Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017 Ran by Admin PC (08-10-2017 14:05:53) Running from C:\Users\Admin PC\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2017-04-11 23:40:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin PC (S-1-5-21-2646362462-3843373758-3894818330-1000 - Administrator - Enabled) => C:\Users\Admin PC Administrator (S-1-5-21-2646362462-3843373758-3894818330-500 - Administrator - Disabled) Guest (S-1-5-21-2646362462-3843373758-3894818330-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.) Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.10.0.3 - Byte Technologies LLC) <==== ATTENTION Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Core Graphics Software (HKLM\...\{61768C93-76C2-4017-974F-9BE1D2BBD9A4}) (Version: 5.3.60.6579 - SMSC) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0232 - Disc Soft Ltd) Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com) DragonBoost (HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\DragonBoost) (Version: - ) <==== ATTENTION eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.5.3212 - Steinberg Media Technologies GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{D638A23C-5C5F-4B71-A354-EC78B2BDD320}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company) HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 1.2.20 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) IDM Crack 6.25 build 25 (HKLM-x32\...\IDM Crack 6.25 build 25) (Version: 5.40 - Crackingpatching.com Team) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6499.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.4 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) InterStat (HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\InterStat) (Version: 1.0 - InterStat) <==== ATTENTION IPM_Preinstall (HKLM-x32\...\{165C7791-99DC-4531-89AB-1F9097DA72F7}) (Version: 17.0 - Your Company Name) Hidden iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Sid Meier's Civilization V The Complete Edition repack Mr DJ version 1.0.3.279 (HKLM-x32\...\Sid Meier's Civilization V The Complete Edition ~01EC3566_is1) (Version: 1.0.3.279 - Mr DJ) Sid Meier's Civilization VI Demo (HKLM\...\Steam App 537570) (Version: - Firaxis) SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 5.3.60.6579 - SMSC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Steinberg Caleidoscope Sampler Track Content (HKLM-x32\...\{BD830EFB-4884-422C-8AA0-F564E839FC6F}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg Content Updater (HKLM-x32\...\{23BAFE62-0AF0-4D71-98C2-47286139DC45}) (Version: 3.1.0 - Steinberg Media Technologies GmbH) Steinberg Cubase LE AI Elements 9 (HKLM\...\{E0FA80FD-82A7-4328-ABC3-0DA6A9FA1824}) (Version: 9.0.20 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH) Steinberg Generic Lower Latency ASIO Driver 64bit (HKLM\...\{16D5A798-10BE-4FF3-BB71-54C012CD0D7D}) (Version: 1.0.11 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.30 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.2 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.3.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent SE Rock Pop Toolbox Drums Elements (HKLM-x32\...\{7AC78F55-2066-4EF5-AA6F-AD57FEAE7CBD}) (Version: 1.0.2 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH) Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg Production Grooves Content (HKLM-x32\...\{F72824BC-4856-4050-A745-D92BC601CCDE}) (Version: 1.0.0 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH) Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH) Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated) Synaptics WBF Fingerprint Reader (HKLM\...\{FE645EDA-C5B2-4CF3-B9E7-AFABD5710EEF}) (Version: 4.5.335.0 - Synaptics) ViewSpan (HKLM\...\{33F3FCBA-4CC5-4A5B-A6DB-53478463D991}) (Version: 2.8.3.0 - SMSC) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2646362462-3843373758-3894818330-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2646362462-3843373758-3894818330-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-08-05] (Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1E46D23B-D065-4E76-9B5F-D937F1102635} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-02] (Microsoft Corporation) Task: {1F488899-5E37-4469-BC3C-714055AA2EC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.) Task: {2990681A-BCD4-4312-A478-CE09C08C1FEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.) Task: {2D602820-193C-4C15-9131-643EBA1F8327} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-02] () Task: {3EB3F766-7CC1-4117-9B9D-6C3D404CEA90} - System32\Tasks\{D8FDC2AF-CAF5-4FC4-ABAD-A9C0FA03F68A} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {4A639399-7749-411A-9539-BAFF9EBC351F} - System32\Tasks\{EFD0A90E-8B60-4252-ACCD-442E214E9BAC} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {631E628C-F337-403F-B557-BFF73C04825C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {63A04417-6D60-47F9-A492-1B3CB9703CE9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-02] () Task: {6AC2F853-1B99-4598-90D2-383D60D01872} - System32\Tasks\{898F26E3-39CA-4072-9874-6083E7FDAA38} => C:\Windows\system32\pcalua.exe -a "C:\Users\Admin PC\Desktop\New folder\Cubase LE AI Elements for Windows\Setup.exe" -d "C:\Users\Admin PC\Desktop\New folder\Cubase LE AI Elements for Windows" Task: {720057E0-661F-4D72-8BD9-7139B8C30089} - System32\Tasks\{FDC48B7B-0C00-44A1-B607-3D5BF316D760} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {77D35637-C5FA-49B1-8DF2-306244395EAE} - System32\Tasks\{86CC71D6-928F-4492-9FB3-26F8CD2ABA17} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {86D68F0E-CBF5-4D29-99D1-22AC573568AE} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {873B5D04-32D3-4B6E-8CC0-EF37AD59BEB0} - System32\Tasks\{2C314B57-C6F0-45C7-8542-69FB414C7375} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {8DC1DC5B-A106-4321-A22E-A802868E9EFD} - System32\Tasks\{76E8F8A8-F141-4DE0-AA22-F23B4A289773} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) Task: {AF1ACCB9-8664-4BFC-967B-C69285163017} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-02] (Microsoft Corporation) Task: {CC43A0D2-A66A-4A2A-8F00-FBFB104D4B3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-02] (Microsoft Corporation) Task: {EC5C4149-2C80-43CB-BC91-2605414851EB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {F0B77885-8608-4797-881C-5C5034661694} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {FC81B824-D2B8-4B41-968E-009898CFDFE8} - System32\Tasks\{A6652A45-F802-4D80-B2DC-E2AEE244CD0A} => C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe [2017-07-16] (Malwarebytes ) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-10-02 23:44 - 2017-10-02 23:44 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-01-05 17:36 - 2017-01-05 17:36 - 000077824 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\dataup\dataup.exe 2017-03-29 19:04 - 2017-03-29 19:04 - 000833024 ____N () C:\windows\system32\tprdpw32.exe 2017-04-26 14:45 - 2017-04-26 14:45 - 000008192 ____N () C:\Users\Admin PC\AppData\Local\Temp\WS\WindowService.exe 2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll 2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2013-05-01 12:16 - 2013-05-01 12:16 - 002233592 _____ () C:\Program Files\SGFX\SgfxConfig.exe 2017-01-13 20:09 - 2017-01-13 20:09 - 000896512 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe 2017-01-20 20:18 - 2017-01-20 20:18 - 001087488 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe 2016-09-21 23:32 - 2016-09-21 23:32 - 000224768 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\dataup\help_dll.dll 2017-04-26 14:48 - 2017-04-26 14:48 - 000415232 ____N () C:\Users\Admin PC\AppData\Local\Temp\WS\WindowService.Lib.dll 2017-04-26 20:04 - 2017-04-26 20:04 - 000014336 _____ () C:\Users\Admin PC\AppData\Local\amling.dll 2017-04-13 12:06 - 2013-01-14 23:25 - 001200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2017-10-02 23:43 - 2017-10-02 23:43 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-01-14 19:40 - 2017-01-14 19:40 - 053460992 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\libcef.dll 2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll 2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\libegl.dll 2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7F41C539-3921-48DB-8950-0FC9E4329441}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E694F886-F3F3-4927-BE1C-791B328E25C6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{25F79F79-122A-43D2-AB22-3C83B0546059}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FC33C200-84A5-4E46-92AF-0692746B6289}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F2538E25-3A0F-4B35-8F85-4E65F8B245E6}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4BBCE2F5-895B-443A-86D5-20E2AD408297}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{89F6B6A0-EC8B-45B3-BBFC-BB4F45C1A8F9}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{E92D65F3-D3AF-49D4-9D3E-0ABDB4EB1DE5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作獯数浲杯敲楮作獯数浲杯敲楮攮數 FirewallRules: [{3BA5C90C-28C0-48E9-8BF0-AD39950E02CB}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶作獯数浲杯敲楮作獯数浲杯敲楮⹟硥e FirewallRules: [{40BF6227-7CE4-4663-8F4A-F6B2F65E3984}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe FirewallRules: [{04418D26-FD86-4168-9B95-F0547A14EA09}] => (Allow) C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe FirewallRules: [{5F0754CD-E326-4ED8-B144-052424681C0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{18BBB165-E4D0-4536-A4EC-0E7DC636004A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{4252BA02-8D9A-4857-A3B2-D19204F6E6F1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{77A65056-80B1-4C99-909A-90CDC16E5F0D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{8BDCFCDF-6B5D-43AA-BE1F-64EBB9BBBF9F}C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe] => (Allow) C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe FirewallRules: [UDP Query User{36F5C4E3-18D1-461B-8C3E-3E0E1A10DA26}C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe] => (Allow) C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe FirewallRules: [{C88F04B7-9EF6-4F80-B3A7-4C85FCB72E2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{4F8D37F9-6C67-4463-81A5-56DA76B6B63A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [TCP Query User{07883657-D6A7-4F99-AC93-482B3179E6FE}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe FirewallRules: [UDP Query User{9274939D-24BA-4E7E-8009-016D89AE0920}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe FirewallRules: [{D5479530-67A8-4BFD-A100-D64E5A4A6002}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI Demo\Base\Binaries\Win64Demo\CivilizationVI.exe FirewallRules: [{A9D207EB-2C40-4522-A14E-134E8C16532B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI Demo\Base\Binaries\Win64Demo\CivilizationVI.exe FirewallRules: [{6746B484-E721-4C96-A2A8-45675C2980B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI Demo\Base\Binaries\Win64Demo\CivilizationVI_DX12.exe FirewallRules: [{32543846-846E-4F52-B743-0EAA91B5EBC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI Demo\Base\Binaries\Win64Demo\CivilizationVI_DX12.exe FirewallRules: [{F63419A0-CBB4-4AAC-96B5-E311E37B83F8}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe FirewallRules: [TCP Query User{1FEAF53C-8519-4533-80BF-4141E9CC1AB9}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe FirewallRules: [UDP Query User{351279AC-AC49-44E1-AB32-80B0F726BD51}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe FirewallRules: [{9F5DCC4A-001F-4DB2-8A9B-9C2A22036854}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B36F745F-BD31-49F8-9E6A-069405A0CD51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{1379E01B-B1AD-464A-B297-6FDE59036D96}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{3E27F91D-5B44-4D7A-BB66-E82359DF27D2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{72EE83AD-6D05-4AA7-906B-E9B3907BC405}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe FirewallRules: [UDP Query User{8EACE487-2832-490E-885E-15B269A875DF}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe FirewallRules: [TCP Query User{8831472E-9BDC-4463-9AC9-B6B169293719}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe FirewallRules: [UDP Query User{72BF073C-B68C-4FC3-8750-C0B3BCE21B21}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe FirewallRules: [{95D4C17C-1262-4C9F-9B92-3B61883FEA21}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9381BBED-3244-4AC9-A740-179BD348638E}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6E8BF1B2-4641-4F34-B67F-6FB197143D88}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8B012911-1155-4F32-B54C-9A8EB7D2D1D5}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{29DC0803-CA96-43EB-84AD-FF14E6188146}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9FB08C8C-6DBE-4A28-822C-CF16A1897366}] => (Allow) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1DB437BE-4B8E-4C8E-9537-2F0C459E248A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{D01B4730-82DC-470C-9D74-D5125A6682A9}C:\users\admin pc\desktop\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\admin pc\desktop\left 4 dead 2\left4dead2.exe FirewallRules: [UDP Query User{2EE3CB14-1198-4F36-85F6-123415F8CA52}C:\users\admin pc\desktop\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\admin pc\desktop\left 4 dead 2\left4dead2.exe FirewallRules: [TCP Query User{3543DA56-4311-41E0-A65E-1F9007094E0C}C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe] => (Block) C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe FirewallRules: [UDP Query User{9C97B28A-191F-4BDC-BA81-83744A0C95BC}C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe] => (Block) C:\program files (x86)\mr dj\sid meier's civilization v the complete edition repack mr dj\civilizationv.exe FirewallRules: [{21477C5F-4CC5-4E87-831E-F4C9017B867C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E06CEDE8-DFB5-463C-B0A0-955948A11635}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{3B4A24F2-9AFA-4E94-954F-833F07D835A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{01642B57-25F2-467C-940B-7451A7D78EE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3020BA3E-6055-4D6D-97E5-44DB4DB6F1B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{7103B39F-917C-4D8A-A340-5CF132398D9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/08/2017 01:52:24 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/08/2017 01:52:24 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12C9F417-831C-4D4E-BD80-3DA2C5F79AC4} Error: (10/08/2017 01:52:22 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {12C9F417-831C-4D4E-BD80-3DA2C5F79AC4} Error: (10/08/2017 04:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2060 Error: (10/08/2017 04:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2060 Error: (10/08/2017 04:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/08/2017 04:37:05 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1046 Error: (10/08/2017 04:37:05 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1046 Error: (10/08/2017 04:37:05 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/08/2017 03:25:33 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "c:\program files (x86)\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl32.dlla\libcurl.dll". Dependent Assembly OpenSSL.DllA,processorArchitecture="*",type="win32",version="1.0.0.4" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (10/07/2017 10:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/07/2017 10:10:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect. Error: (10/07/2017 10:08:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/06/2017 11:00:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/06/2017 11:00:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect. Error: (10/06/2017 10:58:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/06/2017 10:55:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/06/2017 10:55:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Management Service service to connect. Error: (10/06/2017 10:53:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (10/04/2017 02:31:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3437U CPU @ 1.90GHz Percentage of memory in use: 57% Total physical RAM: 8055.54 MB Available physical RAM: 3415.98 MB Total Virtual: 16109.27 MB Available Virtual: 10871.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:57.84 GB) NTFS Drive d: (OFFICE14) (CDROM) (Total:0.34 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 2D94F91E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================