Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016 Ran by Nanda (2016-08-04 00:35:44) Running from C:\Users\Nanda\Desktop Windows 10 Home Version 1511 (X64) (2016-01-10 00:34:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3677932209-539322989-99459680-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3677932209-539322989-99459680-503 - Limited - Disabled) Guest (S-1-5-21-3677932209-539322989-99459680-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3677932209-539322989-99459680-1005 - Limited - Enabled) Nanda (S-1-5-21-3677932209-539322989-99459680-1001 - Administrator - Enabled) => C:\Users\Nanda ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ask Toolbar for Epson (HKLM-x32\...\{45504E56-3634-006A-76A7-A758B70C1801}) (Version: 12.24.1.363 - APN, LLC) <==== ATTENTION ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS) ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.) Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.) Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.) Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.) ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) Evernote v. 6.1.2 (HKLM-x32\...\{A46ABD1E-2837-11E6-9E7C-005056951CAD}) (Version: 6.1.2.2292 - Evernote Corp.) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation) Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation) iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Kodi (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Kodi) (Version: - XBMC-Foundation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.0.6051 - Mozilla) NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1218 - SUPERAntiSpyware.com) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.353 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden TVMC (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\TVMC) (Version: - TVADDONS.ag) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115261) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8E86AF8-E495-4DC1-A058-7E69AA96AA8A}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Viber (HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS) Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Nanda\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nanda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3677932209-539322989-99459680-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nanda\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {09B2E85A-7AE1-46DE-8747-2A0009014546} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe Task: {17F4188F-14FF-4D41-ABCC-5429CD6B81AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {1AC96864-4269-42C5-9668-7A8ECBD8D8A8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-02] (AVAST Software) Task: {1BB486B8-0F15-418E-BD05-ED7557F684D7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22] (Oracle Corporation) Task: {1BD69F8E-F9EE-414B-BB03-BB778315A80A} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-02-24] () Task: {1D08CE55-90A5-4BD1-82CE-20759F80069F} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {1EE46006-8BE0-4520-9A7C-8E62A0EBE941} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {1F78BF76-0372-4A48-BB41-2BFA550033A0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {2330FDA0-1FD4-4B69-A648-AB2247908161} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {23A66DD7-D22E-4F62-90E7-B40B9C460035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {3B74EC11-0B3B-452F-A566-99A6669E2B8F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor) Task: {3C6FE5F4-F423-4B51-B53D-49166A448BF3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {4B048D5F-B0BD-4C5E-A87A-6475D223B565} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {5F0013D4-3A31-4401-96CA-49536B56A94D} - System32\Tasks\EPSON XP-310 Series Update {9C111E49-BC16-4FAE-91DC-48443C4F3AD8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {639111D2-1678-4239-AEDE-E505A59205EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {6A01E12E-3618-4A1F-B54F-8DBA91C004BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {775C8566-3D3B-43AA-A805-51FD1C82A66D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {903F0935-190F-4A91-B133-5AF2628BF41D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {98A31A44-CBFC-4901-A0E6-503E57A0BD75} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor) Task: {9B8080FF-0F4A-4D7C-A640-173B027C3AC9} - System32\Tasks\Google Updater and Installer => C:\Users\Nanda\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {A6E2AB69-E881-42B2-89A9-0C8944A10C76} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.) Task: {A79A7AA7-EF4D-4B56-AB51-2A1751A1B61E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-12] (Microsoft Corporation) Task: {AA7B9EB2-3EE7-4600-82F9-0555C4372F67} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {AE8B45EA-C7F8-4A37-A7A8-0F9DB166693B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {B43E7F54-2649-4A8B-994B-09D64B5BC764} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation) Task: {CEED260E-8683-44CD-8CC9-C505DBB94A73} - System32\Tasks\EPSON XP-310 Series Invitation {9C111E49-BC16-4FAE-91DC-48443C4F3AD8} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {D81AA708-C0C5-4154-896F-48D06870042C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {DE1FF61B-CD02-4FCC-B04E-9FEB8A0CFB5B} - System32\Tasks\EPSON XP-310 Series Update {BCC0FB67-BAC5-48BE-B767-BD5603FB8627} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) Task: {E93EB73F-7BE6-4F9E-91BB-3F5A1EC102F8} - System32\Tasks\SafeZone scheduled Autoupdate 1452401253 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software) Task: {EA80E63A-0FB7-4D05-807E-DA4FD05A82D1} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {ED283E14-25C6-4FB5-8F1E-7E28989C4C44} - System32\Tasks\EPSON XP-310 Series Invitation {BCC0FB67-BAC5-48BE-B767-BD5603FB8627} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2015-12-13] (SEIKO EPSON CORPORATION) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-02-24 03:41 - 2016-02-24 03:41 - 03727360 _____ () C:\WINDOWS\AutoKMS\AutoKMS.exe 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2015-06-25 01:53 - 2015-06-25 01:53 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-04-15 20:36 - 2014-04-15 20:36 - 00016384 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe 2016-07-12 20:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 20:25 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 20:25 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 20:27 - 2016-07-01 00:47 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-07-12 20:27 - 2016-07-01 00:44 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-12 20:25 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-30 19:36 - 2016-05-30 19:36 - 00959168 _____ () C:\Users\Nanda\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-01-10 02:55 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 20:27 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 20:25 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 20:25 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-21 20:10 - 2016-07-21 20:10 - 02520576 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll 2016-07-21 20:10 - 2016-07-21 20:10 - 00134656 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll 2016-04-30 17:57 - 2016-04-30 19:55 - 00051200 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2016-08-02 19:19 - 2016-08-02 19:19 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-03 18:08 - 2016-08-03 18:08 - 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080301\algo.dll 2016-08-02 19:20 - 2016-08-02 19:20 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll 2014-06-25 14:47 - 2013-05-02 14:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll 2014-06-25 14:47 - 2013-05-02 14:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll 2014-04-15 20:36 - 2014-04-15 20:36 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 22:00 - 2016-04-18 22:01 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-04-02 17:46 - 2014-04-02 17:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 17:46 - 2014-04-02 17:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 17:46 - 2014-04-02 17:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 17:46 - 2014-04-02 17:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2016-06-29 21:46 - 2016-06-29 21:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-08-04 00:31 - 2016-08-04 00:31 - 00098816 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32api.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00110080 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\pywintypes27.dll 2016-08-04 00:31 - 2016-08-04 00:31 - 00364544 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\pythoncom27.dll 2016-08-04 00:31 - 2016-08-04 00:31 - 00320512 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32com.shell.shell.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00776704 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_hashlib.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 01176576 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._core_.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00806400 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._gdi_.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00816128 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._windows_.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 01067008 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._controls_.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00733184 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._misc_.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00682496 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\pysqlite2._sqlite.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00088064 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_ctypes.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00119808 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32file.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00108544 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32security.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00007168 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\hashobjs_ext.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00017920 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\thumbnails_ext.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00088064 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\usb_ext.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00012288 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\common.time34.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00018432 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32event.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00167936 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32gui.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00046080 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_socket.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 01208320 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_ssl.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00128512 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_elementtree.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00127488 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\pyexpat.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00038912 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32inet.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00036864 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_psutil_windows.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00525208 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\windows._lib_cacheinvalidation.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00011264 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32crypt.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00077312 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._html2.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00027136 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_multiprocessing.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00020480 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\_yappi.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00035840 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32process.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00686080 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\unicodedata.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00078848 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._animate.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00123392 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\wx._wizard.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00024064 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32pipe.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00010240 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\select.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00025600 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32pdh.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00017408 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32profile.pyd 2016-08-04 00:31 - 2016-08-04 00:31 - 00022528 ____R () C:\Users\Nanda\AppData\Local\Temp\_MEI65362\win32ts.pyd 2014-06-25 14:23 - 2013-10-23 16:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3677932209-539322989-99459680-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nanda\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" HKU\S-1-5-21-3677932209-539322989-99459680-1001\...\StartupApproved\Run: => "SUPERAntiSpyware" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A736EAB4-3ED2-4F75-A78F-398ABCB5FE61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E5971F8F-BF2A-4045-B633-49FD1F60A846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4CC73777-B588-4254-9669-9D3ADB24424B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{9126A2CF-D961-40A2-A1FB-0A8FE8625C24}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [TCP Query User{78672B2E-86AA-46E0-8214-7EDFE3F6485E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DD438647-878E-4122-870B-1B101F7273BE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{050DA82B-42FB-4FD2-95A9-2C8E4DB474CF}C:\users\nanda\appdata\local\viber\viber.exe] => (Allow) C:\users\nanda\appdata\local\viber\viber.exe FirewallRules: [UDP Query User{D87CF6E9-DE11-4000-A080-A16C08B18F03}C:\users\nanda\appdata\local\viber\viber.exe] => (Allow) C:\users\nanda\appdata\local\viber\viber.exe FirewallRules: [{5EC61390-9426-4132-A0B3-5F2126F9C7B0}] => (Allow) C:\Users\Nanda\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4C40CA96-FF16-4BAB-A154-0173FD59B99D}] => (Allow) C:\Users\Nanda\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6AE1CC44-E14B-4DD8-8C39-C3369B4D5B24}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{3659990F-1597-46CD-82EF-A64A68199949}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [TCP Query User{B238DBB5-611C-449E-9DBE-B21B09361744}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [UDP Query User{0CED91F1-919C-4C67-A68D-49BC1920F569}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{E2BE7503-2E3D-4386-B4C1-ABC4CE7E25CF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{7579ACE0-BBD7-46F2-A7CF-E43841BCBDA6}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{9F561200-DA93-4FAC-97FA-E16415320BE7}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{8C8C9EA5-5819-439F-9E12-7C7C355E3A01}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F9A3E7EF-CFFC-4EB7-BEC7-E755D828D719}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B8D03AC2-2660-4B9F-83CE-662F5F599944}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{26CB59A4-7593-4AA1-A4C2-8FFF0EB96704}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2CD69206-C3FA-44FD-8ACE-5B38A3EDFEE0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0535091F-60FB-4E23-A2BD-17A4CBF06A85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F81F4204-3455-4B28-B8A9-22A4A7066A63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F40812F9-F12F-46CE-998C-11FFA4B7994F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{329F6005-B555-45BB-97CB-EB75B80A4716}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{19414E21-78F1-4611-A90A-F67A53F991AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D4E7428E-762D-463A-96B6-9B366B4E6117}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C98BAEBC-D9A8-48C0-B313-27C32373F1EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{11576BCC-BF91-4F57-8C3E-2A0DFBFA48C2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{C4600BEE-FC7D-438A-BE61-FD27A159C20C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{F0B08DEF-569A-4550-9495-233DD724ED54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{871804BA-34BA-41C8-9D5A-5C51856DF2B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E4F912D9-D320-4590-BFD5-45AB4D60B5D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8D272FEE-6EAA-454E-94D2-D7DE346635EC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{66A64F3D-F4DA-4D24-82AC-8626BB48363A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CBB0A25C-5444-4CAF-8844-A1B63671A247}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{2A77394F-ABBC-40B1-97D9-5586C9BEF462}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{0F7AB7EE-49EF-4B81-AB81-20A725A9E0DF}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe FirewallRules: [{8270C15F-D162-43C6-A99A-E1C2EE34FB9F}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [{7567AEE3-A858-47F4-965E-4F394E58DF1E}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe FirewallRules: [TCP Query User{6EF9551C-AB01-4407-83B4-610CBE0667A6}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [UDP Query User{BD991CEB-9A04-455E-A507-A3D465CB1505}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe FirewallRules: [TCP Query User{6FACEAE8-5719-400D-8CE5-B2286E074E98}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe FirewallRules: [UDP Query User{0396ABD2-E63E-4744-BFDF-36457D4F4F2A}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe FirewallRules: [{5180900D-B55F-48CB-BA00-0FF18B489A9B}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe FirewallRules: [{B5646DDA-15F5-4DA0-920B-E19D8D199157}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe ==================== Restore Points ========================= 12-07-2016 11:33:21 Scheduled Checkpoint 20-07-2016 23:13:53 Scheduled Checkpoint 30-07-2016 15:31:48 Scheduled Checkpoint 02-08-2016 20:47:21 Restore Operation 03-08-2016 20:39:37 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/04/2016 12:08:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RegisterProc64.exe, version: 1.0.31.0, time stamp: 0x55780d59 Faulting module name: RegisterProc64.exe, version: 1.0.31.0, time stamp: 0x55780d59 Exception code: 0xc0000005 Fault offset: 0x0000000000002a53 Faulting process id: 0x1ca8 Faulting application start time: 0xRegisterProc64.exe0 Faulting application path: RegisterProc64.exe1 Faulting module path: RegisterProc64.exe2 Report Id: RegisterProc64.exe3 Faulting package full name: RegisterProc64.exe4 Faulting package-relative application ID: RegisterProc64.exe5 System errors: ============= Error: (08/04/2016 12:29:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UxTuneUp service failed to start due to the following error: %%1083 = The executable program that this service is configured to run in does not implement the service. Error: (08/04/2016 12:28:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_11f32c service to connect. Error: (08/04/2016 12:28:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_11f32c service to connect. Error: (08/04/2016 12:28:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_11f32c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/04/2016 12:28:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_11f32c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/04/2016 12:28:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_11f32c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/04/2016 12:28:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_11f32c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/04/2016 12:28:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (08/04/2016 12:02:23 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Miniport TAP-Win32 Adapter OAS #16, {2E9DA0B6-A15C-4284-97DB-95809C12CEE3}, had event 76 Error: (08/03/2016 11:58:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The UxTuneUp service failed to start due to the following error: %%1083 = The executable program that this service is configured to run in does not implement the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 23% Total physical RAM: 8075.16 MB Available physical RAM: 6203.44 MB Total Virtual: 9355.16 MB Available Virtual: 7479.04 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:608.71 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D) Partition: GPT. ==================== End of Addition.txt ============================