Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02 Ran by Ronnie (2015-11-26 10:50:18) Running from C:\Users\Ronnie\Downloads Windows 10 Home (X64) (2015-11-18 21:07:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-380936552-4258568698-4066531615-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-380936552-4258568698-4066531615-503 - Limited - Disabled) Guest (S-1-5-21-380936552-4258568698-4066531615-501 - Limited - Disabled) Ronnie (S-1-5-21-380936552-4258568698-4066531615-1000 - Administrator - Enabled) => C:\Users\Ronnie ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Corsair Utility Engine (HKLM-x32\...\{3B890864-6721-4D29-8DA5-D25D63DCA98A}) (Version: 1.11.86 - Corsair) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell) Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dropbox (HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.) DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.) Easy Setting Box (HKLM-x32\...\{7E750925-00C9-4B23-A1E8-BBFC0955CFD8}) (Version: 1.0.00 - Samsung) Elite Dangerous Launcher version 0.4.3670.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.3670.0 - Frontier Developments) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Microsoft Default Manager (HKLM-x32\...\{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}) (Version: 2.2.114.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.) QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Saitek ProFlight X-Plane Plugin (HKLM-x32\...\{22C3976D-F570-4EA8-8A11-E453CC3FE9E5}) (Version: 1.1.5.0 - Saitek, MadCatz Inc.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skins (x32 Version: 2010.0930.2237.38732 - ATI) Hidden Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) Star Citizen Launcher (HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games) STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.4.22789 - Electronic Arts) THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wireshark 1.12.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) X-55 Rhino (HKLM\...\{0BE6604F-766C-46AF-92C8-D4DFD65FFEBE}) (Version: 7.0.33.91 - Mad Catz Inc) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ronnie\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-380936552-4258568698-4066531615-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ronnie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.) ==================== Restore Points ========================= 22-11-2015 10:16:24 Windows Update 25-11-2015 15:06:38 Windows Modules Installer 26-11-2015 10:43:21 JRT Pre-Junkware Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2015-07-05 10:30 - 00450892 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15464 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {0503EE56-3596-42D9-9445-16A3326EDE83} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {073D8BB9-03F5-4503-BEB2-1CB9EA364001} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {16A8228F-A16A-4A69-ADB9-929976331831} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice Task: {1B057A8E-3492-4BA2-A330-0BCFAD7FB7A2} - \SystemToolsDailyTest -> No File <==== ATTENTION Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask Task: {3928755E-039C-47F8-A600-5522F93CAD32} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-18] (Microsoft Corporation) Task: {3BCE979A-E79B-4CC3-9C83-03BCDB6C2D3C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2015-11-13] (Microsoft Corporation) Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 Task: {47CA3761-233A-4C5E-8F82-69E5FE5A918C} - \Apple Diagnostics -> No File <==== ATTENTION Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck Task: {4C796A2C-79B9-4F92-8728-F94964090861} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24 Task: {5AAAFC09-96D2-4C7C-AAED-FFA2A2A2677C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation) Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate Task: {75F400F6-118A-4867-BE9A-DD3058382C57} - \{78F5FAB9-916A-4630-86A2-B703EE803C15} -> No File <==== ATTENTION Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo Task: {872F4BD1-A8D9-4525-B4AC-F8263331B4AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {8A25AB8B-E811-4324-93F5-4349FE97388E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation) Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange Task: {A73982D5-3EF5-4498-9D91-CD384821DBBC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated) Task: {B2DB0167-2039-4411-8C38-9331D0707FF5} - \HPCustParticipation HP Officejet Pro 8600 -> No File <==== ATTENTION Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C4D2A7B2-D53C-43D1-8A17-05973429460F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {C717EF7F-5974-4FEC-B106-E50904E5691D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {CE52464F-D041-4AC0-B15E-0F95A3EDC944} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {D6690C5F-31CF-4913-9589-933EE5BEB0F3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {DE5EE3F6-3E80-43F3-AB61-5822AE0002DF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff Task: {E599075A-2087-480E-B123-E6D5EFC194C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-13] (Adobe Systems Incorporated) Task: {E612656D-CA51-4857-AD5C-BEC0FC1566B5} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {E9233F39-5191-446D-834B-3D35AABBEA02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {E9C14876-2ABE-4990-8166-5CFB42BEAFBA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {EC77B95A-6F58-4100-8EC5-F097D66708B9} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {EEBE8F5A-0582-47C4-910A-11534FFC76F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {EF34F93B-EA40-41EC-9A4A-BB43ACEF7627} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION Task: {EF3E711C-43C5-44E7-9179-F7075954456E} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2012-12-18 20:20 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-06-23 13:11 - 2015-06-23 13:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-10-30 01:17 - 2015-10-30 01:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-11-18 20:57 - 2015-11-18 20:57 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-10-30 01:17 - 2015-10-30 01:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-30 01:18 - 2015-10-30 03:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-10-30 01:17 - 2015-10-30 01:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-10-30 01:17 - 2015-10-30 01:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-10-30 01:18 - 2015-10-30 03:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-10-30 01:18 - 2015-10-30 03:06 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2015-10-30 01:18 - 2015-10-30 03:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-10-30 01:18 - 2015-10-30 03:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-18 20:57 - 2015-11-18 20:57 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-11-18 20:57 - 2015-11-18 20:58 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Riot Games:Win32App_1 AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1 AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1 AlternateDataStreams: C:\Program Files\Defraggler:Win32App_1 AlternateDataStreams: C:\Program Files\iTunes:Win32App_1 AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1 AlternateDataStreams: C:\Program Files\Wireshark:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\AirPort:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\AMD APP:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Dell Update:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Diablo III:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\HP:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Multimedia Card Reader(9106):Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Mumble:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Roxio:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App_1 AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\Ronnie\AppData\Roaming\Curse Client:Win32App_1 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-380936552-4258568698-4066531615-1000\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-380936552-4258568698-4066531615-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronnie\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{FF6228CF-6332-4CC0-8A8B-1E6BEB08CE63}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{AC5F861E-C1F3-4C89-9779-15A946054FAE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E7AD132D-A2BB-4AFE-89E5-FB28C72FA00D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{048A1A4A-D7E2-49E0-96D1-D35B9AEAF097}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{81F5137D-7D97-4464-A071-7B04900DFE45}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{839A7884-040D-450B-A60F-7748DD9866BD}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe FirewallRules: [{6EAFB7F4-6636-44B1-A772-AC2493A993CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [UDP Query User{6A125FC1-9964-42D9-BBD5-193DC56EE83A}C:\program files (x86)\frontier\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\program files (x86)\frontier\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [TCP Query User{AA269353-CBA9-4BFD-8764-542F1DD52119}C:\program files (x86)\frontier\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe] => (Allow) C:\program files (x86)\frontier\edlaunch\products\forc-fdev-d-1010\elitedangerous32.exe FirewallRules: [UDP Query User{3A1CB0B0-3686-45D3-8943-D2DC99475415}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [TCP Query User{A670A32B-CA7F-452E-A236-724570851A5F}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe FirewallRules: [UDP Query User{6C37684A-564B-40A5-BA0E-D8A6D129F0F1}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [TCP Query User{0156AD16-9AC1-40DA-B6A7-B00C9C3185A9}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe FirewallRules: [UDP Query User{8175710B-75F7-4C4C-9B53-0DAA8C0F6FBF}C:\users\ronnie\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\ronnie\appdata\local\temp\mxt83\bin\xwin_mobax.exe FirewallRules: [TCP Query User{5745C072-FCAE-42DF-BFEF-8EE3608199CB}C:\users\ronnie\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\ronnie\appdata\local\temp\mxt83\bin\xwin_mobax.exe FirewallRules: [UDP Query User{DBC9AA60-08EE-4EF3-B2E4-22C1361AB2D6}C:\users\ronnie\appdata\local\temp\joi98fd.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi98fd.tmp\join.me.exe FirewallRules: [TCP Query User{9C0A9934-23DF-4387-8934-322AC41D0006}C:\users\ronnie\appdata\local\temp\joi98fd.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi98fd.tmp\join.me.exe FirewallRules: [UDP Query User{DD75D75A-5F6D-41DB-8919-C8A8EF55890E}C:\users\ronnie\appdata\local\temp\joi86f7.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi86f7.tmp\join.me.exe FirewallRules: [TCP Query User{0320FC31-0B7D-4C13-8FF9-30F6757D8089}C:\users\ronnie\appdata\local\temp\joi86f7.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi86f7.tmp\join.me.exe FirewallRules: [UDP Query User{0F5C1326-4C7F-429E-8B80-61D795BF7AA3}C:\users\ronnie\appdata\local\temp\joi3a49.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi3a49.tmp\join.me.exe FirewallRules: [TCP Query User{83587925-21BC-46A8-A338-035A0E6D43DB}C:\users\ronnie\appdata\local\temp\joi3a49.tmp\join.me.exe] => (Allow) C:\users\ronnie\appdata\local\temp\joi3a49.tmp\join.me.exe FirewallRules: [TCP Query User{82F80603-C76E-457F-91FE-A6BA9630BF96}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe FirewallRules: [UDP Query User{1F96E6DC-BD9A-43CB-937B-AA98898A31F3}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [TCP Query User{A0D27D50-036E-428F-9461-AB5A936E7A28}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: DW1501 Wireless-N WLAN Half-Mini Card Description: DW1501 Wireless-N WLAN Half-Mini Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/26/2015 10:51:30 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SkypeHost.exe, version: 10.0.0.507, time stamp: 0x56422ca1 Faulting module name: KERNELBASE.dll, version: 10.0.10586.0, time stamp: 0x5632da1c Exception code: 0xe06d7363 Fault offset: 0x000bd8a8 Faulting process id: 0xfd4 Faulting application start time: 0xSkypeHost.exe0 Faulting application path: SkypeHost.exe1 Faulting module path: SkypeHost.exe2 Report Id: SkypeHost.exe3 Faulting package full name: SkypeHost.exe4 Faulting package-relative application ID: SkypeHost.exe5 Error: (11/26/2015 10:43:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (11/26/2015 10:27:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 5ec Start Time: 01d1284a0ca6ab94 Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 85da4c51-945a-11e5-9bdf-782bcba3b667 Faulting package full name: Faulting package-relative application ID: Error: (11/26/2015 10:27:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.0, time stamp: 0x5632d93d Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.11, time stamp: 0x56457d97 Exception code: 0xc000027b Fault offset: 0x00000000006fcdbb Faulting process id: 0x3d80 Faulting application start time: 0xShellExperienceHost.exe0 Faulting application path: ShellExperienceHost.exe1 Faulting module path: ShellExperienceHost.exe2 Report Id: ShellExperienceHost.exe3 Faulting package full name: ShellExperienceHost.exe4 Faulting package-relative application ID: ShellExperienceHost.exe5 Error: (11/26/2015 10:06:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 648 Start Time: 01d12863fefed2be Termination Time: 12 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 94093f61-9457-11e5-9bdf-782bcba3b667 Faulting package full name: Faulting package-relative application ID: Error: (11/26/2015 09:58:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 3908 Start Time: 01d1285d54f414f0 Termination Time: 33 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 7d373a95-9456-11e5-9bdf-782bcba3b667 Faulting package full name: Faulting package-relative application ID: Error: (11/26/2015 07:01:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 752: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (11/26/2015 07:01:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 Error: (11/26/2015 07:01:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 736: ERROR: read_msg errno 0 (The operation completed successfully.) Error: (11/26/2015 07:01:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: mDNSPlatformReadTCP - recv: 10053 System errors: ============= Error: (11/26/2015 10:36:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MSCamSvc service failed to start due to the following error: %%2 Error: (11/26/2015 10:36:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (11/26/2015 10:35:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (11/26/2015 10:35:27 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/26/2015 10:35:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_45bc2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/26/2015 10:35:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_45bc2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/26/2015 10:35:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_45bc2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/26/2015 10:35:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_45bc2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (11/26/2015 10:34:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/26/2015 10:34:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2015-11-26 10:45:27.749 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-26 10:08:53.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 10:08:53.354 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 10:06:07.767 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 10:06:07.741 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-11-26 07:03:59.486 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-22 13:49:43.350 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-22 12:29:58.781 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-18 15:06:38.743 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-18 15:02:14.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 8174.44 MB Available physical RAM: 6184.73 MB Total Virtual: 16366.44 MB Available Virtual: 14381.96 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:501.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B70BAE1F) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================