Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016 Ran by Chris (28-08-2016 19:38:07) Running from \\CHRIS-PC\Downloads Windows 10 Home Version 1511 (X64) (2015-12-19 23:47:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3686218881-3921037133-2243164661-500 - Administrator - Disabled) Chris (S-1-5-21-3686218881-3921037133-2243164661-1002 - Administrator - Enabled) => C:\Users\Chris DefaultAccount (S-1-5-21-3686218881-3921037133-2243164661-503 - Limited - Disabled) Guest (S-1-5-21-3686218881-3921037133-2243164661-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3686218881-3921037133-2243164661-1008 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.) AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) Any Video Converter 5.9.1 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation) ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.11 - ASUSTeK Computer Inc.) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.628 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.) Atheros Ethernet Utility (HKLM-x32\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.9 - Atheros Communications Inc.) Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 3.2.1.0 - Auslogics Labs Pty Ltd) AutoHotkey 1.1.09.04 (HKLM-x32\...\AutoHotkey) (Version: 1.1.09.04 - Lexikos) Best Buy pc app (Version: 3.2.2.0 - Best Buy) Hidden BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.) Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog) LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Music Manager (HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\MusicManager) (Version: - Google, Inc.) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden Papers, Please (HKLM\...\Steam App 239030) (Version: - 3909) Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios) RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.5 - AMD) RAIDXpert (x32 Version: 3.3.1540.5 - AMD) Hidden Raptr (HKLM-x32\...\Raptr) (Version: 5.2.0-r112326-release - Raptr, Inc) SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version: - ) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED) Unity Web Player (HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.) Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.44 - PHILIPS) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {080DC420-F353-4CAA-AE3C-42797B3B5A26} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {0E8DEBEB-8A94-49C7-B7DA-F562A520DC14} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated) Task: {11EEB2BA-A550-45BA-8BBD-996D6EEFF7B7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {134AA8EA-5AFB-432F-8F7F-39988B850E43} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {1E23A419-2C8E-44AD-B55A-8A20717E6033} - System32\Tasks\{4E87ED60-A602-4322-8FC7-8512071A0B7F} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/22230 Task: {1E3AAD06-551D-4FF6-A7F5-544BD3EA1900} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {1EB8CDEC-54A8-4FDD-9471-D5FBF8FE8F48} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {2117CF5B-BC0A-447C-81BE-B210180635D2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {2387C5A9-AD52-480E-BE03-B82714E8AEEE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {247255E0-5B89-47FA-B718-79A03A729768} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {2A95F156-A185-4EF7-97D2-259FD51C5E8D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {2AF3E2DB-03C0-46F6-8D91-66A405E02E41} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {302E9C3A-00B9-420B-B168-211E9E4012B0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {315F8FE3-5A1F-4C77-B549-FF63BB2621CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.) Task: {3C81AF2C-5016-4542-BDD5-63129225BA0F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {421A709B-4EEA-447A-BB7E-F29613F4F38B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {439D1AA6-0397-438F-A788-05282801BA6E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {44D894DA-F80F-4DD0-BD12-6DECF6D1E4AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {4E3DE050-0396-4DF9-AD90-6A1468B8CB38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.) Task: {5AAFEC9E-0DF5-40B7-A3D1-55A050C87814} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.) Task: {61F017FF-28EA-41E1-8FD1-1A21AC55D994} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.) Task: {6AA1F3AC-2389-4CF2-BA67-DAFC0A82C500} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {6C50031E-68CB-4933-863B-6BBD4470FD4C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {6CD88E86-3981-4F2A-BC5C-A0F4E462747F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {6D205B65-32E4-42F0-A969-89BAC25F4CFB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {709E5D95-AB71-4D36-ACFA-BE962770F430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {78C177A7-2B60-472F-AE2F-201B91153788} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {792851D4-08E6-4C2B-9D78-A3FEF3E57881} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {7EEDDB41-3EDB-4A30-B928-48942ECD94C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {8062EF7E-6004-4EF9-A270-E8DC7ED25202} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation) Task: {87ADE00A-5809-4BF1-BAFC-82EF6F12F709} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {8EDBA18E-2129-4FA6-973F-EBFAF40C6AF3} - System32\Tasks\{4578CE0A-A0E1-490B-8486-EB56CA15B7E9} => pcalua.exe -a "C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZ6SLELE\winsdk_web.exe" -d C:\Users\Chris\Desktop Task: {8FD7622F-C845-4BE6-AD74-A2A5E6949A20} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {9F13E436-5D19-4642-8EB2-8E1C4CCC4C96} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {A2D1E922-6F5D-4B10-A847-AAD71444838B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.) Task: {AC6EFDD2-1399-4133-8245-0686234271FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686218881-3921037133-2243164661-1002Core => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {AECE7103-747D-418B-A6F3-3DF591EC78E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {AFF2DB7A-840A-4F50-A763-DC2D3F70939A} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.) Task: {B48E9AE8-EE20-43B0-96DE-E7630055CD39} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {B4A10134-7A87-4D81-A33D-1A92567D3202} - System32\Tasks\ASUS\ASUS Dr.Net Execute => C:\Program Files (x86)\ASUS\AI Suite II\Dr.Net\AsDrNotify.exe [2012-07-06] (ASUSTeK Computer Inc.) Task: {B51A93F7-6F7A-4083-9622-41B65FC3AE70} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {B5713F46-1A3F-430C-9DAA-88E666187C8A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B5DDC32E-447E-4BEB-97C7-9A89139EE8D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {C5ABCD96-6775-4E19-A1E7-3CF2A6B1C96D} - System32\Tasks\4686 => Wscript.exe C:\Users\Chris\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {CBD65EC3-5FEF-405B-8042-85AA5C1374F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3686218881-3921037133-2243164661-1002UA => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {CE6E4FF4-6F3D-456C-9BF8-6640C87000A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {CE8A312F-D219-4C97-80C0-078696DCCBD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {D2A75EAA-0B54-4EF6-A62C-199102C8043D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {D3F2CC66-0C9A-4711-8E8F-0E0BE1A65B28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {D616BB0E-2DAA-4929-AE8F-37E768247BBF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {D866AD2A-9C6F-45CC-89FB-AC2877561C8B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EC80F414-F4A2-406E-A7B7-70704F211331} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {F4F954D7-9F69-4F4C-AC41-C8807FA3A7C5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {F57F6AE9-5350-4527-B9D1-B73D9363A812} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {FBF8FBFF-19F9-4590-A171-382432B18D05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686218881-3921037133-2243164661-1002Core.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3686218881-3921037133-2243164661-1002UA.job => C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-08-21 23:09 - 2015-08-21 23:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-04-01 20:13 - 2012-09-12 10:32 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe 2010-11-28 16:33 - 2010-11-28 16:33 - 00071560 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe 2016-07-12 16:48 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 16:48 - 2016-07-01 00:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-19 22:07 - 2015-12-19 22:07 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 16:50 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2010-11-28 16:34 - 2010-11-28 16:34 - 00128904 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe 2010-11-28 16:34 - 2010-11-28 16:34 - 00145288 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe 2015-08-21 23:09 - 2015-08-21 23:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2016-07-12 16:48 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 16:48 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 16:48 - 2016-06-30 23:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-07-12 16:48 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 16:48 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-08-16 06:51 - 2016-08-16 06:51 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-08-16 06:51 - 2016-08-16 06:51 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-03 13:48 - 2016-06-03 13:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-03-03 18:06 - 2016-03-03 18:07 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2013-04-01 20:13 - 2016-08-28 15:39 - 00022528 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll 2013-04-01 20:13 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll 2010-10-26 23:00 - 2010-10-26 23:00 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll 2016-08-28 15:42 - 2016-08-28 15:42 - 00098816 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32api.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00110080 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\pywintypes27.dll 2016-08-28 15:42 - 2016-08-28 15:42 - 00364544 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\pythoncom27.dll 2016-08-28 15:42 - 2016-08-28 15:42 - 00320512 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32com.shell.shell.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00776704 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_hashlib.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 01176576 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._core_.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00806400 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._gdi_.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00816128 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._windows_.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 01067008 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._controls_.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00733184 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._misc_.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00682496 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\pysqlite2._sqlite.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00088064 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_ctypes.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00119808 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32file.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00108544 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32security.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00007168 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\hashobjs_ext.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00017920 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\thumbnails_ext.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00088064 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\usb_ext.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00012800 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\common.time34.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00018432 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32event.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00167936 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32gui.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00046080 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_socket.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 01208320 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_ssl.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00128512 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_elementtree.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00127488 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\pyexpat.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00038912 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32inet.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00036864 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_psutil_windows.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00525208 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\windows._lib_cacheinvalidation.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00011264 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32crypt.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00077312 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._html2.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00027136 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_multiprocessing.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00020480 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\_yappi.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00035840 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32process.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00686080 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\unicodedata.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00078848 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._animate.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00123392 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\wx._wizard.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00024064 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32pipe.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00010240 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\select.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00025600 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32pdh.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00017408 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32profile.pyd 2016-08-28 15:42 - 2016-08-28 15:42 - 00022528 ____R () C:\Users\Chris\AppData\Local\Temp\_MEI68122\win32ts.pyd 2016-08-28 15:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-08-28 15:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-08-28 15:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-08-28 15:44 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2016-08-08 15:27 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 15:27 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:D48500F8 [96] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7914 more sites. IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\1-se.com -> 1-se.com There are 11452 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-08-28 17:11 - 00453382 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15556 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{4bb202d3-c034-4881-9df0-b6556122fba9}.JPG DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: AxAutoMntSrv => 2 MSCONFIG\Services: BITCOMET_HELPER_SERVICE => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BstHdAndroidSvc => 2 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: cfbackd => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LeapFrog Connect Device Service => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: PlaysService => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: VIAKaraokeService => 2 MSCONFIG\startupfolder: C:^Users^Chris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide MSCONFIG\startupreg: Monitor => "E:\LeapFrog Connect\Monitor.exe" MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: uTorrent => "C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Monitor" HKLM\...\StartupApproved\Run32: => "Raptr" HKLM\...\StartupApproved\Run32: => "PlaysTV" HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\StartupApproved\Run: => "9B76BD8E0E6C799CA95AC4260DAE52D2CD6E0D82._service_run" HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3686218881-3921037133-2243164661-1002\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{1653D50D-3ACD-4B36-8064-873C799715EE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{164F0072-402A-481B-B53A-502D46AE743F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{F83848E0-C0CE-4689-BB72-E85F9CE2C12A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{B64BE7AE-F838-4DC9-8DFE-05C5B371BB79}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{A93DDDDD-02D7-4C7C-8A4A-128C340FB2F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5D4B7F31-A0BB-47E9-B1C4-DED92BFC32F0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{9B3B453B-027F-433D-8BB6-1E4D6AF75DF5}E:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [TCP Query User{58E2A181-1487-48D7-814E-4DAC4D585E34}E:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamlibrary\steamapps\common\the witcher 2\bin\witcher2.exe FirewallRules: [{29D3EF7A-A348-4E50-8101-8D11D4FD744D}] => (Allow) E:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [{F758C913-3491-45F5-8479-190142EDF02F}] => (Allow) E:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe FirewallRules: [{5BE09615-960F-4C26-963C-60A9C016C78A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{08D5BC70-0434-4685-8598-A5FEA50C7B70}] => (Allow) LPort=2869 FirewallRules: [{8DE5337F-E484-4ADA-A1EE-A7C221F29905}] => (Allow) LPort=1900 FirewallRules: [{F7B1109D-3343-469C-A197-E6CAB9103951}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{480BF723-82A4-4BC3-8510-CA1CB3084418}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{1535FC40-CE42-4FD0-9FC5-259D0F6D492F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{74B0A630-D093-4EBB-BAEE-B9D5595818FA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe FirewallRules: [{95C0C726-B00A-47A8-B396-30B01499D307}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{343AE485-8C80-40FF-B472-F60557F6DCCA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{B6107221-E0C3-40BF-BD8C-E8322DBDFF2B}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{F0985FB1-9EA1-41F1-9CAC-5D6D84D90DCD}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe FirewallRules: [{D61B4CFD-588B-496B-AB01-6FA341DC654D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E200489A-E682-4AA8-BE94-171607387CC2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{93B2F121-2C31-4F73-AA41-CE6804CA4D9C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{4C0230BA-E8C8-4D74-A87F-A0305AFD67D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{D304382C-8E5D-4957-85F4-B7B17CDB9404}] => (Allow) E:\LeapFrog Connect\LeapfrogConnect.exe FirewallRules: [{3070EA7E-D694-44F9-8EAE-46A40515CD54}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{876B133A-2350-4F5E-A10C-10B1E96EBADA}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [TCP Query User{88E14F45-B489-4125-A552-6BD1584D29A4}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe FirewallRules: [UDP Query User{43F1DBA7-7C21-4BFA-89A5-8E0A230197D4}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe FirewallRules: [{6E2BBC6F-1DBF-45F8-86EE-C1D12F9EA0C3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{306E338E-08BB-4709-8A6E-DC416713FF7A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{A63B0C2B-A7AF-475C-83BC-8712867553FC}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe FirewallRules: [UDP Query User{3D7FA50B-F859-48B4-A480-539D4A8F0FFF}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe FirewallRules: [{4B9B07CE-F183-4DE1-ADA4-3C1DD52B0623}] => (Allow) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe FirewallRules: [{F7430C64-3F5D-4C6D-86B4-67058A7B1CE9}] => (Allow) C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe FirewallRules: [TCP Query User{383EE939-2923-4718-BB4A-9360FE1A63AE}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe] => (Allow) C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe FirewallRules: [UDP Query User{DFD74896-A259-4751-83E9-5D143BF40389}C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe] => (Allow) C:\program files (x86)\philips\wi-fi mediaconnect\wi-fi mediaconnect.exe FirewallRules: [{96B8C018-3F59-4FF6-AE48-377D36064AB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9D5E7334-39A5-47A3-80F9-B543C84B2337}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7C835320-6D62-46B7-BFF7-6DD64C8967BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe FirewallRules: [{4046A5EA-9FB6-41E6-8955-B0DCDA6B4B55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal\hl2.exe FirewallRules: [{A2C4B220-E96A-4E94-8309-32975A273134}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{C9C82619-164A-40C8-9E8D-A90BB6241126}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe FirewallRules: [{FD70ECA0-7299-4D6C-89AD-64038BAA87D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{B10DC882-7943-4397-BC2A-F4CD9D3EAFC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{93567A17-FC59-40E0-8E83-35BF57340B6F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3A246AB8-94D8-4F17-82CB-68A83478A2F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{602F35AB-878A-4E8F-9DEA-2573ECC41246}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BE927EDF-54CA-4F5C-95C8-84B0B0B7472A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{50779646-216B-463E-8DA0-DE70CF896D22}] => (Allow) E:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe FirewallRules: [{5BDCE770-3A2D-4DD7-98A8-B8117D4064FD}] => (Allow) E:\SteamLibrary\steamapps\common\Portal Stories Mel\portal2.exe FirewallRules: [{191A3E4C-8CF7-4035-BB4F-7BC614019869}] => (Allow) E:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe FirewallRules: [{31061392-0794-4626-91F3-251AAD406794}] => (Allow) E:\SteamLibrary\steamapps\common\PapersPlease\PapersPlease.exe FirewallRules: [{5ACBE690-822D-4DDD-A61E-36A6C51169BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{6AFC294B-3667-4973-8028-49F1B8EBEFDE}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [TCP Query User{17FEF40E-FEE8-4CD1-9FFC-21EBC48E64C9}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{0B724CCE-46A0-4B2C-BBCF-69522453FC08}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe FirewallRules: [{121D863C-8C79-4EC9-9995-9877BD33437A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{AC489375-C53E-4505-86A2-F30C7613A697}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{72236000-C180-488A-963A-BC7B54F96D0B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{F6D81F1E-D2CA-44D0-A5F1-976797BF96C5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{8400873E-A718-4659-9027-6A7D80D6DC0D}] => (Allow) C:\Program Files\iTunes.exe FirewallRules: [{86BC4244-FFFE-4DF2-8367-5E95C8F09216}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{6E3ABE5B-A89C-4DC9-A754-F8F2FD502B50}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{23235E62-000E-4BED-B096-295F734C5D05}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 11-08-2016 04:27:14 Windows Update 15-08-2016 02:43:52 Windows Update 18-08-2016 03:49:41 Windows Update 21-08-2016 12:20:26 Windows Update 27-08-2016 09:26:04 Windows Update 27-08-2016 20:54:59 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2016 06:53:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SDLogReport.exe version 2.5.42.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1158 Start Time: 01d2017ee3efa79b Termination Time: 4 Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe Report Id: 27aa561e-6d72-11e6-9bf9-5404a6b854a0 Faulting package full name: Faulting package-relative application ID: Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Windows\System32\sdnclean64.exe".Error in manifest or policy file "C:\Windows\System32\sdnclean64.exe" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\Tools.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTasks.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWinLogon.dll" on line 2. The manifest file root element must be assembly. Error: (08/28/2016 03:48:07 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll".Error in manifest or policy file "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScanLibrary.dll" on line 2. The manifest file root element must be assembly. System errors: ============= Error: (08/28/2016 03:52:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Hewlett-Packard - Imaging - Null Print - HP Deskjet 3510 series. Error: (08/28/2016 03:44:04 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. Error: (08/28/2016 03:39:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (08/28/2016 03:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. Error: (08/28/2016 03:39:30 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (08/28/2016 03:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_3c333 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 03:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_3c333 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 03:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_3c333 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 03:38:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_3c333 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 03:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-08-28 18:56:05.457 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 18:56:05.435 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 18:56:04.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 18:56:04.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 18:56:04.816 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 16:33:35.194 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 16:01:43.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 16:01:43.487 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 16:01:43.458 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-08-28 15:52:11.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 48% Total physical RAM: 7657.32 MB Available physical RAM: 3954.09 MB Total Virtual: 8169.32 MB Available Virtual: 4275.87 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:185.86 GB) (Free:71.15 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (New Volume) (Fixed) (Total:465.76 GB) (Free:328.32 GB) NTFS Drive e: (Chris' Media) (Fixed) (Total:265.27 GB) (Free:127.22 GB) NTFS Drive g: (PENDRIVE) (Removable) (Total:7.44 GB) (Free:2.37 GB) FAT32 Drive h: (Elements) (Fixed) (Total:465.76 GB) (Free:414.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 83893381) Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B) Partition 2: (Active) - (Size=185.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=265.3 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DDE10CC3) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0002B98C) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================