Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017 Ran by wjmcc (09-10-2017 20:29:12) Running from C:\Users\wjmcc\Desktop Windows 10 Pro Version 1703 170317-1834 (X64) (2017-06-17 15:46:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1741146877-3840377638-3316074432-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1741146877-3840377638-3316074432-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1741146877-3840377638-3316074432-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-1741146877-3840377638-3316074432-501 - Limited - Disabled) wjmcc (S-1-5-21-1741146877-3840377638-3316074432-1001 - Administrator - Enabled) => C:\Users\wjmcc ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) . . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden . . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.22 - Adobe Systems) Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated) Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com) TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.7 - Tweaking.com) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13BD7203-CABA-400F-9D75-79082385942B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {14C3C564-8DFF-4777-AC6C-2A14FD385726} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation) Task: {2C7C45F4-3ADE-46F3-B579-B53D26D0BB75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {41AF7838-49B9-4DE7-8E3E-24E531C58B56} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () Task: {4844C526-C1DE-4672-AFD8-EF347CE2C0D5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-16] (Adobe Systems Incorporated) Task: {5962CF5C-AA15-43FE-8553-62D8D011B624} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-23] (Microsoft Corporation) Task: {7BC35645-81D6-49E0-8403-FF57FE414C8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {7FB56C0C-1A42-4094-BAC2-F39EAF70D324} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation) Task: {9355F97B-F958-4DD5-BDE1-63650A4704E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {957D0862-AA71-45CB-A34A-72F886B4F8F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {AEAB9790-9F3B-4703-8609-2BE243E71B5F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () Task: {D3DA07B8-6AD4-4C1C-A13D-54D13E43C1DE} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2016-10-10 17:29 - 2017-09-23 09:28 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-09-29 11:35 - 2017-09-29 11:35 - 000916480 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\imexfrj.exe 2017-09-29 11:24 - 2017-09-29 11:24 - 001087488 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\wudutkh.exe 2017-09-09 09:33 - 2017-09-04 03:12 - 003011928 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libglesv2.dll 2017-09-09 09:33 - 2017-09-04 03:12 - 000086872 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libegl.dll 2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\libcef.dll 2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\libglesv2.dll 2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\libegl.dll 2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\wjmcc\AppData\Local\imexfrj\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\123simsen.com -> www.123simsen.com There are 7927 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-11-26 11:44 - 2017-02-04 11:35 - 000454123 __RSH C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 license.superantispyware.com 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 15583 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: MBAMService => 3 MSCONFIG\Services: Secunia PSI Agent => 3 MSCONFIG\Services: Secunia Update Agent => 2 MSCONFIG\Services: TuneUp.UtilitiesSvc => 2 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "WinZip UN" HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "amrmem" HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "trapdoors" HKU\S-1-5-21-1741146877-3840377638-3316074432-1001\...\StartupApproved\Run: => "WeatherBuddy" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DCE77B49-DDB1-4787-945F-0DCDCF0FD794}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{A528DCA4-5205-405A-ACCA-683D5A9B0790}] => (Allow) C:\Program Files\Vuze\Azureus.exe FirewallRules: [{3B6E86FA-F301-4DD4-A5C4-4F3720113392}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{718C3F4A-113C-4F17-96D2-95E9E3AD0DF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A2712006-4F65-4027-855B-912F593CD9FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{37A4B267-7EDB-41EF-886B-4E8868125EBA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9CF02923-E7A9-4F96-B0F2-95F3B47BD7A0}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{1E179AD3-1940-4284-BE42-6C2BF3601921}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{B96F966A-1ADA-4AD9-B651-177B8AC60958}] => (Allow) %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe FirewallRules: [{E9ADDCA9-645F-472E-BC29-97F3E51ACCDC}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{439C4623-E7F3-41FE-91B3-AC4491A98D55}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{4684F46F-C5E4-4C0F-AD2B-B1D67B7DB1BC}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{CC1263F0-36AE-41A1-B4D4-F3118CAC78F0}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE FirewallRules: [{A10398A0-51C9-4154-BD42-F0C9069D8022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{00BA46DD-D8B0-4030-80C7-960662ACA9F1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{2B96D402-C721-45CE-8B31-CB4D5696EBB4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{485DAB20-56C4-414B-9F93-02597B28E87B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{759CC455-68DC-4139-AF98-9BBCBE5E56D8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{A2CF9D94-3728-4FFA-8836-2DDD227A8393}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D7AFBF63-3257-46E6-8511-78E18585CD6B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{9909083E-D16E-40F4-9389-4C7713D6B8BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{1B1DD7EC-CC2B-47E2-A883-1C8EB90F7AAE}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{8021749E-9486-4996-BA93-4B135A882730}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{C170ED7E-81A7-4EAA-8D48-2BDD6D8FDC40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 15-09-2017 19:57:22 JRT Pre-Junkware Removal 24-09-2017 16:33:39 Scheduled Checkpoint 30-09-2017 11:36:37 Removed AVG 08-10-2017 12:22:35 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (10/09/2017 08:23:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 08:23:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 08:04:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:44:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:29:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:29:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:28:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:28:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:28:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/09/2017 07:28:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-UCKJ985) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (10/09/2017 08:23:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 08:23:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 08:04:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXfbn8w4s0jbk3tjevpcn9kaxerc6rby8k.mca did not register with DCOM within the required timeout. Error: (10/09/2017 07:44:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXfbn8w4s0jbk3tjevpcn9kaxerc6rby8k.mca did not register with DCOM within the required timeout. Error: (10/09/2017 07:29:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXfbn8w4s0jbk3tjevpcn9kaxerc6rby8k.mca did not register with DCOM within the required timeout. Error: (10/09/2017 07:29:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 07:28:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 07:28:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 07:28:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (10/09/2017 07:28:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UCKJ985) Description: The server Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2017-10-09 19:22:39.743 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-09 19:14:58.002 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-09 16:30:27.443 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 18:02:04.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 17:52:13.940 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 16:08:05.025 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 15:57:57.630 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 15:35:36.953 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 15:33:04.712 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-10-08 12:58:24.875 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 14% Total physical RAM: 16271.94 MB Available physical RAM: 13913.97 MB Total Virtual: 16287.94 MB Available Virtual: 13762.38 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1843.9 GB) (Free:1678.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 215F3AFB) Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1843.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18.6 GB) - (Type=27) ==================== End of Addition.txt ============================