige\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{EE39F9B5-9CEE-4EBC-BD2D-41721940F639}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{3551A45E-5625-4F7E-A8EF-9C0F2CE10165}] => (Allow) C:\ProScore5\ProScore.exe FirewallRules: [{3E869BB8-5CB3-4B89-A86F-72D8F42AF1C0}] => (Allow) C:\ProScore5\ScoreGen.exe FirewallRules: [{E52AE83C-77B7-41F5-900C-A945AB5EBD38}] => (Allow) C:\ProScore5\Server\nxServer.exe FirewallRules: [{3E0FA648-6095-49F8-8188-96E9EF4A63E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 11-03-2016 09:08:24 Windows Update 20-03-2016 20:25:44 Scheduled Checkpoint 24-03-2016 03:55:23 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2016 08:20:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program chrome.exe version 49.0.2623.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f34 Start Time: 01d188f436301c28 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Report Id: c55bc702-f4e7-11e5-827c-14dda90c0d5f Faulting package full name: Faulting package-relative application ID: Error: (03/28/2016 08:03:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dnswalters.exe, version: 1.0.0.0, time stamp: 0x56d2dda2 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7eb1 Exception code: 0xe0434352 Fault offset: 0x0000000000008a5c Faulting process id: 0x1afc Faulting application start time: 0xdnswalters.exe0 Faulting application path: dnswalters.exe1 Faulting module path: dnswalters.exe2 Report Id: dnswalters.exe3 Faulting package full name: dnswalters.exe4 Faulting package-relative application ID: dnswalters.exe5 Error: (03/28/2016 08:03:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: dnswalters.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception Stack: at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at -.l1lilliIililI.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run() at -.l1lilliIililI.() Error: (03/28/2016 06:37:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dnswalters.exe, version: 1.0.0.0, time stamp: 0x56d2dda2 Faulting module name: KERNELBASE.dll, version: 6.3.9600.18202, time stamp: 0x569e7eb1 Exception code: 0xe0434352 Fault offset: 0x0000000000008a5c Faulting process id: 0x824 Faulting application start time: 0xdnswalters.exe0 Faulting application path: dnswalters.exe1 Faulting module path: dnswalters.exe2 Report Id: dnswalters.exe3 Faulting package full name: dnswalters.exe4 Faulting package-relative application ID: dnswalters.exe5 Error: (03/28/2016 06:37:20 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: dnswalters.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ArgumentException Stack: at System.Windows.Media.CompositionTarget.SetRootVisual(System.Windows.Media.Visual) at System.Windows.Media.CompositionTarget.set_RootVisual(System.Windows.Media.Visual) at System.Windows.Interop.HwndTarget.set_RootVisual(System.Windows.Media.Visual) at System.Windows.Interop.HwndSource.set_RootVisualInternal(System.Windows.Media.Visual) at System.Windows.Controls.Primitives.Popup.CreateWindow(Boolean) at System.Windows.Controls.Primitives.Popup.OnIsOpenChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean, System.Windows.OperationType) at System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean) at System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object) at System.Windows.Data.BindingOperations.SetBinding(System.Windows.DependencyObject, System.Windows.DependencyProperty, System.Windows.Data.BindingBase) at System.Windows.Controls.Primitives.Popup.CreateRootPopup(System.Windows.Controls.Primitives.Popup, System.Windows.UIElement) at System.Windows.Controls.ToolTip.OnIsOpenChanged(System.Windows.DependencyObject, System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.FrameworkElement.OnPropertyChanged(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.NotifyPropertyChange(System.Windows.DependencyPropertyChangedEventArgs) at System.Windows.DependencyObject.UpdateEffectiveValue(System.Windows.EntryIndex, System.Windows.DependencyProperty, System.Windows.PropertyMetadata, System.Windows.EffectiveValueEntry, System.Windows.EffectiveValueEntry ByRef, Boolean, Boolean, System.Windows.OperationType) at System.Windows.DependencyObject.SetValueCommon(System.Windows.DependencyProperty, System.Object, System.Windows.PropertyMetadata, Boolean, Boolean, System.Windows.OperationType, Boolean) at System.Windows.DependencyObject.SetValue(System.Windows.DependencyProperty, System.Object) at -.l11iIIlIi1iI1.(Boolean) at   .(UInt32, IntPtr, IntPtr) at   .(IntPtr, UInt32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) at MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32) at System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run() at -.l1lilliIililI.() Error: (03/28/2016 06:36:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RossFamily) Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/28/2016 06:36:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 22f8 Start Time: 01d188e60a168f56 Termination Time: 4294967295 Application Path: C:\Windows\system32\wwahost.exe Report Id: 512419e8-f4d9-11e5-827b-14dda90c0d5f Faulting package full name: Microsoft.BingSports_3.0.4.336_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexSports Error: (03/28/2016 06:36:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: RossFamily) Description: App Microsoft.BingSports_3.0.4.336_x64__8wekyb3d8bbwe+AppexSports did not launch within its allotted time. Error: (03/27/2016 11:13:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (03/25/2016 02:09:14 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks Pro 2014": DB error -739 ErrorMessage:'db_init has not been called or the call to db_init failed' System errors: ============= Error: (03/28/2016 06:37:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: %%1 Error: (03/28/2016 06:35:59 AM) (Source: DCOM) (EventID: 10010) (User: RossFamily) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (03/28/2016 06:35:59 AM) (Source: DCOM) (EventID: 10010) (User: RossFamily) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (03/28/2016 06:35:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Interactive Services Detection service terminated with the following error: %%1 Error: (03/28/2016 06:32:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Anti-Spam Service service failed to start due to the following error: %%1053 Error: (03/28/2016 06:32:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect. Error: (03/28/2016 06:32:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Anti-Spam Service service failed to start due to the following error: %%1053 Error: (03/28/2016 06:32:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect. Error: (03/28/2016 06:30:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Anti-Spam Service service failed to start due to the following error: %%1053 Error: (03/28/2016 06:30:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Spam Service service to connect. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 51% Total physical RAM: 3982.55 MB Available physical RAM: 1942.55 MB Total Virtual: 4750.55 MB Available Virtual: 2569.05 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:682.52 GB) (Free:566.77 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:29.8 GB) (Free:16.43 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: C67EB1A4) Partition: GPT. ======================================================== Disk: 1 (Size: 29.8 GB) (Disk ID: D5981269) Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C) ==================== End of Addition.txt ============================