Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-06-2016 Ran by Joshu (2016-06-09 18:04:31) Running from B:\Joshua Windows 10 Home Version 1511 (X64) (2016-05-14 00:54:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-708117259-3629779018-2666748752-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-708117259-3629779018-2666748752-503 - Limited - Disabled) Guest (S-1-5-21-708117259-3629779018-2666748752-501 - Limited - Disabled) Joshu (S-1-5-21-708117259-3629779018-2666748752-1001 - Administrator - Enabled) => C:\Users\Joshu ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov) Acronis True Image 2015 (HKLM-x32\...\{2E51FA82-585D-42B4-B465-A4160DAD4A26}) (Version: 18.0.4061 - Acronis) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Goat Simulator (HKLM\...\Steam App 265930) (Version: - Coffee Stain Studios) God Mode (HKLM\...\Steam App 227480) (Version: - Old School Games) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Half-Life (HKLM\...\Steam App 70) (Version: - Valve) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Logitech Gaming Software 8.83 (HKLM\...\Logitech Gaming Software) (Version: 8.83.85 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6868.2067 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6828.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6828.1019 - Microsoft Corporation) Hidden OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd) Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security) Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security) Panda Free Antivirus (Version: 8.21.00 - Panda Security) Hidden Q.U.B.E: Director's Cut (HKLM\...\Steam App 239430) (Version: - Toxic Games) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Sven Co-op (HKLM\...\Steam App 225840) (Version: - Sven Co-op Team) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Shock 2 (HKLM-x32\...\1207659172_is1) (Version: 2.3.0.11 - GOG.com) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-708117259-3629779018-2666748752-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Joshu\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0ABC91F3-8160-4F54-8012-B5DB1F8EF541} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd) Task: {1F419E0C-C3B8-4D4A-AD24-01B5FB24A6A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation) Task: {29F0EF94-1634-4E90-93E4-C44D70332392} - System32\Tasks\PPI Update => "hxxp://dazwindowsapps.xyz/download/index.php?mn=9995" <==== ATTENTION Task: {86F214ED-B0B6-417C-A8DC-ED66B658BF15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.) Task: {B55463D2-BBF4-4436-83B7-06A57F2C3148} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation) Task: {F28485EA-1654-4485-8EF8-194D34682B9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-09] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:17 - 2015-10-30 00:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-05-14 14:30 - 2016-05-15 11:51 - 00417480 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2016-05-14 11:45 - 2016-03-29 03:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-05-14 11:45 - 2016-03-29 03:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-05-25 16:52 - 2016-05-25 16:52 - 00959168 _____ () C:\Users\Joshu\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-05-14 14:32 - 2016-05-15 11:51 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2015-12-19 01:08 - 2015-12-19 01:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe 2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-14 11:44 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-14 11:44 - 2016-04-22 21:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-14 11:44 - 2016-04-22 20:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-14 11:45 - 2016-04-22 20:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-14 11:45 - 2016-04-22 21:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-03-06 17:07 - 2015-03-06 17:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2016-04-28 15:49 - 2016-04-28 15:49 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 17:07 - 2015-03-06 17:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2016-04-28 15:49 - 2016-04-28 15:49 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2016-01-06 09:41 - 2016-01-06 09:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2016-05-15 09:44 - 2016-05-15 09:44 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2016-06-01 19:55 - 2016-06-01 19:55 - 00016384 ____X () C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_1.1.17.0_x64__rcb0qdgx4z9ca\wAPPer for Gmail.exe 2016-06-01 19:55 - 2016-06-01 19:55 - 04863488 ____X () C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_1.1.17.0_x64__rcb0qdgx4z9ca\wAPPer for Gmail.dll 2016-06-01 19:54 - 2016-06-01 19:55 - 04069784 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll 2015-10-30 00:18 - 2015-10-30 00:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 2016-06-09 14:37 - 2016-06-03 18:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll 2016-06-09 14:37 - 2016-06-03 18:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll 2015-12-15 10:17 - 2015-12-15 10:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll 2016-05-15 09:39 - 2016-05-15 09:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-05-25 16:52 - 2016-05-25 16:52 - 00679624 _____ () C:\Users\Joshu\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-05-14 12:25 - 2016-04-29 13:10 - 00785920 _____ () B:\Program Files (x86)\Steam\SDL2.dll 2016-05-14 12:25 - 2015-07-03 09:12 - 04962816 _____ () B:\Program Files (x86)\Steam\v8.dll 2016-05-14 12:25 - 2016-04-29 17:10 - 02549840 _____ () B:\Program Files (x86)\Steam\video.dll 2016-05-14 12:25 - 2015-07-03 09:12 - 01556992 _____ () B:\Program Files (x86)\Steam\icui18n.dll 2016-05-14 12:25 - 2015-07-03 09:12 - 01187840 _____ () B:\Program Files (x86)\Steam\icuuc.dll 2016-05-14 12:25 - 2016-02-08 16:14 - 02549760 _____ () B:\Program Files (x86)\Steam\libavcodec-56.dll 2016-05-14 12:25 - 2016-02-08 16:14 - 00491008 _____ () B:\Program Files (x86)\Steam\libavformat-56.dll 2016-05-14 12:25 - 2016-02-08 16:14 - 00332800 _____ () B:\Program Files (x86)\Steam\libavresample-2.dll 2016-05-14 12:25 - 2016-02-08 16:14 - 00442880 _____ () B:\Program Files (x86)\Steam\libavutil-54.dll 2016-05-14 12:25 - 2016-02-08 16:14 - 00485888 _____ () B:\Program Files (x86)\Steam\libswscale-3.dll 2016-05-14 12:25 - 2016-04-29 17:10 - 00829008 _____ () B:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-05-14 12:25 - 2016-02-17 15:25 - 00281088 _____ () B:\Program Files (x86)\Steam\openvr_api.dll 2015-07-23 18:06 - 2015-07-23 18:06 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll 2015-07-23 18:06 - 2015-07-23 18:06 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll 2016-05-14 12:25 - 2016-04-27 18:00 - 49825056 _____ () B:\Program Files (x86)\Steam\bin\libcef.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 45069312 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\libcef.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00500736 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoUtil.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 01069568 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoNet.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 01847296 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoData.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00386048 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoDataSQLite.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00513536 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoXML.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 01582080 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoFoundation.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00300544 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoNetSSL.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00323584 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoJSON.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00096768 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\zlib.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00265216 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoZip.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00672768 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\sqlite.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00144896 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\expat.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00418304 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\pcre.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00150528 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\PocoCrypto.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 01643008 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\libglesv2.dll 2016-06-08 11:54 - 2016-06-08 17:11 - 00074752 _____ () B:\Program Files (x86)\Galaxy Client\GalaxyClient\libegl.dll 2015-07-23 18:13 - 2015-07-23 18:13 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2015-07-23 18:07 - 2015-07-23 18:07 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-708117259-3629779018-2666748752-1001\...\sharepoint.com -> hxxps://studentsspcc-files.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 00:24 - 2016-06-09 12:47 - 00000848 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-708117259-3629779018-2666748752-1001\Control Panel\Desktop\\Wallpaper -> B:\Joshua\Pictures\Saved Pictures\1920x1080-Wallpaper-330.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{98FCEFB2-0978-4FE1-BD26-18FFF5C6E784}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{A9B7C8C0-AFDC-4D00-90BE-F51D77C0CA17}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{0A8C04D0-75E0-4838-B655-53FEA81251A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{A8BAF8CC-49E8-46E7-8488-369EA6840E72}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{236DE34D-4DD8-4DCB-9F5F-43084FBAD021}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{8C6B8F8B-71EF-4AD5-99C8-A4DB46F15193}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{4C784FA6-C245-4421-AE2A-47C719D273E2}] => (Allow) B:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{126BA5E3-9610-44AB-A3D2-336E1ABD02A8}] => (Allow) B:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F1FA9344-9D5F-4E4B-AAE6-CEB956AA0F7C}] => (Allow) B:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{D05696AF-DB80-4F87-95C2-4AD4BB1D0738}] => (Allow) B:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{56223EA6-424F-4F91-B378-56B7468B1181}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{4FB09A2D-E6C4-405E-B365-1AB7B79D1D6A}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{DFE617C9-198B-496D-BF6E-74D379606481}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe FirewallRules: [{FA517EB0-E1E2-4C86-86BC-B6F6179DC704}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe FirewallRules: [{6EC51AFB-A95E-4FF6-8209-3FDE1B198413}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe FirewallRules: [{199BAA40-373F-4E66-A51C-6FF17892B9DD}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\GodMode\bin\GodMode.exe FirewallRules: [{B6898F4E-0B02-4426-AEC3-BB2C782AC417}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{CC7A7076-EB29-4E47-8635-2E61160E7458}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{06E3DD08-9E4E-4077-841E-C84D8F37FEE7}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe FirewallRules: [{B05D410E-306F-41CF-8141-4DEB8E64795C}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe FirewallRules: [{44C07ABD-E919-45A5-BA9D-CC54588B014E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{224E01CC-45D2-4382-88C1-6A55D595E265}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{3DECC9BA-B6C0-470C-8BA6-F49004B4A2F3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{03AEB8C8-B821-4BF9-AC19-3F0693C13870}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{F8237898-F751-4752-B30C-F83913937983}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{93C45FB4-0A8C-40DE-A642-0751553C7F2D}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{40DD8A8E-EC54-460E-84AB-F6354FBAC22F}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{ED1F0190-B4B3-45B7-B7ED-1A3856BD7622}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\QUBE Directors Cut\Binaries\Win32\QUBEGame.exe FirewallRules: [{9D0E50B5-F966-4D1A-B9B5-0892649CF9B4}] => (Allow) B:\Program Files (x86)\Steam\steamapps\common\QUBE Directors Cut\Binaries\Win32\QUBEGame.exe FirewallRules: [{CA075B18-FCA9-43EB-9476-DD8C561E4F9D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/09/2016 05:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 05:10:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 05:06:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 04:56:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 04:51:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 04:51:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686 Exception code: 0xc0000602 Fault offset: 0x000000000022885f Faulting process id: 0x8c0 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Faulting package full name: svchost.exe4 Faulting package-relative application ID: svchost.exe5 Error: (06/09/2016 04:51:09 PM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2240) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (06/09/2016 04:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 04:47:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FABRITZIO) Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/09/2016 04:23:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686 Exception code: 0xc0000602 Fault offset: 0x000000000022885f Faulting process id: 0xa38 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Faulting package full name: svchost.exe4 Faulting package-relative application ID: svchost.exe5 System errors: ============= Error: (06/09/2016 06:01:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/09/2016 05:43:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/09/2016 05:31:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/09/2016 05:10:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/09/2016 05:10:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/09/2016 05:10:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (06/09/2016 05:10:41 PM) (Source: Application Popup) (EventID: 56) (User: ) Description: ACPI5 Error: (06/09/2016 05:10:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_2d9a3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/09/2016 05:10:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_2d9a3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/09/2016 05:10:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_2d9a3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-06-09 16:52:00.077 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:52:00.041 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:59.934 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:56.063 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:56.042 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:56.023 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:56.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:55.984 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:55.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-06-09 16:51:55.943 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz Percentage of memory in use: 22% Total physical RAM: 16055.34 MB Available physical RAM: 12512.19 MB Total Virtual: 18487.34 MB Available Virtual: 14448.62 MB ==================== Drives ================================ Drive b: (Western Digital) (Fixed) (Total:931.51 GB) (Free:885.3 GB) NTFS Drive c: () (Fixed) (Total:111.3 GB) (Free:85.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8616A285) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BD6BF45A) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================