I logged into my computer after my kids and noticed weird text is highlighted as clickable and can only imagine it is adware
start****
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2015 01
Ran by Terrance at 2015-04-30 23:32:59
Running from C:\Users\Terrance\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1518741026-1457341062-3545489784-500 - Administrator - Disabled)
Guest (S-1-5-21-1518741026-1457341062-3545489784-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1518741026-1457341062-3545489784-1003 - Limited - Enabled)
Terrance (S-1-5-21-1518741026-1457341062-3545489784-1001 - Administrator - Enabled) => C:\Users\Terrance
UpdatusUser (S-1-5-21-1518741026-1457341062-3545489784-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1004\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1518741026-1457341062-3545489784-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iFunbox (v2.95.2610.819), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.95.2610.819 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Sid Meier's Civilization 5 (HKLM-x32\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
19-04-2015 05:54:03 Scheduled Checkpoint
20-04-2015 22:22:33 Installed DirectX
29-04-2015 00:56:48 Scheduled Checkpoint
30-04-2015 22:51:10 Windows Modules Installer
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14316DC2-D683-4EFF-9CF5-CD224B6EA7CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {143C8D4E-8313-43AF-8680-4DB05B0AEBDE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {1DF8C247-AE21-4CE5-B02B-181B0CFE0409} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-15] (Microsoft Corporation)
Task: {3307BAE5-6876-48CC-A142-B73BEC23A156} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3C284817-DDE1-42B4-913E-E9BDADBF8AB9} - System32\Tasks\Uninstaller_SkipUac_Terrance => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {3E34FCCB-AA66-42D6-98C2-1B7FD717FC26} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-15] (Microsoft Corporation)
Task: {462010C7-11F1-4445-BB82-57C81C5AD7B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-31] (Google Inc.)
Task: {54C2EDBA-4C87-4339-80EE-8617109563D2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6EFB7A5F-50EC-483D-93C7-A5800E8EB053} - System32\Tasks\ASC8_SkipUac_Terrance => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-26] (IObit)
Task: {72EF503F-95A0-4F53-9698-335851494F4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {74994390-AC86-44B3-8BB6-0D633A3EECFE} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {93425247-B989-439B-BAFE-3C9CBD78198A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {A30A68F1-CCC4-47FF-97AC-29F297C15DF8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AA521CE9-35C9-4A83-A28F-6EE95A99E296} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AD812852-57BC-43ED-95B0-D60F1524C0BB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-15] (Microsoft Corporation)
Task: {C7DF3EA8-2F33-4C5C-B769-1466566CE34F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-03-10] (Microsoft Corporation)
Task: {CCDB5588-6F05-4F13-BE07-1FD9DBEF62C6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DCC3F599-2815-4B18-94AE-3C36B1CBCD4F} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{093e52e3-0ccc-dfc9-093e-e52e30cc4b8c}\IObit_Advanced_SystemCare_PRO_8.1.0.651_Final_Incl._Crack__5BATOM_5D-advanced-systemcare-setup_0.exe [2014-04-24] ()
Task: {E0C017F2-DEB5-454D-84F3-75D33330004D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F7E9D07A-2D12-4910-AE0E-7269CE132CEE} - System32\Tasks\
[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Terrance.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{093e52e3-0ccc-dfc9-093e-e52e30cc4b8c}\IObit_Advanced_SystemCare_PRO_8.1.0.651_Final_Incl._Crack__5BATOM_5D-advanced-systemcare-setup_0.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Terrance.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-05 01:36 - 2013-09-05 01:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-15 17:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-15 17:39 - 2015-04-15 17:39 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-24 10:57 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 07:20 - 2015-04-28 12:07 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
2015-04-15 17:37 - 2015-04-15 17:40 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Terrance\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\100sexlinks.com -> 100sexlinks.com
There are 4788 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.1.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF4DE9F5D40D95590DFD48945D0FA08D"
HKU\S-1-5-21-1518741026-1457341062-3545489784-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DF4DE9F5D40D95590DFD48945D0FA08D"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{32115D85-ABED-4290-8EB0-CA12B9EAC8C5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7F49E437-D0CB-4B28-870F-45FF8F44DD63}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B75BFEFF-8223-45FD-B74D-82574524256E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{75FD095D-3CEC-4D45-9CEA-34AF7A8E7C67}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C1CB30F9-B36F-4A6E-A17C-6DADC08C16E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EBF2578-F129-45DD-A6FE-93D67E5ACDC9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{00672066-F822-49A8-A68E-9B991AD223AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{96B7293C-A926-4442-9C9F-49C7A1DD7F83}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E523D43C-08AF-4AC4-AA9B-C0F45AC94C7B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9CDC2F44-3CFD-4466-9A56-EC0B7109C3D8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{59720D31-DBB6-4004-A231-1AD0A1E517B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{1F7FBADE-EA1D-4CDC-9EF7-444A9B7CE432}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3CC23EA0-A14C-47F8-86DE-F7688705191F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{9B79DDD6-67AD-467F-A20C-576D06D7AD56}C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe] => (Allow) C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe
FirewallRules: [UDP Query User{B380DD7C-7B76-4F72-ABD9-1E97D807F08B}C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe] => (Allow) C:\program files (x86)\r.g. mechanics\sid meier's civilization 5\civilizationv.exe
FirewallRules: [{279925B0-3909-48E3-A797-0B0E5E55F1C6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{7782EB72-5781-4A1F-B14D-68DDF6E19B72}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{94A7AFEF-F186-4615-AA7D-7CDC039B8F64}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9C084A5C-1C9D-42A9-9744-F2D3C2F40205}] => (Allow) C:\Users\Terrance\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B5CAA2A-5EEB-40F6-BE0B-27A98BE19F19}] => (Allow) C:\Users\Terrance\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{72310495-6649-405D-90BE-DC4895DAAB11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/30/2015 09:53:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/30/2015 08:56:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/30/2015 07:57:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Activation of app Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11500
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11500
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7422
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7422
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
System errors:
=============
Error: (04/26/2015 06:56:51 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
Error: (04/24/2015 01:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053
Error: (04/24/2015 01:28:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (04/24/2015 10:57:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 8 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (04/24/2015 10:50:29 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
Error: (04/24/2015 10:34:39 AM) (Source: DCOM) (EventID: 10010) (User: ZELDA)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1
Error: (04/21/2015 00:52:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
Error: (04/21/2015 00:48:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053
Error: (04/21/2015 00:48:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (04/18/2015 04:28:29 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Microsoft Office Sessions:
=========================
Error: (04/30/2015 09:53:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
Error: (04/30/2015 08:56:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (04/30/2015 07:57:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZELDA)
Description: Microsoft.BingHealthAndFitness_8wekyb3d8bbwe!AppexHealthAndFitness-2144927148
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11500
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11500
Error: (04/30/2015 06:28:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7422
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7422
Error: (04/30/2015 06:28:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/30/2015 06:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875
CodeIntegrity Errors:
===================================
Date: 2015-04-17 18:27:15.005
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-17 18:27:14.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-17 18:25:45.193
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-17 18:25:45.014
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-12 19:21:44.277
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-12 19:21:44.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-04-11 18:17:22.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 7987.59 MB
Available physical RAM: 4739.12 MB
Total Pagefile: 9267.59 MB
Available Pagefile: 5333.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.18 GB) (Free:778.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0009C4A8)
Partition 1: (Not Active) - (Size=243 MB) - (Type=83)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================