ADDITION.TXT
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Raffi (30-03-2017 10:23:51)
Running from C:\Users\Raffi\Desktop\FIX
Windows 8.1 (Update) (X64) (2015-01-08 21:38:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1372970940-966452781-916677827-500 - Administrator - Disabled)
Guest (S-1-5-21-1372970940-966452781-916677827-501 - Limited - Disabled)
Raffi (S-1-5-21-1372970940-966452781-916677827-1001 - Administrator - Enabled) => C:\Users\Raffi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Disabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-9560CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Google Chrome (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.8.0.6273 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 en-US)) (Version: 45.8.0 - Mozilla)
Nexus Ultimate 14.11 (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )
Norton Security (HKLM-x32\...\NS) (Version: 22.9.1.12 - Symantec Corporation)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{37AFBFC0-AE39-425B-97CB-A90319D39A4B}) (Version: 8.1.921 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{056A3023-0724-49F0-82F8-88A1F0783D53}) (Version: 8.1.921 - Softland)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 35.3.39010 - Sonos, Inc.)
SplashID Safe 7.2.4 (HKLM-x32\...\SplashID Safe) (Version: 7.2.4 - SplashData)
Spotify (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StartIsBack+ (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\StartIsBack) (Version: 1.7 - startisback.com)
Unity Web Player (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
Yahoo Messenger (HKU\S-1-5-21-1372970940-966452781-916677827-1001\...\yahoomessenger) (Version: 0.8.231 - Yahoo! Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\Raffi\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1372970940-966452781-916677827-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Raffi\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04F89BF8-A7C9-4A27-9B5D-82822A832CEE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {1D882325-E362-471E-8C38-88B0B404D67E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2017-03-16] (Symantec Corporation)
Task: {334FFF8E-2DDA-494C-B039-2EF768812EFD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {462F1A1C-745C-4F45-9516-625366142B64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {49694A82-66EA-4845-98CE-8D370A1178C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001Core => C:\Users\Raffi\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)
Task: {4C46400E-6B73-445F-A45B-22F45477370E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {50796CE1-C0BA-46C5-9410-B421D9EBBA48} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {583233BC-7D8B-4F5A-BE0C-2444E46A9270} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {5F26B7FA-7914-412A-8CB9-4A5F49C77B90} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {703F5D18-1821-4CF2-9D1E-4E5C6047B95C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft)
Task: {7658A0C9-245B-4D1D-A967-7C35EEAACF5B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {8295A939-1F99-4CCD-B68F-C09FB8424C8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {83A782A7-5307-4CD9-BA8D-108D4AB0F882} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {A18B2024-A522-4906-BBD1-11088AB13083} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {ACEB3C48-6781-4D00-9F67-4F7DCB930D0A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\WSCStub.exe [2017-03-16] (Symantec Corporation)
Task: {BF12C8B9-F090-4923-8EC7-0E3A6DFE3DA0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1372970940-966452781-916677827-1001UA => C:\Users\Raffi\AppData\Local\Google\Update\GoogleUpdate.exe [2017-03-26] (Google Inc.)
Task: {D47B4DDA-07A1-498F-B37B-BED508A70A9E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {D9383B6A-E1B9-43B7-A99F-50CBBA9ABB3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2013-12-17] (Microsoft Corporation)
Task: {E9431CCC-0887-4C9D-9E94-510A19CEB747} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.)
Task: {F7BE031D-4707-4938-9845-B69382C3994E} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-02-11 01:26 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-08 14:44 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-08 14:44 - 2014-01-02 19:41 - 00621736 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2015-01-10 00:34 - 2010-03-15 16:18 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-01-08 14:44 - 2015-01-08 14:44 - 08878248 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-29 02:38 - 2014-04-29 02:38 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-04-29 02:35 - 2014-04-29 02:35 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-04-29 02:42 - 2014-04-29 02:42 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-10-05 15:49 - 2013-10-01 02:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-06-20 12:35 - 2015-06-03 14:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-10 11:14 - 2016-08-10 11:14 - 40523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-03-30 10:21 - 2017-03-30 10:21 - 00098816 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32api.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00110080 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\pywintypes27.dll
2017-03-30 10:21 - 2017-03-30 10:21 - 00364544 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\pythoncom27.dll
2017-03-30 10:21 - 2017-03-30 10:21 - 00320512 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32com.shell.shell.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00914432 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_hashlib.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 01176576 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._core_.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00806400 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._gdi_.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00816128 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._windows_.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 01067008 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._controls_.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00733184 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._misc_.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00682496 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\pysqlite2._sqlite.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00088064 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_ctypes.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00686080 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\unicodedata.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00119808 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32file.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00108544 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32security.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00007168 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\hashobjs_ext.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00017920 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\thumbnails_ext.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00088064 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\usb_ext.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00012800 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\common.time34.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00018432 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32event.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00167936 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32gui.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00046080 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_socket.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 01303552 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_ssl.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00128512 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_elementtree.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00127488 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\pyexpat.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00038912 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32inet.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00036864 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_psutil_windows.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00524248 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\windows._lib_cacheinvalidation.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00011264 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32crypt.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00123392 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._wizard.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00077312 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._html2.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00027648 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_multiprocessing.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00020480 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\_yappi.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00035840 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32process.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00078848 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\wx._animate.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00024064 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32pipe.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00010240 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\select.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00025600 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32pdh.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00017408 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32profile.pyd
2017-03-30 10:21 - 2017-03-30 10:21 - 00022528 ____R () C:\Users\Raffi\AppData\Local\Temp\_MEI63802\win32ts.pyd
2015-01-19 19:28 - 2014-08-06 05:37 - 01203856 _____ () C:\Program Files (x86)\MediatekWiFi\Common\RaWLAPI.dll
2015-01-10 00:34 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-05-16 11:06 - 2015-05-16 11:06 - 01086176 _____ () C:\Program Files (x86)\Winstep\wodTelnetDLX.dll
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1372970940-966452781-916677827-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Raffi\Google Drive\Pictures\Wallpaper\crane.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B188B65E-B72E-4555-840C-34429D355F2F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{0AA5D0D2-BC33-4E8C-888D-1EED19D16990}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F716554D-E4E8-4A0A-9694-80554B556470}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C6CD2C51-A721-4660-8A37-FD629E859D88}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{201AE150-878F-4338-8755-80C88655B4FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1E13F8D4-583E-410F-8CC5-4AFE101AB602}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{930F0CB2-8DA0-40F4-9F95-BC6E336944B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{229288E7-24C7-4D29-8636-07EB4AFD0FAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B00A3D6-DF9A-416B-8350-F956344D731B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F928E59D-9765-433D-A820-FB74B096F2A6}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{7BB9D122-7ACA-4425-8B63-0DAF2944BF68}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9EB8953E-F465-4C2E-9273-0AE91AF8CD16}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{930D049A-6224-4AC9-92B6-5BFE22129649}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F616F161-EC89-4589-A65C-0A7E2BFC1544}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F73F7032-341D-4044-BE51-733937FCFEF8}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E865D6C3-8477-4159-BC08-5C4AD326DAC5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{0E233115-AC6F-4444-8EF4-371C6AAD9D65}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{F78ACAE2-B9FC-4A65-BE7A-7289C997A3A0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{24A519D5-6761-4A7C-8374-444859970D00}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{E8328229-5221-48DD-A5D8-39AE9E3502EE}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{90305B45-C9D4-43B4-BC07-7925E41ACD4F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{AE42C872-CB4B-4F03-A621-643BD928AE75}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{21D39A8F-A59E-4D6A-A6D6-A293A9231201}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{DB3D8D6D-0A7C-42FF-B5AA-F278E23F727B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0552F933-40DB-44E2-BA65-5821335934B4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C6DC71C5-2161-478C-907C-23C54515DDA1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D08D581B-33FA-48B2-9FF0-A355A214F7F3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{192B5532-396C-4C15-8DA6-B44CCD8C4B9B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F49CB3E7-4DC1-4F88-9946-686EA6C4FB50}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{006A19CA-4380-4508-966A-16F6CB3927BC}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{1F10411B-4EE1-4134-8943-8FB08149917B}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{4A745678-DDA4-4FE0-B127-9FDF1E971BE5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe
FirewallRules: [{97AC1BB8-4F7F-4C81-8F54-519B6C8CEECD}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{1076EFEB-64EC-4225-959E-8377114EAC29}] => (Allow) C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe
FirewallRules: [{0E0BD877-D3B2-4EA6-B6E2-B1C6892654C2}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1325B03C-32EB-490A-9F5D-FCC97EFBD758}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{489E14CA-ED54-4E82-9F92-46D8B0904247}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{45B33415-69D3-4D51-8892-73071F58FE09}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{A227B059-FA48-4843-BB4C-F0D6D3A42122}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{1FFCE112-59BC-4698-AB88-EDFFC92BE777}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{61B5DEA2-5B27-41CE-A4B1-D3B5DD475E14}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{2762CC07-FC27-4607-ADEA-A4FB3A47F8CD}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{3029A865-F52B-471E-8415-DAE38A1F92AC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{95AF1486-A659-489D-BEA0-D8F0A68B971A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5652F13E-8A22-4F6D-BA30-606017E67CDC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F5EC4F0C-CF60-45ED-8FC2-EEECE65C10BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{483059F3-068C-447D-B24F-B07D52EEDABB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{316D3348-8ADE-4257-8FC1-0362717360E5}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{601CDE2C-74DC-4E58-99F5-44AD6888332A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{07754E4A-9572-46A4-BD4E-C4B72586DBF1}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{92749470-4858-40D2-9573-E533CD3B70F9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{5AED7FD1-2368-45EE-8A82-15B092F88DEE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{4BA70707-4253-436E-A246-060AF75E2D1A}] => (Allow) LPort=54925
FirewallRules: [{AFDB33D7-BEFD-40A6-AF9B-3E5A38EB61FC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2546105B-7ADA-4C12-81F4-D953DA7AC99A}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E80F891B-D832-49E0-8EF3-52030AC55703}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D9DF0246-A404-427C-8C71-9ADC585AF013}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
FirewallRules: [{1C05C853-4F6A-4A62-A052-21DEFC0CE7C7}] => (Allow) C:\Program Files (x86)\SplashData\SplashID Safe\SplashID Safe.exe
FirewallRules: [{BE5E43DB-5815-4488-B392-AAD360109F44}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{57816D73-65F6-48A5-B421-BA974A02F65F}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{046BCA07-40CC-46AD-9E41-0251002CE1B3}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe
FirewallRules: [{181D72E1-6A7C-419F-B773-4B44A4DD8DAD}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaMediaServer.exe
FirewallRules: [{EABC3EAE-466C-4AC8-BE82-E35A5B2D198C}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [TCP Query User{1BB85E22-735D-4800-9126-CB7BD549D788}C:\program files (x86)\splashdata\splashid safe\splashid safe.exe] => (Allow) C:\program files (x86)\splashdata\splashid safe\splashid safe.exe
FirewallRules: [UDP Query User{27CB2F88-D5CA-4F20-A863-FFF013EA2FC5}C:\program files (x86)\splashdata\splashid safe\splashid safe.exe] => (Allow) C:\program files (x86)\splashdata\splashid safe\splashid safe.exe
FirewallRules: [TCP Query User{ADC25FBB-802D-4D3F-AFE9-0719CC217CE3}C:\users\raffi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raffi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3D3AB909-FE3E-4AD0-921E-6BF159EC9BE0}C:\users\raffi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\raffi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{92A12606-8828-4690-9EC4-E57C4F90798B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{549CF028-7364-4B8C-9814-DD3B38755302}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{5FDB82EC-8AAB-44D0-8A92-A133850ED085}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{6004DB50-87E8-4484-BF41-49E79DD2FD58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
14-03-2017 18:20:37 Restore Operation
22-03-2017 05:57:39 Scheduled Checkpoint
28-03-2017 20:04:38 Norton_Power_Eraser_20170328200438338
30-03-2017 08:31:53 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
==================== Memory info ===========================
Processor: Intel® Core i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 8%
Total physical RAM: 16307.27 MB
Available physical RAM: 14858.02 MB
Total Virtual: 18739.27 MB
Available Virtual: 17275.54 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:221.9 GB) (Free:166.38 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: E0FF060F)
Partition: GPT.
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E0FF0617)
Partition: GPT.
==================== End of Addition.txt ============================