Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016 Ran by deco (23-09-2016 22:15:47) Running from C:\Users\deco\Downloads Windows 10 Home Version 1511 (X64) (2015-12-12 05:00:45) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3406242734-3781281278-1370421689-500 - Administrator - Disabled) deco (S-1-5-21-3406242734-3781281278-1370421689-1000 - Administrator - Enabled) => C:\Users\deco DefaultAccount (S-1-5-21-3406242734-3781281278-1370421689-503 - Limited - Disabled) Guest (S-1-5-21-3406242734-3781281278-1370421689-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-3406242734-3781281278-1370421689-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) AudioBox version 1.3 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.3 - PreSonus) Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.5 - Avid Technology, Inc.) Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.5 - Avid Technology, Inc.) BIAS FX Plugins Pack (64bit) (HKLM\...\{77558DEB-4B65-4921-8855-D8593EF5BCDD}) (Version: 1.1.0.745 - PositiveGrid) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform) Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project) CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\CopyTrans Suite) (Version: 4.013 - WindSolutions) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Excel Image Assistant (HKLM-x32\...\Excel Image Assistant) (Version: - ) Free Sound Recorder v10.7.1 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2015 FreeSoundRecorder Technologies, Inc.) Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated) iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{317059CB-7642-4F2E-89C0-62E69D4074B7}) (Version: 15.0.148 - Intel Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{2DD3C090-2986-4970-B3CB-87BB4C8AC4A5}) (Version: 15.0.148 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iSkysoft TunesOver ( Version 3.9.6 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 3.9.6 - iSkysoft) iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) License Support (HKLM-x32\...\InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) License Support (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MKV Player 2.1 (HKLM-x32\...\MKV Player_is1) (Version: - ) Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments) Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments) Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments) Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time) <==== ATTENTION PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.2.3.38191 - PreSonus Audio Electronics) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden ReWire (HKLM\...\{4481A621-E317-411C-8926-864AACDF509B}) (Version: 1.00.0000 - Waves) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) SoulSeek 157 NS 13c (HKLM-x32\...\Soulseek2) (Version: - ) Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium) TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) TurboTax Business 2014 (HKLM-x32\...\TurboTax Business 2014) (Version: 2014.0 - Intuit, Inc) Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden Visual C++ 64-bit Redistributables (HKLM-x32\...\InstallShield_{FB03650C-B373-4B20-ACA5-B7BA1A8EEE33}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) Visual C++ Redistributables (HKLM-x32\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.2.0.5555 - PACE Anti-Piracy, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Waves Central 1.1.0.22 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}_is1) (Version: 1.1.0 - Waves, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3406242734-3781281278-1370421689-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\deco\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {073DB72E-520B-476A-83CD-8D0EFBCCD693} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {0990C8D9-EE91-48A8-A7EA-BC16B9F5E633} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {0AAA4631-90BD-4059-9953-D7789AD22A9F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] () Task: {0B882D45-82EB-4285-8153-8FEE43C7811E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {1731CFA9-44C9-4895-8951-191264F40C88} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.) Task: {1E2C773E-1E8F-4220-B806-3AE93DAFBECF} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {1E90BD4A-9FD0-493C-9566-3AF6C05E52D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {1EFE906B-4FE7-4140-A3B5-F86B6F64ADFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {23B0C235-4701-4C8F-9601-0251DA8AD908} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {298C1599-D9DB-4C4A-BA02-088F48977A54} - System32\Tasks\WpsNotifyTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: {2ACA76F7-0D5F-4C79-9BDE-4350D390B30D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {2ADA7A2F-622C-4AFB-B1D9-B999209051D6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {365D86BC-5134-47B1-BB11-740B2110BFAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {37A5DD81-DA52-4D1C-91E5-5040D016AFD5} - System32\Tasks\{BA70839E-3DF2-4CE1-88F6-355ABC9E2756} => pcalua.exe -a C:\Users\deco\Downloads\OJJ3600_Basic_8.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {3AF2CE55-D5C8-4103-ABE3-CA221248000C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {3E323ED9-C944-476D-9C9F-11B8A91C5C04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {3F3BD157-DFAC-461B-91A5-817D0B419232} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {400BAD29-BE43-48EB-BB65-38B21C018A7D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4717237E-E6F3-41FB-96DD-AD0656BF1538} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {4DC3C2C2-54DB-499D-A7E8-52D3D75F0DE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {566F65A2-1225-4932-9D23-7B8A8D203CFA} - System32\Tasks\WpsUpdateTask_sales in bloom => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe Task: {5AD32A4A-8487-4178-A0FF-3EC87AAE9786} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {675B0837-4E35-4CD2-AEC9-B86D968B94DC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {6B941C49-48AD-4D32-8C29-A0767F055E6F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {73182E03-A74F-4C86-B1BF-470D2ABE4D2D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe [2016-09-15] (Microsoft Corporation) Task: {761701FD-5E87-4702-B784-68EB5DE3511B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {76B35647-2001-4BFF-A915-7AB628E63652} - System32\Tasks\{94406A97-1D05-4EDC-9023-3A95ADF895DD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {819D4373-D2B8-48BA-ACA0-230CFB0116F5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {8AB962DC-3BAB-410D-8136-A43F66D75638} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {8D181F06-1B71-487F-B064-8F759498D053} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {960C5D1A-E9A3-418B-A83E-6066467903A1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {9ED3F406-964D-4D6D-A9E2-408371E347D0} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.) Task: {A499A215-0EAB-4331-837B-56F6FDE3518D} - System32\Tasks\{F04144C3-83B0-4F3B-93EA-02F7C7EA719A} => pcalua.exe -a "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)\Adobe Photoshop CS3 BR + plugins.exe" -d "C:\Users\deco\Documents\Adobe Photoshop CS3 BR(com plugins)" Task: {A9FEC67A-CF3A-486D-AAF0-C74F405BA1F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-15] (Microsoft Corporation) Task: {AD8635C9-BDDD-46EF-8707-68EB52587AFE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {B1C22FF1-FA09-4B2C-BBE9-157DBF93F18B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B4874A9D-B4A4-42F6-A34C-CA78981C4576} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {B552622A-A873-472B-9675-34F57C9197D8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.) Task: {BF81E49F-1AC9-41F2-A733-AD1B97FF5CD3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {C2449A8A-385F-431A-AAA9-A12ADC7A50B3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {CE60488E-EFBF-4DB9-95E0-21B8F09855D5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {D8FC8D76-9CE2-4035-BE20-68A7814DD301} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {DCA58A7C-F574-4CF9-85CE-F164468A48EA} - System32\Tasks\{8780E631-761F-43D1-B7EE-72AD457648EC} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner" Task: {E278F4FE-3B4B-4B1B-BFF2-3666BAE67D3A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E2C81D1E-43D3-4176-A7A0-8A98ECDE546A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1006 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-26] (RealNetworks, Inc.) Task: {E944B168-1C2B-4D5F-9BA1-5CE3EC0E0035} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) Task: {ED3A0CC4-FE63-4963-8D54-DD3B77D6B196} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-24] () Task: {ED4943D8-8203-4EBB-85AA-8187CEE1988A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {F361E2B5-1C1C-44ED-AD56-6171645895E8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {F8A9EA0E-7700-4C36-AEE7-F6464B3BC7DA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.) Task: {FA46A383-0D24-4D24-A320-DB99E0A6F007} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {FE6C2BCF-F8B2-4494-AA07-8E0BD0C53ADA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3406242734-3781281278-1370421689-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job => C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_sales in bloom.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-06-01 15:49 - 2013-06-17 12:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll 2014-10-26 18:59 - 2014-10-26 18:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-10-30 01:41 - 2014-10-30 01:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-15 13:48 - 2016-09-07 02:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-15 13:48 - 2016-09-07 02:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-09-15 11:26 - 2016-09-15 11:26 - 01864384 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-18 09:09 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 15:01 - 2016-07-01 00:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-09-15 13:44 - 2016-09-07 01:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-15 13:44 - 2016-09-07 01:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-15 13:44 - 2016-09-07 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-15 13:44 - 2016-09-07 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-09-24 15:09 - 2014-09-24 15:09 - 03727360 _____ () C:\Windows\AutoKMS\AutoKMS.exe 2010-08-04 09:40 - 2010-08-04 09:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe 2016-04-19 18:59 - 2016-04-19 18:59 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2014-10-29 15:06 - 2014-10-29 15:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe 2014-10-30 01:41 - 2014-10-30 01:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2014-10-30 01:41 - 2014-10-30 01:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2014-10-30 01:41 - 2014-10-30 01:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll 2016-09-15 11:26 - 2016-09-15 11:26 - 01383616 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-09-15 11:26 - 2016-09-15 11:26 - 00118976 _____ () C:\Users\deco\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll 2010-08-04 06:47 - 2010-08-04 06:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll 2016-05-07 02:12 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll 2016-05-07 02:12 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll 2014-10-29 15:07 - 2014-10-29 15:07 - 00065600 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll 2016-09-16 21:54 - 2016-09-13 21:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll 2016-09-16 21:54 - 2016-09-13 21:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll 2016-04-19 18:59 - 2016-04-19 18:59 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 18:59 - 2016-04-19 18:59 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-10-29 15:01 - 2014-10-29 15:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll 2016-09-17 00:01 - 2016-09-12 17:48 - 17754304 _____ () C:\Users\deco\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\ProgramData\Microsoft:INL1pHYdTghSiscdUO [2220] AlternateDataStreams: C:\ProgramData\Microsoft:JC00IUg3n1Mx2poMMk [2198] AlternateDataStreams: C:\ProgramData\Microsoft:Ys9gXmQ3SrbipY4xA65epdF [2474] AlternateDataStreams: C:\ProgramData\Microsoft:YSZUZXKIzleugtKMK [2260] AlternateDataStreams: C:\Users\deco\Local Settings:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\Local Settings:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\AppData\Local:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:2qTWSJ0QW6qXwQQW47MlLy [2424] AlternateDataStreams: C:\Users\deco\AppData\Local\Application Data:5VfbgSCAXOk224D9qaxLT [2312] AlternateDataStreams: C:\Users\deco\AppData\Local\fxTJ3wOFPpr5:hmVaetgd9kzvQ7J84ObD [2278] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 201.17.1.157 - 201.17.1.152 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "IAAnotif" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "GoforFilesInstaller Starter" HKLM\...\StartupApproved\Run32: => "RealDownloader" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudDrive" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudPhotos" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "iCloudServices" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [TCP Query User{6524771A-8D5D-4DFE-8890-89E80B697B07}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [UDP Query User{333035C3-47AC-468E-9B34-F3F93279131F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{24F34BBE-B9E6-4AA0-ABB5-83218659640F}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [UDP Query User{FFD32ED0-94F9-4FE2-AFC6-D074C390837B}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [TCP Query User{8B882952-1FE3-4A5A-ADA2-7F113818DFFD}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{36F6E301-0EB6-47CF-8B45-D14D3925316B}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{8CB0BA09-1E6C-4387-BE61-DE8B895C3F8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{FDE3F47F-12A1-40C2-9DDE-CA111EAD6226}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{83EC21CA-57BD-464F-B7F3-F704FF0C9684}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6D26D805-A69E-4F5C-9A79-1ED48DD3E7AF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{7F37147D-813A-42BF-B9F9-9A5FF56AFC33}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{C176598F-A553-43F2-AFE3-8C9DA3C7B830}C:\users\deco\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{62AB4B90-7C98-4A77-998D-6B9EB22BD795}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{72CB84AB-6594-43CF-B1D9-2433089BC041}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D4B0B46E-D0B2-41F3-A2B5-791D02146DD4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{47B6A7A5-778C-4A80-A9CF-E78A0C662FCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{6FA2DB3B-7623-4D05-84AD-19A61ABBBA3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{4E42EE5D-9017-4445-BD46-9BF3B2B36C65}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D3DB5C8A-6530-47FA-99C4-25E31D2AAA0A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{C65F13CF-EFFA-4E9E-B2FB-7D802931DB3C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{6828F2C7-3DE4-4BC6-B55D-EC6018BB6298}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{0A6D3005-62E5-46B6-BF48-92A713D3F00B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{5DD4D070-9151-4532-8A21-A5AD168D5D66}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [UDP Query User{E4CAA90C-042A-434F-85F7-0D4B247647F3}C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\deco\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [TCP Query User{8E1D36BE-6BFC-4DE6-8B25-53D688BD904D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [UDP Query User{E958F3CC-3AA0-4700-B7A6-4F7B91DF6C31}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe FirewallRules: [TCP Query User{A202D653-AF53-40DC-B91B-46D03F38F385}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [UDP Query User{36D3D8DC-6BC3-46BF-A5A4-99A5E29A1B2A}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe FirewallRules: [{8548DBCE-BD77-4E8D-954E-E6CD87277880}] => (Allow) C:\Program Files (x86)\Waves\MultiRack\MultiRack SoundGrid.exe FirewallRules: [TCP Query User{30BA92D4-8F4F-4419-AB0C-1B768727551C}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe FirewallRules: [UDP Query User{DB372440-C8A3-43C8-B7CB-9180C01DCFF3}C:\program files (x86)\avid\pro tools\protools.exe] => (Allow) C:\program files (x86)\avid\pro tools\protools.exe FirewallRules: [{4BEABF15-92B7-4961-92C5-535DA2607B28}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{F9680DF7-0F2D-496D-87AB-8694A7CF9C15}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [UDP Query User{43F9E2C6-8E7E-4F43-A884-A425A240BCF9}C:\program files (x86)\soulseekns\slsk.exe] => (Allow) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [TCP Query User{178071C1-DD63-4038-A0FE-1323ADDF3B64}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe FirewallRules: [UDP Query User{79DBF874-63B0-413B-A4D3-1BA7CF6DE3D1}C:\program files\presonus\studio one 3\studio one.exe] => (Allow) C:\program files\presonus\studio one 3\studio one.exe FirewallRules: [TCP Query User{DB5774A8-49CC-42EC-9DF4-A8A1551E96F0}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [UDP Query User{9E5057F2-C8A5-4AD1-B609-CDCAAB72A593}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{EBE45948-4B4D-4EFF-8BDF-C40E37C0F0E3}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [{D66485A1-2362-4EF4-8B74-B46525D294EA}] => (Block) C:\program files\presonus\audiobox\audiobox.exe FirewallRules: [TCP Query User{AB2A302D-A9AA-496A-A2C7-0B09180209E4}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [UDP Query User{26650793-9047-4E24-BD81-4F06D0418770}C:\program files (x86)\soulseekns\slsk.exe] => (Block) C:\program files (x86)\soulseekns\slsk.exe FirewallRules: [{2336C8F3-6F2A-4BF5-AE3B-BC2B0CFB53FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1C833CC9-3100-4779-95B1-49DB38EEFE3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{93D05D8D-29CC-4D61-BB46-5F99CEED4FA7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{A3F65491-54B3-46FF-B0D3-804D425A6016}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{A19FBE56-51EE-4973-95B9-E24B2966599C}C:\program files (x86)\waves\multirack\multirack.exe] => (Allow) C:\program files (x86)\waves\multirack\multirack.exe FirewallRules: [UDP Query User{96610EE2-F932-4949-BE6E-179D894442B7}C:\program files (x86)\waves\multirack\multirack.exe] => (Allow) C:\program files (x86)\waves\multirack\multirack.exe FirewallRules: [{8F916887-D714-4425-8842-EDA57CA634A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{2C8AE143-769E-4722-990D-676726ABD6C4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{207121DB-BDB5-40A6-84D2-F3A7C89E4ED0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CFE11B90-D2A2-4F63-A357-31D14C83A194}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{64D3A148-7134-4D82-A11B-5464CA0DBADB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DC3828A1-0B47-4A2A-B325-4D3F71135E15}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{3941BD7C-CB8D-494E-8FC3-9726CBDD4D42}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe FirewallRules: [{D5732DFF-DF53-468E-9BA1-D39432112E77}] => (Allow) C:\Windows\AutoKMS\AutoKMS.exe ==================== Restore Points ========================= 15-09-2016 09:38:05 Restore Operation ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/23/2016 08:54:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: deco-PC) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 1.0.0.127.in-addr.arpa. PTR deco-PC-2.local. Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 15 1.0.0.127.in-addr.arpa. PTR deco-PC.local. Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 D.4.A.E.E.D.7.8.B.6.2.E.4.B.D.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR deco-PC-2.local. Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:1DB4:E26B:87DE:EA4D:5353 15 D.4.A.E.E.D.7.8.B.6.2.E.4.B.D.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR deco-PC.local. Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname deco-PC.local already in use; will try deco-PC-2.local instead Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 16 deco-PC.local. AAAA FE80:0000:0000:0000:1DB4:E26B:87DE:EA4D Error: (09/23/2016 08:15:41 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:1DB4:E26B:87DE:EA4D:5353 4 deco-PC.local. Addr 192.168.0.21 Error: (09/23/2016 04:34:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15625 Error: (09/23/2016 04:34:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15625 System errors: ============= Error: (09/23/2016 09:27:01 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF5D462865" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:45 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF3ACFC409" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:40 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FFCF01BFE6" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:37 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF6BBBFED5" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:34 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF3909BF00" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:24 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF379787F7" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:20 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FFB92AF1C8" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:18 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF40B2AD95" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:14 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FF729E7290" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (09/23/2016 09:26:07 PM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "00FFAF3163F4" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. CodeIntegrity: =================================== Date: 2016-09-22 13:22:18.240 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-22 13:22:17.374 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-22 13:22:16.244 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-22 13:22:15.591 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-20 22:22:09.366 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-09-20 17:54:27.432 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-20 17:43:47.328 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-20 17:43:47.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-20 17:43:47.093 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-20 17:43:46.978 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz Percentage of memory in use: 61% Total physical RAM: 4061.17 MB Available physical RAM: 1581.43 MB Total Virtual: 8157.17 MB Available Virtual: 5496.13 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:911.88 GB) (Free:622 GB) NTFS Drive d: (Elements) (Fixed) (Total:465.73 GB) (Free:273.28 GB) NTFS Drive e: (Madalyns) (Fixed) (Total:465.76 GB) (Free:398.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FBC288CC) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: 32C867F9) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: FFEDE111) Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================