Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01 Ran by Alex (2016-06-19 22:14:32) Running from C:\Users\Alex\Desktop Windows 10 Home Version 1511 (X64) (2015-12-18 10:03:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4105250797-2263945849-1056666646-500 - Administrator - Disabled) Alex (S-1-5-21-4105250797-2263945849-1056666646-1001 - Administrator - Enabled) => C:\Users\Alex AlexG_000 (S-1-5-21-4105250797-2263945849-1056666646-1004 - Administrator - Enabled) => C:\Users\AlexG_000 DefaultAccount (S-1-5-21-4105250797-2263945849-1056666646-503 - Limited - Disabled) Guest (S-1-5-21-4105250797-2263945849-1056666646-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-4105250797-2263945849-1056666646-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‎Canon Inc.‬) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.) Canon MG5400 series On-screen Manual (HKLM-x32\...\Canon MG5400 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG5400 series User Registration (HKLM-x32\...\Canon MG5400 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Discord (HKU\S-1-5-21-4105250797-2263945849-1056666646-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.) Discord (HKU\S-1-5-21-4105250797-2263945849-1056666646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.) EaseUS MobiSaver 5.0 (HKLM-x32\...\EaseUS MobiSaver 5.0_is1) (Version: - EaseUS) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) ICP 9.0 (HKLM\...\ICP install2_is1) (Version: - ) iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MapleStory (HKLM-x32\...\MapleStory) (Version: - ) MapleStory (HKLM-x32\...\Steam App 216150) (Version: - Nexon) Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MySQL Tools for 5.0 (HKLM-x32\...\{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}) (Version: 5.0.17 - MySQL AB, Sun Microsystems, Inc.) MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation) NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org) NetTools 5.0 (HKLM-x32\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) PhoneRescue 1.9.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.9.0 - iMobie Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.3.8 - Reimage) <==== ATTENTION Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) Sony Vegas Pro 8.0 (HKLM-x32\...\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}) (Version: 8.0.260 - Sony) Spotify (HKU\S-1-5-21-4105250797-2263945849-1056666646-1001\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Spotify (HKU\S-1-5-21-4105250797-2263945849-1056666646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) Syncios version 4.3.5 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.3.5 - Anvsoft, Inc.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation) TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation) Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.) TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation) TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc) VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinPcap 3.0 (HKLM-x32\...\WinPcapInst) (Version: - Politecnico di Torino) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Wondershare Dr.Fone for iOS(Build 6.2.0.15) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 6.2.0.15 - Wondershare Software Co.,Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4105250797-2263945849-1056666646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4105250797-2263945849-1056666646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4105250797-2263945849-1056666646-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4105250797-2263945849-1056666646-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F2BE38-90F6-47A2-AA50-BE7D7F01ACDC} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-06-15] (Reimage ltd.) <==== ATTENTION Task: {03A147F5-961B-4277-818D-A8766516AD2F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe Task: {05CD13D1-1994-4157-8782-6D132FD34117} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.) Task: {069FE55A-7219-47F7-8F4D-B89066ABB5E8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation) Task: {10C146A5-BD86-47C0-A9C3-4DA4711D7194} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation) Task: {1F1DB9AE-9B0E-4247-BD9F-199B072818E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2E3D21F5-05D9-4EDB-AA7A-FD2E93C97F69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {323EA020-A8E5-4021-9529-BC7727EF6CDC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor) Task: {3A13EF0B-7D14-484C-A331-61C438C95688} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5458AE26-EF9E-4D0B-8C68-6EF458F5E504} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {5972C6F7-C1FA-40A1-962D-399438BF4BF0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe Task: {64C4DA9A-E587-4BC0-9728-36B7AFE6E729} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {68E5B890-7344-4D28-A812-90AEB0233153} - System32\Tasks\{9DC41411-B8C4-4B4C-B18B-915A5BBCEBAC} => pcalua.exe -a "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -c -uninstall Task: {70480F92-799F-4517-86A5-4706BD8D23E8} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-05-27] (Reimage®) <==== ATTENTION Task: {7929D052-32B0-41BB-9628-F9A890A1E22A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {7ABE8F77-1D6F-4781-846E-4339638E7D18} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] () Task: {7EDE2710-69F9-4599-B9C0-75A93065F577} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] () Task: {868BFD07-3D66-4754-A1BD-9480ACB2D730} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation) Task: {8F74DFEE-A28E-487A-8DAE-F781D9896AEB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {A08B3E9C-4AB6-4F29-B435-374B33CA5D02} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation) Task: {AF91704A-CCA4-4861-96CA-10F1A0D964B3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe Task: {B35A0B83-ABEE-4D2E-A4E4-D85CF0EE3436} - System32\Tasks\{DBDC2564-74B7-4730-89D7-98AF0A6A65B9} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=hs_beta --displayname="Hearthstone" Task: {B597AD1F-EAD4-4A6A-96D4-6E4BB390AFDE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {C1C9C5F0-0393-48A4-AC44-6E984667CA7D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {C200203D-C4DD-4107-8A69-CA1A3C36DCDC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C3BA35F9-6F23-453E-9A10-06D8A6B4ED6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation) Task: {C78752E3-96BC-43C2-84BA-2A3DDB758736} - \CCleanerSkipUAC -> No File <==== ATTENTION Task: {C8282106-987D-41EB-AF9F-1D8F33498F80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {C9766E95-A74A-4FCA-B76F-EE4303C35701} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.) Task: {CFCA39CC-4FC0-4CC5-B7F9-4E1733FEA976} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4105250797-2263945849-1056666646-1001 Task: {D394197E-FDDE-4904-B30B-F86A20CCC703} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {D6C4436C-F7C3-43B7-9787-645D824A474F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {E740B8EE-4B53-40B5-AF33-73ABFA511E72} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F3130F56-6191-4C84-B3ED-CC8D2D3D38D4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F82ED853-C1D7-4EAE-8E62-782E77C99D7F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {FE4EAF92-9EEB-4B0F-B43F-DC4F0EB99951} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2014-04-13 19:54 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2014-05-16 18:34 - 2014-05-16 18:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-16 13:37 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-19 18:17 - 2016-05-19 18:17 - 00959168 _____ () C:\Users\Alex\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-04-21 20:10 - 2016-04-21 20:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-16 13:37 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-20 14:13 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-10 21:10 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2015-11-11 22:04 - 2015-07-27 22:46 - 00592384 _____ () C:\Program Files (x86)\i-Funbox DevTeam\exifext_x64.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2015-12-01 00:41 - 2015-08-04 11:47 - 00861184 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe 2015-04-11 19:25 - 2015-08-26 17:58 - 02234995 _____ () C:\Users\Alex\Graal\RemoteControl3\RemoteControl3.exe 2016-06-14 23:59 - 2016-05-27 23:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-14 23:59 - 2016-05-27 23:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-14 23:59 - 2016-05-27 23:55 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-06-14 23:59 - 2016-05-27 23:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-14 23:59 - 2016-05-27 23:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-14 23:58 - 2016-05-27 23:53 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2015-10-30 03:18 - 2015-10-30 05:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node 2015-10-30 03:18 - 2015-10-30 05:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node 2015-10-30 03:18 - 2015-10-30 05:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node 2015-10-30 03:18 - 2015-10-30 05:06 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node 2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2014-05-16 20:11 - 2014-05-16 20:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll 2013-10-04 03:55 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-04-21 20:10 - 2016-04-21 20:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-12-01 00:40 - 2015-11-06 15:09 - 00398848 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll 2015-12-01 00:40 - 2013-03-01 11:30 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll 2015-12-01 00:40 - 2015-07-21 18:17 - 00571392 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll 2015-12-01 00:41 - 2014-01-06 12:24 - 00671744 _____ () C:\Program Files (x86)\Syncios\hashab.dll 2016-05-15 23:23 - 2016-05-05 06:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-06-04 00:57 - 2016-05-05 06:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-06-04 00:57 - 2016-05-05 06:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-05-15 23:23 - 2016-05-05 06:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-05-15 23:23 - 2016-05-05 06:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-06-04 00:57 - 2016-05-05 06:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-05-15 23:23 - 2016-05-31 14:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-05-15 23:23 - 2016-05-05 06:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-05-15 23:23 - 2016-05-05 06:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-06-04 00:57 - 2016-05-05 06:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-06-04 00:57 - 2016-05-05 06:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-06-04 00:57 - 2016-05-31 14:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-05-15 23:23 - 2016-05-05 06:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-06-04 00:57 - 2016-05-05 06:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-06-04 00:57 - 2016-05-05 06:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-06-04 00:57 - 2016-05-31 14:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2016-06-04 00:57 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2016-06-04 00:57 - 2016-05-31 14:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-06-04 00:57 - 2016-05-31 14:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-05-15 23:23 - 2016-05-05 06:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-05-15 23:23 - 2016-05-05 06:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2016-05-15 23:23 - 2016-05-31 14:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-06-04 00:57 - 2016-05-31 14:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2009-12-18 17:29 - 2015-08-26 17:58 - 01735960 _____ () C:\Users\Alex\Graal\RemoteControl3\libgtksourceview-2.0-0.dll 2010-08-17 17:38 - 2015-08-26 17:58 - 00230529 _____ () C:\Users\Alex\Graal\RemoteControl3\libpng14-14.dll 2011-11-22 10:48 - 2015-08-26 17:58 - 01294335 _____ () C:\Users\Alex\Graal\RemoteControl3\libcairo-2.dll 2010-08-20 11:18 - 2015-08-26 17:58 - 00100352 _____ () C:\Users\Alex\Graal\RemoteControl3\zlib1.dll 2010-02-05 21:55 - 2015-08-26 17:58 - 00279059 _____ () C:\Users\Alex\Graal\RemoteControl3\libfontconfig-1.dll 2010-12-27 14:12 - 2015-08-26 17:58 - 00538324 _____ () C:\Users\Alex\Graal\RemoteControl3\freetype6.dll 2013-09-22 10:37 - 2015-08-26 17:58 - 01619281 _____ () C:\Users\Alex\Graal\RemoteControl3\libxml2-2.dll 2009-01-31 22:42 - 2015-08-26 17:58 - 00143096 _____ () C:\Users\Alex\Graal\RemoteControl3\libexpat-1.dll 2012-02-08 21:37 - 2015-08-26 17:58 - 00100255 _____ () C:\Users\Alex\Graal\RemoteControl3\lib\gtk-2.0\2.10.0\engines\libwimp.dll 2016-06-17 17:07 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 17:07 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-17 17:07 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-11-03 17:39 - 2015-12-01 02:06 - 00000908 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4105250797-2263945849-1056666646-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg HKU\S-1-5-21-4105250797-2263945849-1056666646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg HKU\S-1-5-21-4105250797-2263945849-1056666646-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\AlexG_000\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-4105250797-2263945849-1056666646-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\AlexG_000\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-4105250797-2263945849-1056666646-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\White.jpg HKU\S-1-5-21-4105250797-2263945849-1056666646-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\White.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{EBCA6ED4-F180-40F0-BCF7-42B36B6E115C}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{1F1A78FB-E9F6-46B3-BF5D-93B479BDA5AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B2820E41-E752-4563-8DC2-2F597F02E124}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AF118593-D85A-423C-BA1C-BE90F7C06D29}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{8E480359-D4CF-40BA-9C22-F5AF069CFCD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{B87929AD-190A-4132-87CD-4B454AC6AE12}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{AC3F0828-DE3D-4BDA-8F5B-3F0FFE3E02E5}C:\users\alex\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alex\appdata\roaming\spotify\spotify.exe FirewallRules: [{94D2B289-DCC7-443A-95C7-C16E69D8AF50}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{D94B88CF-DEF5-4BC4-9620-0BC190A1E803}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{4A7E6C16-7D39-4FB9-B608-F4EF74875A8C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CA518A36-D16F-4680-A523-7567903C6AFE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{25A23740-2AFF-416C-B5A9-F11922C918E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe FirewallRules: [{AB58B5E6-2D40-4F41-BA2A-CE97526177E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MapleStory\nxsteam.exe FirewallRules: [TCP Query User{DB44FBC5-FD0E-44A1-87AD-73CE9EDFF9F3}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{64D22F20-6ED8-40D4-BDFB-BD35A65483FB}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{2E649A86-9F9A-4BCE-B8F6-CC4F4B0BAB2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{02D4F699-2FAC-4BC8-8746-0F5964286487}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [TCP Query User{6B5571A3-6FDA-4C18-94C4-B1AC699F91FA}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{0536A2F9-10BF-4350-A9E3-292F7BDA24B2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe FirewallRules: [TCP Query User{723E4A2D-9BB0-4221-A133-9D35C05402C4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [UDP Query User{82732369-DB75-43FE-A3C5-5E3EBE6D6A73}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe FirewallRules: [TCP Query User{DFDFA915-A185-45BE-B734-8038337E1046}C:\users\alex\dropbox\lumina\gserver_2.3.1\gserver2.exe] => (Allow) C:\users\alex\dropbox\lumina\gserver_2.3.1\gserver2.exe FirewallRules: [UDP Query User{138A89FC-D258-4663-926E-74A8A47768A7}C:\users\alex\dropbox\lumina\gserver_2.3.1\gserver2.exe] => (Allow) C:\users\alex\dropbox\lumina\gserver_2.3.1\gserver2.exe FirewallRules: [TCP Query User{6547F85D-E127-4C0F-8D00-E0E6098A41DD}C:\program files (x86)\wildtangent games\games\lastknight\binaries\win32\lastknight.exe] => (Allow) C:\program files (x86)\wildtangent games\games\lastknight\binaries\win32\lastknight.exe FirewallRules: [UDP Query User{66C68208-1472-4BB2-85EF-4127ED82A5BE}C:\program files (x86)\wildtangent games\games\lastknight\binaries\win32\lastknight.exe] => (Allow) C:\program files (x86)\wildtangent games\games\lastknight\binaries\win32\lastknight.exe FirewallRules: [TCP Query User{CAD455FB-A577-4919-A409-C9EFCDCCAE97}C:\program files (x86)\net tools\nettools5.exe] => (Allow) C:\program files (x86)\net tools\nettools5.exe FirewallRules: [UDP Query User{933B09AB-7BF4-4E66-AC56-970612B1EB26}C:\program files (x86)\net tools\nettools5.exe] => (Allow) C:\program files (x86)\net tools\nettools5.exe FirewallRules: [{9316EBAE-E7A4-49BB-8BF5-DBC118C3F2DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{68E18179-AE62-4CCF-863F-C52A261405CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{8BE269C9-7DBA-4EE9-B856-32D633D3BD45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5CF7A161-5B1A-4DF8-9927-9AC56D654336}] => (Allow) LPort=2869 FirewallRules: [{38A02442-B861-4EF5-B2EF-11CF0EE99DDD}] => (Allow) LPort=1900 FirewallRules: [{1FD0DADB-0BE2-4ABA-B2AA-8DFC0C19C03F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{BAA3B988-3D8E-42FD-B7BB-F7918405E4F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{B72E1DC1-1564-4F9F-86B9-A005FACA990B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{E994D119-BA8C-4DEC-B015-1FC997573B1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{BF92CFDA-E479-4F43-B0B4-E901980175CE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{C82827AB-ABBD-4AA3-83DD-263C4CDE5247}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [TCP Query User{111F04E3-3856-4380-8661-C94531D777F5}C:\users\alex\downloads\boomboomms.exe] => (Block) C:\users\alex\downloads\boomboomms.exe FirewallRules: [UDP Query User{ED834316-820A-4FAA-A81A-1489926CE93E}C:\users\alex\downloads\boomboomms.exe] => (Block) C:\users\alex\downloads\boomboomms.exe FirewallRules: [TCP Query User{624DFBB2-5C7E-4A89-A7CA-A665231D2A4F}C:\users\alex\boomboomms\maplestory\boomboomms.exe] => (Allow) C:\users\alex\boomboomms\maplestory\boomboomms.exe FirewallRules: [UDP Query User{C81A5A95-F6C4-4497-AFBC-E9C2CA84C648}C:\users\alex\boomboomms\maplestory\boomboomms.exe] => (Allow) C:\users\alex\boomboomms\maplestory\boomboomms.exe FirewallRules: [{1F62BEC3-7FE1-43D9-BB28-93045A5B9E96}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [{73329121-DC0F-43A0-B5FF-78C209972D2A}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe FirewallRules: [TCP Query User{0520AA66-AC2C-4997-B3D0-791F4AE11CA5}C:\users\alex\boom\maplestory\boomboomms.exe] => (Allow) C:\users\alex\boom\maplestory\boomboomms.exe FirewallRules: [UDP Query User{6B900CBD-E0F1-46A3-9CDF-D03C31904AFD}C:\users\alex\boom\maplestory\boomboomms.exe] => (Allow) C:\users\alex\boom\maplestory\boomboomms.exe FirewallRules: [TCP Query User{3120D903-E79F-48A3-BDA1-83034E754FBC}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [UDP Query User{DF951740-D779-4A34-8076-8E49333882B9}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{47E368BD-E6E3-4972-8653-F0E65FD4F3B8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9E0B0E86-0726-42B3-A1A2-0490756B27C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FAD43E21-4156-41E6-BA5C-4F109769A277}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F52A6DA0-3D61-42C2-ADF7-27B0A009A808}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{DE28E713-2DA4-4D5D-AB28-7FBC38616625}C:\users\alex\downloads\gserver_2.4.0\gserver2.exe] => (Allow) C:\users\alex\downloads\gserver_2.4.0\gserver2.exe FirewallRules: [UDP Query User{68EB2AC9-001F-43F8-BAE1-8F95972E431C}C:\users\alex\downloads\gserver_2.4.0\gserver2.exe] => (Allow) C:\users\alex\downloads\gserver_2.4.0\gserver2.exe FirewallRules: [TCP Query User{58FFCF03-0B62-4D06-B44D-848E7EFB3DA3}C:\users\alex\downloads\usethisrelay\graal7.exe] => (Allow) C:\users\alex\downloads\usethisrelay\graal7.exe FirewallRules: [UDP Query User{8EF376AE-916E-4699-8339-9DDCF7A13A68}C:\users\alex\downloads\usethisrelay\graal7.exe] => (Allow) C:\users\alex\downloads\usethisrelay\graal7.exe FirewallRules: [TCP Query User{F0445712-2301-4575-A951-C87CE9FB5DB5}C:\users\alex\downloads\graal relay era\graal relay era\gr.exe] => (Allow) C:\users\alex\downloads\graal relay era\graal relay era\gr.exe FirewallRules: [UDP Query User{AD6F34E3-89EC-4733-A40C-37D36919DBE2}C:\users\alex\downloads\graal relay era\graal relay era\gr.exe] => (Allow) C:\users\alex\downloads\graal relay era\graal relay era\gr.exe FirewallRules: [TCP Query User{E306EB67-7ACC-42D1-A78B-D880F697F2FE}C:\users\alex\dropbox\homework\graal7.exe] => (Allow) C:\users\alex\dropbox\homework\graal7.exe FirewallRules: [UDP Query User{7FB10C6C-9410-40C3-9709-4B7286CA9A81}C:\users\alex\dropbox\homework\graal7.exe] => (Allow) C:\users\alex\dropbox\homework\graal7.exe FirewallRules: [{5C5EC8B0-58BE-4B5C-A9D0-5D62AE78ECAF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{18E8C8FF-6A00-458A-AE33-3390352209AD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{9F881111-F810-4D2B-8FD4-69A69180C43E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe FirewallRules: [{34EC3C4F-0268-4F19-B18C-832ACC93229E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe FirewallRules: [{4DCEA131-D8A3-4E9A-8577-860D25B2C261}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{46D68B4E-BE9D-401B-8CFB-F307D8241B07}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe FirewallRules: [{16672E0B-A7D6-4CBF-95DE-32A9D52A6300}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{080AE9CB-5775-4C49-979D-C9D8D33308DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{7E93EB3A-F151-4A64-B587-1BA699A25F4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7AF905FB-58C9-4CE2-9435-BE66FDF6DFC9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E5A12A89-E28B-4297-BA11-B7FB94FC689C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{EEB6FF5F-93C9-41FB-B45B-762767FA32BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{46656B12-12A6-48BD-8D4B-A6EC99F2D3BE}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{41D5B516-0C6B-478A-92CE-0EA3A095494E}] => (Allow) C:\Users\Alex\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{9BCF2201-F345-47FD-ADFA-05AE561FAF93}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{B3942A58-E02D-4739-A73F-3E79ED8CC8D5}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{47BD497E-69B2-4579-87C9-8170EEBAEBEE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{4CF985E6-4148-4726-9FDB-3D9DFDB5888C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{A39387D4-9192-42EB-9EF0-3003850ED417}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{CEE2C9D7-76B7-4E0C-8B04-4A50EEAF8772}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{32DFF8F1-5358-4F2B-9AB9-75D2DD9F1FA5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{23B6D161-239D-4442-B003-4A02B50EDBBA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{E84EC681-0A6E-4885-8AAE-9419EAF6A1C7}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [{9EAC1977-9949-4519-B62E-45236D535BB4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe FirewallRules: [TCP Query User{1E5CA4FF-0ED0-4D23-8507-242E7AA6B884}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [UDP Query User{FDC09B57-9BAE-41FF-A800-D03F1DC74A67}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe FirewallRules: [TCP Query User{0C28B5C2-DF6C-437B-862D-A1165148D58B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{60F3CE2B-8BD7-49F9-9F4F-E5EA153756AE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{A05F8AF2-F7AD-4FE3-8D0D-E17C4E8C0827}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe FirewallRules: [UDP Query User{A547A19E-A2CC-4F98-AEB8-63C02B2366AD}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe FirewallRules: [{E42C8338-249E-4945-BC9C-C95B6BA3AE90}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{4D37B06A-F73F-4A82-B4EA-7AF2DA66BCAB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{63AA2DF8-2DAB-4BFA-9335-D678133B4F38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{4948F6C4-D800-4982-BC6B-8DC10285845B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1F1E3211-52B1-41F4-B6A3-7B65F623A4D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A36FA696-3636-4D33-82A8-0379D0BDC27E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 07-06-2016 05:27:43 Scheduled Checkpoint 15-06-2016 01:54:32 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2016 10:33:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb Exception code: 0xc0000409 Fault offset: 0x00000000000a9ba0 Faulting process id: 0x28ec Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report Id: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (06/19/2016 10:32:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Music.UI.exe, version: 3.6.2096.0, time stamp: 0x573b8c20 Faulting module name: MSVCP140_APP.dll, version: 14.0.23816.0, time stamp: 0x56c2bf04 Exception code: 0xc0000005 Fault offset: 0x0000000000018914 Faulting process id: 0x2a28 Faulting application start time: 0xMusic.UI.exe0 Faulting application path: Music.UI.exe1 Faulting module path: Music.UI.exe2 Report Id: Music.UI.exe3 Faulting package full name: Music.UI.exe4 Faulting package-relative application ID: Music.UI.exe5 Error: (06/19/2016 08:03:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb Exception code: 0xc0000409 Fault offset: 0x00000000000a9ba0 Faulting process id: 0xc10 Faulting application start time: 0xbackgroundTaskHost.exe0 Faulting application path: backgroundTaskHost.exe1 Faulting module path: backgroundTaskHost.exe2 Report Id: backgroundTaskHost.exe3 Faulting package full name: backgroundTaskHost.exe4 Faulting package-relative application ID: backgroundTaskHost.exe5 Error: (06/19/2016 07:24:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEX-PC) Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/19/2016 07:02:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Skype.exe, version: 7.21.85.100, time stamp: 0x56d60a29 Faulting module name: mshtml.dll, version: 11.0.10586.420, time stamp: 0x57491b86 Exception code: 0x4000001f Fault offset: 0x00d76a48 Faulting process id: 0x15a0 Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Faulting package full name: Skype.exe4 Faulting package-relative application ID: Skype.exe5 Error: (06/19/2016 06:58:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ALEX-PC) Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/19/2016 06:38:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Skype.exe, version: 7.21.85.100, time stamp: 0x56d60a29 Faulting module name: mshtml.dll, version: 11.0.10586.420, time stamp: 0x57491b86 Exception code: 0x4000001f Fault offset: 0x00d76a48 Faulting process id: 0x2578 Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Faulting package full name: Skype.exe4 Faulting package-relative application ID: Skype.exe5 Error: (06/19/2016 06:36:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15531 Error: (06/19/2016 06:36:44 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15531 Error: (06/19/2016 06:36:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (06/19/2016 07:24:45 PM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC) Description: MicrosoftEdge Error: (06/19/2016 06:58:20 PM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC) Description: App Error: (06/19/2016 06:36:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/19/2016 06:28:11 PM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC) Description: App Error: (06/19/2016 06:08:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/19/2016 05:10:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (06/19/2016 05:09:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (06/19/2016 05:06:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_11adf6 service to connect. Error: (06/19/2016 05:06:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_11adf6 service to connect. Error: (06/19/2016 05:06:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_11adf6 service, but this action failed with the following error: %%1056 = An instance of the service is already running. CodeIntegrity: =================================== Date: 2016-06-19 21:28:26.888 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-19 21:28:26.653 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-19 07:40:04.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-19 04:01:56.582 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-19 04:01:56.533 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-18 00:31:30.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-15 16:02:48.273 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-12 02:27:02.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-12 02:27:02.958 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-12 02:27:02.369 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz Percentage of memory in use: 86% Total physical RAM: 3975.27 MB Available physical RAM: 544.13 MB Total Virtual: 9863.27 MB Available Virtual: 5251.27 MB ==================== Drives ================================ Drive c: (TI10673200G) (Fixed) (Total:688.44 GB) (Free:503.67 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================