Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016 Ran by Nanda (2016-08-03 20:45:17) Running from C:\Users\Nanda\Desktop Windows 10 Home Version 1511 (X64) (2016-01-10 00:34:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3677932209-539322989-99459680-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3677932209-539322989-99459680-503 - Limited - Disabled) Guest (S-1-5-21-3677932209-539322989-99459680-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3677932209-539322989-99459680-1005 - Limited - Enabled) Nanda (S-1-5-21-3677932209-539322989-99459680-1001 - Administrator - Enabled) => C:\Users\Nanda ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ask Toolbar for Epson (HKLM-x32\...\{45504E56-3634-006A-76A7-A758B70C1801}) (Version: 12.24.1.363 - APN, LLC) <==== ATTENTION ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS) ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.9 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.) Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.) Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.) Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation) Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation) iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation) Kodi (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Kodi) (Version: - XBMC-Foundation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla) NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TVMC (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\TVMC) (Version: - TVADDONS.ag) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Viber (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\0236763014F4120EF90CB077B1100A704C694EAE) (Version: 06/17/2015 1.0.0.262 - ASUS) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Nanda\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nanda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nanda\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {081EB096-31FF-4F44-9AF0-D46F96C8361D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {09B2E85A-7AE1-46DE-8747-2A0009014546} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe Task: {0B6C3D49-7C50-4CDC-8177-CE647A06F92C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-07] (AsusTek) Task: {17F4188F-14FF-4D41-ABCC-5429CD6B81AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {19EB9577-25A6-412B-A1D9-3061A15085E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1AC96864-4269-42C5-9668-7A8ECBD8D8A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-02] (AVAST Software) Task: {1BB486B8-0F15-418E-BD05-ED7557F684D7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation) Task: {1D08CE55-90A5-4BD1-82CE-20759F80069F} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {1EE46006-8BE0-4520-9A7C-8E62A0EBE941} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {1F78BF76-0372-4A48-BB41-2BFA550033A0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {23A66DD7-D22E-4F62-90E7-B40B9C460035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {3B74EC11-0B3B-452F-A566-99A6669E2B8F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {3C6FE5F4-F423-4B51-B53D-49166A448BF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {4B048D5F-B0BD-4C5E-A87A-6475D223B565} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {5F0013D4-3A31-4401-96CA-49536B56A94D} - System32\Tasks\EPSON XP-310 Series Update {9C111E49-BC16-4FAE-91DC-48443C4F3AD8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {639111D2-1678-4239-AEDE-E505A59205EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {692ACC46-BA36-446B-8D88-571B5BA0BC11} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {6A01E12E-3618-4A1F-B54F-8DBA91C004BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {775C8566-3D3B-43AA-A805-51FD1C82A66D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {8598580E-80B0-4C88-8D69-192F74522C9E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {8B54B703-25DB-462B-B944-C23A6733A6B7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2016-08-03] () Task: {8E56071C-F340-471A-9424-C98696BFC17C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {903F0935-190F-4A91-B133-5AF2628BF41D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {95375916-1D69-4E1A-9164-629F673D81BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {98A31A44-CBFC-4901-A0E6-503E57A0BD75} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) Task: {9B8080FF-0F4A-4D7C-A640-173B027C3AC9} - System32\Tasks\Google Updater and Installer => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {A6E2AB69-E881-42B2-89A9-0C8944A10C76} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {A79A7AA7-EF4D-4B56-AB51-2A1751A1B61E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-12] (Microsoft Corporation) Task: {AA7B9EB2-3EE7-4600-82F9-0555C4372F67} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {AAA930AE-2C47-4086-AC33-8B111D53AAE6} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-02-24] () Task: {AE8B45EA-C7F8-4A37-A7A8-0F9DB166693B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {B37A857F-4350-47D3-B99C-86F703D24EEA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B43E7F54-2649-4A8B-994B-09D64B5BC764} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation) Task: {BEC2D586-44C4-4C89-925D-D8321C167A44} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CA5F25A4-7E95-49DB-891C-64D35D15C090} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CEED260E-8683-44CD-8CC9-C505DBB94A73} - System32\Tasks\EPSON XP-310 Series Invitation {9C111E49-BC16-4FAE-91DC-48443C4F3AD8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {D0AE2BD2-D06D-4E52-93A1-C97240EE052C} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2016-08-03] () Task: {D81AA708-C0C5-4154-896F-48D06870042C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {DE1FF61B-CD02-4FCC-B04E-9FEB8A0CFB5B} - System32\Tasks\EPSON XP-310 Series Update {BCC0FB67-BAC5-48BE-B767-BD5603FB8627} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {E3F4B616-A94B-47E4-A403-B466238DC11B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E93EB73F-7BE6-4F9E-91BB-3F5A1EC102F8} - System32\Tasks\SafeZone scheduled Autoupdate 1452401253 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software) Task: {EA80E63A-0FB7-4D05-807E-DA4FD05A82D1} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {ED283E14-25C6-4FB5-8F1E-7E28989C4C44} - System32\Tasks\EPSON XP-310 Series Invitation {BCC0FB67-BAC5-48BE-B767-BD5603FB8627} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {F67EC333-DF1E-43C9-BDA3-7903FCB89116} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {9C111E49-BC16-4FAE-91DC-48443C4F3AD8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {BCC0FB67-BAC5-48BE-B767-BD5603FB8627}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {9C111E49-BC16-4FAE-91DC-48443C4F3AD8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{9C111E49-BC16-4FAE-91DC-48443C4F3AD8} /F:UpdateWORKGROUP\NANDA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {BCC0FB67-BAC5-48BE-B767-BD5603FB8627}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{BCC0FB67-BAC5-48BE-B767-BD5603FB8627} /F:UpdateWORKGROUP\NANDA$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1cfefa36565a778.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1cffee3ea3f4680.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d0429ffa6f1ee6.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d0970cc53bec97.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d0c33de9125f82.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d0e45a36592de1.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d0f4e4f37742ea.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d1315e4ae8a72c.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d162faac3be54c.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d1afd4d2402c11.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3677932209-539322989-99459680-1001Core1d1ebfd168342f6.job => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2015-06-25 01:53 - 2015-06-25 01:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2016-07-12 20:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-12 20:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-30 19:36 - 2016-05-30 19:36 - 00959168 _____ () C:\Users\Nanda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-07-12 20:25 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-10 02:55 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:27 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:25 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:25 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:25 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-08-02 19:19 - 2016-08-02 19:19 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-03 18:08 - 2016-08-03 18:08 - 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080301\algo.dll 2016-08-02 19:20 - 2016-08-02 19:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll 2014-06-25 14:47 - 2013-05-02 14:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-06-29 21:46 - 2016-06-29 21:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-25 14:23 - 2013-10-23 16:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3677932209-539322989-99459680-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nanda\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A736EAB4-3ED2-4F75-A78F-398ABCB5FE61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E5971F8F-BF2A-4045-B633-49FD1F60A846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4CC73777-B588-4254-9669-9D3ADB24424B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{9126A2CF-D961-40A2-A1FB-0A8FE8625C24}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [TCP Query User{78672B2E-86AA-46E0-8214-7EDFE3F6485E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DD438647-878E-4122-870B-1B101F7273BE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{050DA82B-42FB-4FD2-95A9-2C8E4DB474CF}C:\users\nanda\appdata\local\viber\viber.exe] => (Allow) C:\users\nanda\appdata\local\viber\viber.exe FirewallRules: [UDP Query User{D87CF6E9-DE11-4000-A080-A16C08B18F03}C:\users\nanda\appdata\local\viber\viber.exe] => (Allow) C:\users\nanda\appdata\local\viber\viber.exe FirewallRules: [{5EC61390-9426-4132-A0B3-5F2126F9C7B0}] => (Allow) C:\Users\Nanda\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4C40CA96-FF16-4BAB-A154-0173FD59B99D}] => (Allow) C:\Users\Nanda\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6AE1CC44-E14B-4DD8-8C39-C3369B4D5B24}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{3659990F-1597-46CD-82EF-A64A68199949}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [TCP Query User{B238DBB5-611C-449E-9DBE-B21B09361744}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{0CED91F1-919C-4C67-A68D-49BC1920F569}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{E2BE7503-2E3D-4386-B4C1-ABC4CE7E25CF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{7579ACE0-BBD7-46F2-A7CF-E43841BCBDA6}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{9F561200-DA93-4FAC-97FA-E16415320BE7}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{8C8C9EA5-5819-439F-9E12-7C7C355E3A01}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F9A3E7EF-CFFC-4EB7-BEC7-E755D828D719}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B8D03AC2-2660-4B9F-83CE-662F5F599944}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26CB59A4-7593-4AA1-A4C2-8FFF0EB96704}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2CD69206-C3FA-44FD-8ACE-5B38A3EDFEE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0535091F-60FB-4E23-A2BD-17A4CBF06A85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F81F4204-3455-4B28-B8A9-22A4A7066A63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F40812F9-F12F-46CE-998C-11FFA4B7994F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{329F6005-B555-45BB-97CB-EB75B80A4716}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{19414E21-78F1-4611-A90A-F67A53F991AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D4E7428E-762D-463A-96B6-9B366B4E6117}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C98BAEBC-D9A8-48C0-B313-27C32373F1EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{11576BCC-BF91-4F57-8C3E-2A0DFBFA48C2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{C4600BEE-FC7D-438A-BE61-FD27A159C20C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{F0B08DEF-569A-4550-9495-233DD724ED54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{871804BA-34BA-41C8-9D5A-5C51856DF2B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E4F912D9-D320-4590-BFD5-45AB4D60B5D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8D272FEE-6EAA-454E-94D2-D7DE346635EC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{66A64F3D-F4DA-4D24-82AC-8626BB48363A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CBB0A25C-5444-4CAF-8844-A1B63671A247}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{2A77394F-ABBC-40B1-97D9-5586C9BEF462}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{0F7AB7EE-49EF-4B81-AB81-20A725A9E0DF}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe FirewallRules: [{8270C15F-D162-43C6-A99A-E1C2EE34FB9F}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{7567AEE3-A858-47F4-965E-4F394E58DF1E}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [TCP Query User{6EF9551C-AB01-4407-83B4-610CBE0667A6}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [UDP Query User{BD991CEB-9A04-455E-A507-A3D465CB1505}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [TCP Query User{6FACEAE8-5719-400D-8CE5-B2286E074E98}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe FirewallRules: [UDP Query User{0396ABD2-E63E-4744-BFDF-36457D4F4F2A}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe ==================== Restore Points ========================= 12-07-2016 11:33:21 Scheduled Checkpoint 20-07-2016 23:13:53 Scheduled Checkpoint 30-07-2016 15:31:48 Scheduled Checkpoint 02-08-2016 20:47:21 Restore Operation 03-08-2016 20:39:37 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/03/2016 08:39:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/03/2016 08:20:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NANDA) Description: Package Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (08/03/2016 08:18:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NANDA) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/03/2016 08:18:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 16.526.11240.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 19fc Start Time: 01d1ede5b245c875 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: fc8ef8d3-59d8-11e6-8322-a0a8cd0d513c Faulting package full name: Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (08/03/2016 06:23:04 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (08/03/2016 06:23:03 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (08/03/2016 06:11:39 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418154 Error: (08/03/2016 06:09:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NANDA) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/03/2016 06:07:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NANDA) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/02/2016 10:25:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: STCServ.exe, version: 3.0.13.129, time stamp: 0x55070a14 Faulting module name: STCServ.exe, version: 3.0.13.129, time stamp: 0x55070a14 Exception code: 0x40000015 Fault offset: 0x00000000003cd48d Faulting process id: 0x4fc Faulting application start time: 0xSTCServ.exe0 Faulting application path: STCServ.exe1 Faulting module path: STCServ.exe2 Report Id: STCServ.exe3 Faulting package full name: STCServ.exe4 Faulting package-relative application ID: STCServ.exe5 System errors: ============= Error: (08/03/2016 07:43:26 PM) (Source: DCOM) (EventID: 10016) (User: NANDA) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NANDANandaS-1-5-21-3677932209-539322989-99459680-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (08/03/2016 06:31:25 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Miniport TAP-Win32 Adapter OAS #16, {073C7003-3BA8-4C98-B3F7-27F41E110F3D}, had event 76 Error: (08/03/2016 06:21:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UxTuneUp service failed to start due to the following error: %%1083 = The executable program that this service is configured to run in does not implement the service. Error: (08/03/2016 06:20:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_9cc0d service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/03/2016 06:20:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_9cc0d service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/03/2016 06:20:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_9cc0d service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/03/2016 06:20:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_9cc0d service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/03/2016 06:20:36 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_9cc0d service, but this action failed with the following error: %%1056 = An instance of the service is already running. Error: (08/03/2016 06:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_9cc0d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/03/2016 06:20:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_9cc0d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-07-20 19:13:35.914 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 20:55:19.218 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-12 22:55:03.173 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-19 07:15:37.594 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-18 12:48:46.131 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-15 20:10:29.004 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 10:46:46.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-13 17:22:50.151 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-14 22:16:31.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-13 08:54:48.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 46% Total physical RAM: 8075.16 MB Available physical RAM: 4347.14 MB Total Virtual: 9355.16 MB Available Virtual: 5886.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:607.69 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D) Partition: GPT. ==================== End of Addition.txt ============================