Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016 Ran by Axlykajill04 (16-10-2016 11:46:45) Running from C:\Users\Axlykajill04\Desktop\FRST Windows 8.1 Single Language (Update) (X64) (2015-06-17 13:29:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1995861311-3636309898-3167673773-500 - Administrator - Disabled) Axlykajill04 (S-1-5-21-1995861311-3636309898-3167673773-1001 - Administrator - Enabled) => C:\Users\Axlykajill04 Guest (S-1-5-21-1995861311-3636309898-3167673773-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{931B988B-0973-0DF5-C3B7-572935D34DCD}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.2.0 - AppEx Networks) Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek) Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.8 - Qualcomm Atheros) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.4.122 - AVG Technologies) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Bigasoft Total Video Converter 4.3.8.5381 (HKLM-x32\...\{A72CE741-1F32-4D79-BFFB-A714375C678D}_is1) (Version: - Bigasoft Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.51.51 - Conexant) DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - ) Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation) Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.73.119 - DVDVideoSoft Ltd.) Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.6.328 - DVDVideoSoft Ltd.) Free YouTube Uploader (HKLM-x32\...\Free YouTube Uploader_is1) (Version: 4.0.37.1224 - DVDVideoSoft Ltd.) Genesys Logic USB2.0 Card Reader (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic) Git version 2.6.3 (HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Git_is1) (Version: 2.6.3 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.59 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.) Google Earth (HKLM-x32\...\{2C44ABB9-8621-4EF5-AF34-0886DCDA7C21}) (Version: 7.1.7.2600 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden iExplorer 3.8.8.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41504) (Version: 3.8.0.41504.23 - Intel) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Jobber Computer Plus v3.4 version 3.4.0.0 (HKLM-x32\...\{79541A5E-BFDD-4A44-B41E-A6DFD631A287}_is1) (Version: 3.4.0.0 - Jobber Instruments) LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics) LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Manager (x32 Version: 4.1.4.27792 - 2015 pdfforge GmbH. All rights reserved) Hidden MediaHuman Audio Converter version 1.9.5.2 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.5.2 - MediaHuman) Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft 1.8.0 - FML + OF + SP 1.00 (HKLM-x32\...\Minecraft 1.8.0 - FML + OF + SP 1.00) (Version: - ) Minecraft 1.8.5 1.00 (HKLM-x32\...\Minecraft 1.8.5 1.00) (Version: - ) Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla) Mp42Mkvac3 v1.6 (HKLM-x32\...\Mp42Mkvac3_is1) (Version: 1.6 - TK FREEWARE) Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team) OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.1.4.27684 - pdfforge GmbH) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.1 - pdfforge GmbH) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo) ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Player for Axlykajill04 (HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.2.2.0 - Lenovo Group Limited) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) Tekla Structures 17.0 Common Env (Required) (HKLM-x32\...\{972ECF76-B4B7-474F-A93A-64BA0CD1A097}) (Version: 17.0.0.12 - Tekla Corporation) Tekla Structures 17.0 Software (HKLM-x32\...\{3ABA49B3-7BC9-4722-9F72-F7E95A586C88}) (Version: 17.0.0.12 - Tekla Corporation) Tekla Structures 17.0 US imperial Env (HKLM-x32\...\{9EC2C546-C604-424C-86F7-60A03976175B}) (Version: 17.0.0.12 - Tekla Corporation) Tekla Structures 17.0 US metric Env (HKLM-x32\...\{8616A81A-1D90-4125-8B38-E181967B1452}) (Version: 17.0.0.12 - Tekla Corporation) Tekla Structures 19.0 Default Env (HKLM-x32\...\{3C186B69-5E22-4836-8A24-80E623EF82A2}) (Version: 190.0.50.0 - Tekla Corporation) Tekla Structures 19.0 US imperial Env (HKLM-x32\...\{FDD23A7D-BD5E-4AB2-A74C-E6261ACB915F}) (Version: 190.0.50.0 - Tekla Corporation) Tekla Structures 19.0 US metric Env (HKLM-x32\...\{334FC5A2-F606-45F4-A176-E58CBAA6B373}) (Version: 190.0.50.0 - Tekla Corporation) Tekla Structures 19.0 x64 Software (HKLM\...\{8CDB2D79-6062-441D-A130-971C6EF8110C}) (Version: 190.0.50.0 - Tekla Corporation) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.3 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.4.6405 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6407 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 4.0.5.0 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.03.6400 - Toshiba Corporation) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) Unity Web Player (HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Axlykajill04\AppData\Local\Roblox\Versions\version-14d50132362e4612\RobloxProxy64.dll (ROBLOX Corporation) CustomCLSID: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06CE33EF-0625-4565-99C9-E8FBF9183CB1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-28] (Symantec Corporation) Task: {09FA97D3-3FEC-40EF-932F-71BFB10AB9BF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-11] (Adobe Systems Incorporated) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0FF1A8CA-9629-4108-9590-956284921C6B} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo) Task: {1FC11654-50C2-4699-85B7-6F24E7102BE3} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {2343BD5D-1D38-4421-A57D-FE4E7E544137} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation) Task: {27EF1EF1-45BE-4D52-8D85-591B562BE94D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-25] (Microsoft Corporation) Task: {2CC94B0D-D525-4D81-85C7-56CEF3C8E790} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation) Task: {2EB12E27-BA95-4F83-9D49-F64D73906062} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe Task: {4460FE62-DE84-49CE-8918-4A62ED86228D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks [Argument = /run /TN "\Microsoft\Windows\Setup\gwx\refreshgwxconfig"] Task: {4E74A2B0-5800-43F4-84D4-A35553705DBE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated) Task: {53E06A08-1E2F-4846-A037-486904A30032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-10] (Google Inc.) Task: {636B0BDA-86A7-4B7A-8437-9348E8E91BC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-10] (Google Inc.) Task: {68ED7144-0BB2-434D-99FA-4E035D317591} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo) Task: {6F802C5D-121F-4516-94A2-100A73EEA886} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-20] (TOSHIBA Corporation) Task: {874F4C1A-9859-4D4A-BDED-C0711CEF848C} - System32\Tasks\AdobeAAMUpdater-1.0-axlykajill-Axlykajill04 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {D2080D08-BB05-47FB-8A35-9B441D9C0606} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-25] (Microsoft Corporation) Task: {FE843B8C-08C8-43D7-8BCF-BAB1400BDF4F} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Axlykajill04\AppData\Local\a621d\27522.lnk -> C:\Users\Axlykajill04\AppData\Local\a621d\0be2e.bat (No File) Shortcut: C:\Users\Axlykajill04\AppData\Local\9029ed6\becec0b.lnk -> C:\Users\Axlykajill04\AppData\Local\9029ed6\86ab618.bat (No File) Shortcut: C:\Users\Axlykajill04\AppData\Local\9029ed\becec0.lnk -> C:\Users\Axlykajill04\AppData\Local\9029ed\86ab61.bat (No File) ==================== Loaded Modules (Whitelisted) ============== 2013-03-13 15:25 - 2013-03-13 15:25 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-02-24 19:49 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-07-27 10:14 - 2016-05-25 00:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-07-19 09:38 - 2012-07-19 09:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll 2016-01-09 18:28 - 2016-03-29 00:06 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll 2013-05-14 23:33 - 2013-05-14 23:33 - 00002560 _____ () C:\Program Files (x86)\DAEMON Tools Pro Advanced\MSIMG32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 [462] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 21:25 - 2016-10-15 10:34 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img3.jpg DNS Servers: 114.108.193.201 - 114.108.195.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "RazerCortex" HKLM\...\StartupApproved\Run32: => "PSUAMain" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\StartupFolder: => "MegaDownloader.lnk" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\StartupFolder: => "µTorrent.lnk" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "Remote Mouse" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C07A2EB5F17AA461CF2645D87326A8E6" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-1995861311-3636309898-3167673773-1001\...\StartupApproved\Run: => "Spotify" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{650C877B-7619-4784-AF26-C774AB1F69DA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{43D9081C-B0B6-4F84-B8A5-E8BA3A4AD46F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe FirewallRules: [{A6106962-B804-4A34-8A29-999ADC03744D}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{4B226472-5999-4EC7-B7E8-08273B1F7255}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [TCP Query User{AB016130-B82B-4CF5-9B12-E5E36AADC0F2}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{FD9076C0-D19A-4CCE-800C-D724C1DF6366}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{4608D777-9153-4AB8-9018-92D414AD946E}C:\users\axlykajill04\desktop\axl\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe] => (Allow) C:\users\axlykajill04\desktop\axl\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe FirewallRules: [UDP Query User{5EF84EF9-BA83-491D-9C2D-12E31AC5C6C6}C:\users\axlykajill04\desktop\axl\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe] => (Allow) C:\users\axlykajill04\desktop\axl\1.2.4.1 server setup software (multiplayer)\terrariaserver.exe FirewallRules: [TCP Query User{12905406-162D-4660-8B6D-8B8A34B5758E}C:\program files\terraria\terraria.exe] => (Allow) C:\program files\terraria\terraria.exe FirewallRules: [UDP Query User{38A4EDE5-E9FF-4D2D-9BCC-FAC40C3BBB52}C:\program files\terraria\terraria.exe] => (Allow) C:\program files\terraria\terraria.exe FirewallRules: [{983585F8-61FE-4686-950F-79A33B3043F6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{363B4414-B046-4F33-94AD-C593FCF7124C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F46BF7A9-F57E-4DE1-B2F1-DF2C7B5C8FA2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C28F3EFB-0DA6-44F2-87D8-947D6433C564}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{33CFC156-85D2-439D-A592-3E3CDAB539AF}C:\program files\igg-terraria.v1.3.0.8\terrariaserver.exe] => (Block) C:\program files\igg-terraria.v1.3.0.8\terrariaserver.exe FirewallRules: [UDP Query User{5E75386B-4EE0-42C7-A033-40F1431B1B32}C:\program files\igg-terraria.v1.3.0.8\terrariaserver.exe] => (Block) C:\program files\igg-terraria.v1.3.0.8\terrariaserver.exe FirewallRules: [{066ECD03-E6E4-4142-A89A-E6518D2FC00C}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{D76FC12E-F43C-4F4B-A019-7F7F0E511428}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{245A4830-CCF4-426A-8FF8-8AC1665694D7}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{F479ED49-3FA7-434B-9123-9C1D32A303A0}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{2C446817-AD60-4780-A2DE-BC6862A2136C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{060CDE1B-1143-48BE-B669-BFAEE625D5C4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{105F68F7-3DC3-416D-95F7-B54D2778131A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [{E2403193-EE1B-4EFF-86F3-6E839EC57052}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe FirewallRules: [TCP Query User{24DB4FDF-0A46-408D-860E-246EA1887F5F}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [UDP Query User{3BA3BCCA-D4B3-4FE0-A183-4C15BFFE38CB}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [TCP Query User{29A6CA77-DC68-4C2E-A601-17410E0B69EF}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{16BCF98C-823B-423B-8135-68BE3E5D2C97}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [TCP Query User{2C2356AD-1052-43C7-842E-3AB89621ED1A}C:\users\axlykajill04\desktop\usurf\u1504.exe] => (Allow) C:\users\axlykajill04\desktop\usurf\u1504.exe FirewallRules: [UDP Query User{B157206B-E498-40CF-BEDD-D9A8018B67D0}C:\users\axlykajill04\desktop\usurf\u1504.exe] => (Allow) C:\users\axlykajill04\desktop\usurf\u1504.exe FirewallRules: [{EBBFBC42-A0D6-4CF7-AE53-FA9F3CA82307}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A9F63629-DA6D-4A1B-88BF-122FA2705FA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{81BDC31E-891C-449B-B746-B98BE745E1E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C2DCBDAA-7F60-4A85-B796-A1B2B5996591}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1AEFDC7D-C09F-425C-A27F-B106620761CF}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{69F3EF6D-93E8-4580-834C-0C962FD87F02}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [UDP Query User{28E334A4-0AB1-4F47-8837-F396AC667048}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Block) C:\program files\java\jre1.8.0_66\bin\java.exe FirewallRules: [{C8CC9390-5948-4168-AD18-2CC194FF64A0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{8EB60499-9038-4100-9700-3244B09EA4EA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{BB85BDD7-9826-492C-A9F0-3EF223EFDE25}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{30F38828-88EE-4251-B250-1CC63BBBB174}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{EED4C22E-7D23-4EF2-AF1A-FDF7B3DE0039}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{70C8298E-1521-43D1-BEA7-0C743B0949AC}] => (Allow) C:\Users\Axlykajill04\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{97898728-0C2B-4FBC-87A7-1D56D32B9A2F}] => (Allow) C:\Users\Axlykajill04\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{E1262EB8-4B0C-4583-889D-8C7157F7CA4E}C:\program files (x86)\igg-universesandbox2v18.2c\universe sandbox.exe] => (Allow) C:\program files (x86)\igg-universesandbox2v18.2c\universe sandbox.exe FirewallRules: [UDP Query User{1A25F640-2E54-48AD-B66D-06F4012E96DD}C:\program files (x86)\igg-universesandbox2v18.2c\universe sandbox.exe] => (Allow) C:\program files (x86)\igg-universesandbox2v18.2c\universe sandbox.exe FirewallRules: [TCP Query User{8301716D-92D2-454B-BCB4-A15350CE2C19}C:\program files\city car driving\bin\win32\starter.exe] => (Allow) C:\program files\city car driving\bin\win32\starter.exe FirewallRules: [UDP Query User{B7912814-2F9A-4374-A11C-E604A05C40AB}C:\program files\city car driving\bin\win32\starter.exe] => (Allow) C:\program files\city car driving\bin\win32\starter.exe FirewallRules: [{8194C179-9657-4CB5-B7D2-E3F3D330A5F2}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [{263292EE-ED59-48EB-A8CE-639B3090F107}] => (Allow) C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe FirewallRules: [TCP Query User{1E908A88-391F-4851-A3F3-F9067662772D}C:\program files (x86)\igg-universe.sandbox.alpha.18.2\universe sandbox.exe] => (Allow) C:\program files (x86)\igg-universe.sandbox.alpha.18.2\universe sandbox.exe FirewallRules: [UDP Query User{3FD2AB71-F9B2-4C52-B22C-91BAC14568D1}C:\program files (x86)\igg-universe.sandbox.alpha.18.2\universe sandbox.exe] => (Allow) C:\program files (x86)\igg-universe.sandbox.alpha.18.2\universe sandbox.exe FirewallRules: [TCP Query User{31E485D9-55A6-4554-A311-926623CDAFEC}C:\program files (x86)\r.g. mechanics\the stanley parable\stanley.exe] => (Allow) C:\program files (x86)\r.g. mechanics\the stanley parable\stanley.exe FirewallRules: [UDP Query User{F5E1AB74-3706-45E4-B2F1-7B56CD3F6F6A}C:\program files (x86)\r.g. mechanics\the stanley parable\stanley.exe] => (Allow) C:\program files (x86)\r.g. mechanics\the stanley parable\stanley.exe FirewallRules: [TCP Query User{B9521E12-D6F1-4D67-8D34-517290F1A278}C:\users\axlykajill04\documents\megasync downloads\igg-hf\igg-hf\half life\hl.exe] => (Allow) C:\users\axlykajill04\documents\megasync downloads\igg-hf\igg-hf\half life\hl.exe FirewallRules: [UDP Query User{F4A24BAC-1DA5-4E5E-BE00-00C7D21B1D5D}C:\users\axlykajill04\documents\megasync downloads\igg-hf\igg-hf\half life\hl.exe] => (Allow) C:\users\axlykajill04\documents\megasync downloads\igg-hf\igg-hf\half life\hl.exe FirewallRules: [TCP Query User{6097158C-E683-42CD-8997-373B6B9D5802}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [UDP Query User{FC7FBB31-164F-4924-9AB4-B30CFCFE5F7C}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{BF8B64C5-18A4-471A-909C-ECA0D1069D63}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{E983B4EA-71D8-4559-A1B3-697ABBE8D896}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [TCP Query User{1EE3E0EB-018A-4585-AE46-8BB36248B9AF}C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{9A1ACB7F-28D7-41BF-BB6B-69AB46020C98}C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{6444ADB6-7AA4-465D-A370-E09C9494DB84}C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{DF7D55AB-5B2A-4F3D-B97B-F3A74755FEB5}C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\axlykajill04\appdata\roaming\spotify\spotify.exe FirewallRules: [{90CC00DB-9C9E-4941-AFAA-6B3AC98905EC}] => (Allow) C:\WINDOWS\explorer.exe FirewallRules: [{824DECA4-8F36-45BA-9F9B-F2A332ED8205}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [TCP Query User{58F0B5B8-A415-4A65-B08E-7D3650205C1C}C:\program files\universe sandbox 2\igg-universe.sandbox.2.alpha.19\universe sandbox x64.exe] => (Allow) C:\program files\universe sandbox 2\igg-universe.sandbox.2.alpha.19\universe sandbox x64.exe FirewallRules: [UDP Query User{7B6F3955-BEAD-424A-9AC6-54AB39707088}C:\program files\universe sandbox 2\igg-universe.sandbox.2.alpha.19\universe sandbox x64.exe] => (Allow) C:\program files\universe sandbox 2\igg-universe.sandbox.2.alpha.19\universe sandbox x64.exe FirewallRules: [{130BF696-C0AF-40C7-836F-8196C1EF97AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{94FF7887-86BE-46E4-9676-F53156C7F30D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4B984545-BA09-4DF1-9BF3-7562BB653D92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 04-10-2016 15:03:30 Scheduled Checkpoint 12-10-2016 09:07:25 Scheduled Checkpoint 15-10-2016 10:33:02 Restore Point Created by FRST 15-10-2016 17:45:07 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/15/2016 11:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14906 Error: (10/15/2016 11:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 14906 Error: (10/15/2016 11:34:50 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/15/2016 07:46:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (10/15/2016 07:46:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (10/15/2016 07:42:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1548625 Error: (10/15/2016 07:42:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1548625 Error: (10/15/2016 07:42:02 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/15/2016 06:41:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: axlykajill) Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/15/2016 06:14:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsMpEng.exe, version: 4.7.205.0, time stamp: 0x54cb5aeb Faulting module name: mpengine.dll, version: 1.1.9700.0, time stamp: 0x51d28fcb Exception code: 0xc0000005 Fault offset: 0x00000000005615b7 Faulting process id: 0x29c Faulting application start time: 0x01d226cb7383a45c Faulting application path: C:\Program Files\Windows Defender\MsMpEng.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\mpengine.dll Report Id: 1b91c989-92c0-11e6-831f-48d224607bd8 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (10/15/2016 08:29:33 PM) (Source: DCOM) (EventID: 10010) (User: axlykajill) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (10/15/2016 08:29:02 PM) (Source: DCOM) (EventID: 10010) (User: axlykajill) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (10/15/2016 06:14:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 3 time(s). Error: (10/15/2016 06:03:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/15/2016 05:51:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/15/2016 05:41:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: A device attached to the system is not functioning. Error: (10/15/2016 05:41:30 PM) (Source: APXACC) (EventID: 1003) (User: ) Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (10/15/2016 05:37:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (10/15/2016 05:37:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TPCH Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/15/2016 05:37:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-01-09 02:21:13.778 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:13.269 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:12.761 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:12.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:11.738 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:11.223 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:10.713 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-09 02:21:10.157 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-08 21:28:56.151 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-08 21:28:55.656 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A4-5000 APU with Radeon(TM) HD Graphics Percentage of memory in use: 50% Total physical RAM: 3533.51 MB Available physical RAM: 1744.05 MB Total Virtual: 7117.51 MB Available Virtual: 5130.13 MB ==================== Drives ================================ Drive c: (TI80141900D) (Fixed) (Total:450.91 GB) (Free:203.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 7E557E55) Partition: GPT. ==================== End of Addition.txt ============================