Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2016 Ran by Zoe (21-09-2016 11:38:46) Running from C:\Users\Zoe\Downloads Windows 10 Home Version 1511 (X64) (2016-07-14 14:09:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2616824965-1911769703-2517132435-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2616824965-1911769703-2517132435-503 - Limited - Disabled) Guest (S-1-5-21-2616824965-1911769703-2517132435-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2616824965-1911769703-2517132435-1005 - Limited - Enabled) Zoe (S-1-5-21-2616824965-1911769703-2517132435-1001 - Administrator - Enabled) => C:\Users\Zoe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS) Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.) Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden Bandizip (HKLM\...\Bandizip) (Version: 5.12 - Bandisoft.com) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.28.1503 - Bitdefender) Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.28.1478 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION Driver Restore (HKLM\...\Driver Restore) (Version: 2.5.6.0 - 383 Media, Inc.) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1 - SEIKO EPSON CORPORATION) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) FEH CD-ROM 2.0 (HKLM-x32\...\FEH CD-ROM 2.0) (Version: 2.0 - CEH Wallingford) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) Panda Antivirus Pro 2014 (x32 Version: 13.01.01 - Panda Security) Hidden Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) The Desktop Weather 2.0.1.11332 (HKLM\...\WeatherTool) (Version: 2.0.1.11332 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) Windows Driver Package - ASUS (ATP) Mouse (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WPS Office (10.1.0.5507) (HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\Kingsoft Office) (Version: 10.1.0.5507 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2616824965-1911769703-2517132435-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {019635A3-170E-413F-A7D1-325922EE3244} - \{F388D17B-B090-41F1-8FB2-D66CDA7EE461} -> No File <==== ATTENTION Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {118DF773-69A7-4D91-A076-1CF178E27BDD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.) Task: {15D0D1C7-C97F-441A-9365-3D9B8F1D6FE8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {1D94F137-08E9-4354-A156-2A466ACE7F09} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {1F2DA5BC-CDF5-417E-B290-150185CD79FE} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2016-03-17] () <==== ATTENTION Task: {2A8C1F7B-B8B6-41F8-823D-550CB57E3AD8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation) Task: {2DA0B3CA-6FF6-4C8B-8736-B8B8FEFD6B94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {2EDB54D5-FE03-41CA-B903-3F7E43A92754} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {35DC5F9F-0EB9-414A-A99C-FF696315B25D} - \DNSWALTERS -> No File <==== ATTENTION Task: {36476FE7-D85C-46A1-B5B8-03D8DE26409C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek) Task: {46737119-53BC-4F02-B384-5DE011878D6F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {4C91F6B2-CCEB-423B-880A-0D96D54FA2D9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS) Task: {4D58CDE3-FC2D-4C0C-B214-94AC92AF6065} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {5DD160DB-AC9C-4FC8-98E2-C2489F023E9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation) Task: {6EF065F9-56CD-458E-9294-6BA3FE9F223E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] () Task: {7321FAEA-A0F3-412A-9D1C-D287028DF434} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-21] (Microsoft Corporation) Task: {7545715E-2179-4194-A3B4-C12094C21F31} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {7B108146-5310-4CB4-9F51-4631C9A15244} - \CreateChoiceProcessTask -> No File <==== ATTENTION Task: {7FF82AA1-13CB-463A-BE30-43F936DF03AA} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender) Task: {80BB42F1-68B6-4322-869D-2804EE848126} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8960CB18-6C66-495E-B56C-7F66541DF7DD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {8AF63597-C334-40A2-9602-8B2A40894D4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8EAD12AF-C8BB-4E50-B178-F5972D9D4391} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9B053D66-4D29-4C6C-887D-3FE4CD0A6689} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A9677DD3-9E55-4EF1-9149-3F254F1E9C28} - \User_Feed_Synchronization-{35E0D781-98D1-40BD-8C47-6F8C67A32793} -> No File <==== ATTENTION Task: {B015C76F-188A-41B9-939D-FD8C01A5F7FA} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-25] (Microsoft Corporation) Task: {B24EDF03-52EF-4652-8225-D5A77198618A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-20] (Google Inc.) Task: {B2DC1BD7-019A-4EB3-8D7E-93ABC21DF2C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {B875D3B9-F780-4EB8-B330-1B018FE2B2EC} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.) Task: {C81A0AEA-5BEB-484F-AE04-A3CEB1D53871} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2016-03-17] () <==== ATTENTION Task: {C917ADA6-6995-450D-AE66-5E27A7CF06DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated) Task: {CAC4BCC3-51FF-4B21-95BB-9307F719E9B9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {CED82C4A-A89F-4C61-A268-B7F3FB561477} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {D169EA8F-AD9A-42C1-B0DC-DD01FFD0C1CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation) Task: {D5090F70-F97C-44D8-93C8-1E41DA1D4786} - \WPD\SqmUpload_S-1-5-21-2616824965-1911769703-2517132435-1001 -> No File <==== ATTENTION Task: {DDF31CD4-E278-4051-B39B-391BB1DD28D0} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.) Task: {E5371633-14EF-4445-9E60-12FAA6CCC4D7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {E65370DA-E012-48A6-B6BB-EFF7EC248C40} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {ECF8D250-408D-4B31-B5C1-3176FC350A05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {F86A547D-F71A-4DDD-BC11-9150285ACD35} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {FA209086-B653-4ADC-B292-3EDC3DBA52CD} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\WpsNotifyTask_Zoe.job => C:\Users\Zoe\AppData\Local\kingsoft\WPS Office\10.1.0.5507\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Zoe.job => C:\Users\Zoe\AppData\Local\kingsoft\WPS Office\10.1.0.5507\wtoolex\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Zoe\AppData\Local\Microsoft\Windows\RoamingTiles\16272922270.lnk -> hxxp://www.ebay.co.uk/ ShortcutWithArgument: C:\Users\Zoe\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\16272922270.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0x5e21b6ba -pinnedTimeHigh 0x01cee455 -securityFlags 0x00000000 -url 0x00000016 hxxp://www.ebay.co.uk/ ShortcutWithArgument: C:\Users\Zoe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\55abbe2b5e9227c7\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-08-01 10:29 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll 2016-08-01 10:30 - 2016-05-09 11:29 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl 2016-08-01 10:30 - 2016-05-09 11:29 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl 2014-04-03 17:41 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe 2016-04-26 11:47 - 2016-04-26 11:47 - 00155784 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe 2016-09-20 15:50 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-20 15:49 - 2016-09-07 05:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-15 22:56 - 2016-07-16 22:41 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2016-09-20 15:50 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-26 11:47 - 2016-04-26 11:47 - 01049736 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherEntryDll.dll 2016-08-25 20:47 - 2016-08-25 20:47 - 01864384 _____ () C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-07-24 19:26 - 2016-05-24 17:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-07-14 15:01 - 2016-07-14 15:01 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-14 15:01 - 2016-07-14 15:01 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-09-20 15:49 - 2016-09-07 05:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-20 15:49 - 2016-09-07 05:11 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-20 15:49 - 2016-09-07 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-20 15:49 - 2016-09-07 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 00543368 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPTask.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 00406664 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPNet.dll 2016-04-26 11:46 - 2016-04-26 11:46 - 00428680 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPDR.dll 2013-09-30 04:32 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-07-15 22:56 - 2016-07-16 22:41 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-07-15 22:56 - 2016-07-16 22:42 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2016-08-25 20:47 - 2016-08-25 20:47 - 01383616 _____ () C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-25 20:47 - 2016-08-25 20:47 - 00118976 _____ () C:\Users\Zoe\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-09-19 20:58 - 2016-09-19 20:58 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2016-09-19 21:03 - 2016-09-19 21:03 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2016-09-19 20:58 - 2016-09-19 20:58 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Zoe\Downloads\ChromeSetup (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\ChromeSetup (2).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\DriverRestore.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\epson379220eu.EXE:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\FRST64.exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUK (1).exe:BDU [0] AlternateDataStreams: C:\Users\Zoe\Downloads\setupUK.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2016-09-21 11:23 - 00000863 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zoe\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_7574.jpg DNS Servers: 82.163.143.171 - 82.163.142.173 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader" HKLM\...\StartupApproved\Run32: => "APVXDWIN" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "Nike+ Connect" HKU\S-1-5-21-2616824965-1911769703-2517132435-1001\...\StartupApproved\Run: => "ApplePhotoStreams" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F17DB62A-96F4-44DF-9F76-45EBC3651139}] => (Allow) C:\Users\Zoe\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{4BAB0FC4-D16C-4C4A-90E2-88342F2E1DEC}] => (Allow) C:\Users\Zoe\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869 FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900 FirewallRules: [{99AB5382-1059-45AC-AAEB-E32736E99DF9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{A844D439-F068-4934-85E0-507B7BD352DF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{AE5FA5B3-1F45-467A-ACAE-A4A94DAC269E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{04566AC8-7662-44D7-B813-A41F290C2DBF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{3CCAECA0-768F-4F5A-9ECC-4E8D1FF15A97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{EA93FD9A-1808-492B-A44A-F04C69E6F567}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A4ED8DC5-BE64-416C-A856-E63C06D1A7C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{52CB1B91-AFF0-47BC-ADF9-40403AF4E256}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FE1B2B1D-1C52-4D36-8937-A152AAA7D59E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{3B7BD42E-E1B5-48EA-99DE-779BCBC3649F}C:\users\zoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zoe\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{359DB67B-76D7-4337-9B0A-F44DE5F3309E}C:\users\zoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zoe\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{C017C10E-2B11-47DB-8A14-3816EA909867}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe FirewallRules: [UDP Query User{A64692A3-B4B5-40DA-99D7-4330077217AA}C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda antivirus pro 2014\apvxdwin.exe FirewallRules: [{D0FEDCAA-157A-412A-BFB8-295E684B77DB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{54656FB2-5F11-4825-894D-6E345B6BDD8A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C1592DD4-6908-4BE5-87AC-A29D6F474DD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-08-2016 21:30:46 Windows Update 02-09-2016 10:14:03 Windows Update 20-09-2016 13:01:57 Removed Turbo Lister 2. 20-09-2016 13:02:46 Removed Turbo Lister 2. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/21/2016 11:28:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0 Faulting module name: twinapi.appcore.dll, version: 10.0.10586.589, time stamp: 0x57cf9512 Exception code: 0xc000027b Fault offset: 0x000000000004b1c9 Faulting process ID: 0x1e24 Faulting application start time: 0x01d213f27ea96dfc Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report ID: 2de68cb9-7c84-4867-8b24-05f3bdf756b4 Faulting package full name: Microsoft.XboxOneSmartGlass_2.2.1510.30008_x64__8wekyb3d8bbwe Faulting package-relative application ID: Microsoft.XboxOneSmartGlass Error: (09/21/2016 11:12:51 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Explorer.EXE Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 00007FFB36686E29 Error: (09/21/2016 10:19:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7359 Error: (09/21/2016 10:19:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7359 Error: (09/21/2016 10:19:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/20/2016 05:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15375 Error: (09/20/2016 05:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15375 Error: (09/20/2016 05:11:19 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/20/2016 02:13:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5203 Error: (09/20/2016 02:13:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5203 System errors: ============= Error: (09/21/2016 11:27:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/21/2016 11:21:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Asus WebStorage Windows Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/21/2016 11:21:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Asus WebStorage Windows Service service to connect. Error: (09/21/2016 11:12:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_1a060ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/21/2016 11:12:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_1a060ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/21/2016 11:12:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_1a060ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/21/2016 11:12:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_1a060ac service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/21/2016 11:12:49 AM) (Source: DCOM) (EventID: 10010) (User: ZOE) Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (09/21/2016 10:55:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/21/2016 09:26:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Feature update to Windows 10, version 1607. CodeIntegrity: =================================== Date: 2016-09-21 11:22:20.973 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-21 09:25:05.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-02 10:17:35.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:38:44.705 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-24 19:21:09.582 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-15 22:44:41.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 14:46:18.087 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 14:42:29.724 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-14 14:18:14.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz Percentage of memory in use: 47% Total physical RAM: 3981.74 MB Available physical RAM: 2080.85 MB Total Virtual: 4685.74 MB Available Virtual: 2637.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:185.2 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DATA) (Fixed) (Total:398.07 GB) (Free:394.37 GB) NTFS Drive e: (FEHCDROM2) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 568814A2) Partition: GPT. ==================== End of Addition.txt ============================