Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Owner (16-03-2017 19:18:45) Running from C:\Users\Owner\Desktop Windows 10 Pro Version 1607 (X64) (2016-09-23 06:26:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-857570284-1745001965-2900836374-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-857570284-1745001965-2900836374-503 - Limited - Disabled) Guest (S-1-5-21-857570284-1745001965-2900836374-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-857570284-1745001965-2900836374-1003 - Limited - Enabled) Owner (S-1-5-21-857570284-1745001965-2900836374-1001 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: BullGuard Antivirus (Disabled - Out of date) {13E9CAA5-762A-794E-2DA9-245D5622A105} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: BullGuard Antispyware (Disabled - Out of date) {A8882B41-5010-76C0-1719-1F2F2DA5EBB8} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: BullGuard Firewall (Enabled) {2BD24B80-3C45-7816-06F6-8D68A8F1E67E} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.) Creative Live! Cam Chat HD (VF0700) (1.00.06.00) (HKLM\...\Creative VF0700) (Version: - Creative Technology Ltd.) Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 5.06 - NCH Software) Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{08B90A20-95D3-4725-84B9-AF6553E06C4F}) (Version: 5.0.10.2850 - Intel Corporation) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation) LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog) LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) Hidden LeapFrog LeapPad Explorer Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.) Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 52.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-GB)) (Version: 52.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.0.6270 - Mozilla) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2074 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.4.5.30491 - Electronic Arts, Inc.) Play Wireless USB Adapter (HKLM-x32\...\InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}) (Version: 1.0.0.03 - Belkin) Play Wireless USB Adapter (x32 Version: 1.0.0.03 - Belkin) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.) ROBLOX Player for Owner (HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog) VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN) Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-857570284-1745001965-2900836374-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Owner\AppData\Local\Roblox\Versions\version-86e5c81a75134199\RobloxProxy64.dll (ROBLOX Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {006B0086-EF58-422F-9FE5-B0A66F86D961} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION Task: {09CB57E8-C538-466B-A44C-55EA9B10F872} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2017-03-16] (Microsoft Corporation) Task: {0F5342B9-D61B-4613-BDFA-EB15A832209F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {16EFCBC2-F648-4934-A189-CCA98F196911} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {174A834B-45AD-4918-8617-997B929155D4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe Task: {4C00C363-E0ED-4121-B32D-E2553BFDD805} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {536C3AAE-F0F1-4B80-930B-A86502EF3DF4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {619C67E6-E7C6-449C-A20D-A56232719850} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {7AC4FEEE-94D3-4E8F-84D3-62891C490A7C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {7E46EFE8-22F8-41B3-B9EA-E94BDB388EB9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {88E0D73D-1DDB-48A7-9C65-25A9D004F281} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-25] (Adobe Systems Incorporated) Task: {9C5AB6D4-E784-4789-ABFF-4AF24B206D9F} - \WPD\SqmUpload_S-1-5-21-857570284-1745001965-2900836374-1001 -> No File <==== ATTENTION Task: {9F2CF023-97B4-40B1-9814-4881D73281E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {A2728264-5D9D-4A11-89FB-70962AD28D44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {A809EC2C-E089-431F-97C0-4B99C1643352} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {A85152E4-2EA6-4A3D-80E1-DB0100F041B0} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2017-03-01] (BullGuard Ltd.) Task: {AA2767A6-60E1-4802-89EC-573E5FB7041C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {AF0626F0-4BE0-41B0-82A9-17E78EB695E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {B44ABFB8-412B-4849-ACFE-F7228D8BA57F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {B935C432-98C0-4E0B-BF72-ACA923BEC602} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {BCBCB5D3-428B-409F-94EA-F04C49166411} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {D20F3E15-C1D1-491A-8523-F04BC2192484} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation) Task: {D22AC333-A6F9-4078-9F4E-5C07D7F21BAE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {EEE81D54-C24A-4B5B-B390-AB974428562B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-03-16] (Microsoft Corporation) Task: {F1D6EF2C-AB38-46D4-AF47-E5C0F06DDA3A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F6C46BE3-3741-447D-8402-5095133E3777} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {FBED447A-A04C-46C2-9F0A-0FD6DB319568} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm ==================== Loaded Modules (Whitelisted) ============== 2016-07-05 14:23 - 2016-07-05 14:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 14:23 - 2016-07-05 14:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll 2009-12-28 17:25 - 2009-12-28 17:25 - 00036864 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe 2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-15 07:12 - 2017-03-04 07:19 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-09-23 05:59 - 2016-11-14 11:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-03-15 07:12 - 2017-03-04 07:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-15 07:12 - 2017-03-04 07:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-05-08 08:05 - 2017-01-29 13:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-03-15 07:12 - 2017-03-04 06:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 07:12 - 2017-03-04 06:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 07:12 - 2017-03-04 06:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-15 07:12 - 2017-03-04 06:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-03-15 07:12 - 2017-03-04 06:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-15 07:12 - 2017-03-04 06:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-15 07:12 - 2017-03-04 06:06 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll 2017-03-15 07:11 - 2017-03-04 06:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2017-03-15 07:12 - 2017-03-04 06:05 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll 2017-03-01 10:53 - 2017-03-01 10:53 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll 2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe 2016-09-23 06:49 - 2016-09-23 06:49 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 07:11 - 2017-03-04 06:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-02-24 06:38 - 2017-02-24 06:40 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-24 06:38 - 2017-02-24 06:40 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-24 06:38 - 2017-02-24 06:40 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2016-07-25 18:21 - 2016-07-25 18:22 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-24 06:38 - 2017-02-24 06:40 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-24 06:38 - 2017-02-24 06:40 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-07-25 18:21 - 2016-07-25 18:23 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-10-02 16:59 - 2017-03-16 08:01 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 ____N () C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2017-01-31 07:53 - 00000859 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-857570284-1745001965-2900836374-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Monitor" HKU\S-1-5-21-857570284-1745001965-2900836374-1001\...\StartupApproved\Run: => "Skype" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{5CD868DF-4081-4ACF-A714-2D679764099E}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{05131D52-3A19-424A-AB6C-5F0CD5531B24}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{728E3651-5966-4ED0-BE4F-F237C777BD14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{7A5CAC09-E3AE-47E4-8369-8EF230B7AA48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{C03B7957-2AF9-4666-A8A6-2B65C5F8756B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{A7D05511-40C8-4FB9-AAAA-F594439077B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{52443EA7-1B8E-42F8-86FB-8FF349589095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{234E02F9-73F0-4DDE-A4D5-D8788040613E}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{745CE93B-C241-4A04-97D2-B43F70255196}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A6732212-C599-4306-B9DC-5C9F5CE08BDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{34F327FF-0726-46E2-9A19-7B85F67BC028}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{4A76A207-4B03-46EC-9BF1-7428C85D92D8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{9366EBF8-27F9-4C67-8DA7-CF4203CC0C2C}C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe FirewallRules: [UDP Query User{24728DE3-FE6A-4A7B-9FE7-D181BF8BBD42}C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe FirewallRules: [{BD8D8918-E61B-49A9-A008-E0B2F412CF28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{0DD6828F-ADB6-40AB-A8D4-009DCC6AE5FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{764ED268-D851-450D-91FA-D6D74780B03E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7BE16C7E-E328-4FD9-8877-8B7E5CC6A679}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A6723363-4DF1-448C-B249-4DAD5B9F2377}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{11610162-952C-456A-AC2E-03ED07E9E97A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{941EC186-9648-4502-B5A1-4F834C02061D}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe FirewallRules: [TCP Query User{C585CD52-9309-45BE-AEED-F877EAEE0AF3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{CDAAC49B-8D6E-437D-A068-A160E6D1F1C0}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{BD5B103F-DE44-4007-B1F2-FB5FEB0EA982}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{7A56BB69-0474-482A-AF21-D7FCD3E16964}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{8E3E4CCD-DFE9-4109-AF40-EEC37D8D82A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D64ED3D2-199F-40B9-8976-1370D5457FA6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{137A64A7-C17E-49A6-8145-C4E4468DCE95}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{FE51E8E6-6911-4B1D-8609-B427580AAEEB}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{4DCEEBE3-019E-48E4-B270-3C0F808BF11F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe ==================== Restore Points ========================= 23-02-2017 10:12:56 Windows Update 04-03-2017 06:55:55 Scheduled Checkpoint 13-03-2017 07:03:26 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/16/2017 05:31:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TOWER) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.953_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (03/16/2017 05:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: TOWER) Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.953_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend. Error: (03/16/2017 05:21:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOWER) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/16/2017 05:21:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOWER) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/16/2017 04:29:41 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (03/16/2017 04:29:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/16/2017 04:28:43 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (03/16/2017 04:28:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (03/16/2017 04:22:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOWER) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/16/2017 04:22:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOWER) Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (03/16/2017 05:25:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (03/16/2017 05:22:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/16/2017 05:21:05 PM) (Source: DCOM) (EventID: 10010) (User: TOWER) Description: The server App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca did not register with DCOM within the required timeout. Error: (03/16/2017 05:21:05 PM) (Source: DCOM) (EventID: 10010) (User: TOWER) Description: The server App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca did not register with DCOM within the required timeout. Error: (03/16/2017 05:21:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/16/2017 04:34:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (03/16/2017 04:31:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/16/2017 04:30:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (03/16/2017 04:29:51 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY) Description: Miniport Belkin Play Wireless USB Adapter, {B38B09EF-C947-4D7E-AA5D-5479CAD8BCE9}, had event 76 Error: (03/16/2017 04:27:25 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-03-16 16:31:18.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 16:23:34.960 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 14:09:28.709 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 13:10:42.038 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 12:59:31.492 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 12:55:22.593 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 12:27:54.248 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 10:23:12.784 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 10:03:00.080 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-03-16 09:54:20.887 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz Percentage of memory in use: 50% Total physical RAM: 4031.83 MB Available physical RAM: 2006.49 MB Total Virtual: 5631.83 MB Available Virtual: 3266.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.98 GB) (Free:423.43 GB) NTFS Drive d: (EDWARD) (Removable) (Total:14.52 GB) (Free:14.52 GB) FAT32 Drive e: (F7D4101v1) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS Drive h: (Iomega_HDD) (Fixed) (Total:931.51 GB) (Free:457.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DF632CCF) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 5C1A39AF) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C4B5D987) Partition 1: (Active) - (Size=14.5 GB) - (Type=0C) ==================== End of Addition.txt ============================