Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01 Ran by pc user (2016-06-13 23:49:53) Running from C:\Users\pc user\Downloads Windows 8.1 Pro (Update) (X64) (2015-05-13 21:11:39) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-857764097-2768608196-515561602-500 - Administrator - Disabled) Guest (S-1-5-21-857764097-2768608196-515561602-501 - Limited - Enabled) => C:\Users\Guest pc user (S-1-5-21-857764097-2768608196-515561602-1001 - Administrator - Enabled) => C:\Users\pc user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated) Advanced RAR Password Recovery (remove only) (HKLM-x32\...\Advanced RAR Password Recovery) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Crossfire 2.0 version 1 (HKLM-x32\...\{F2A1C4D6-5842-468D-98EB-49BC120BF811}_is1) (Version: 1 - Gameclub) Crossfire version 1144 (HKLM-x32\...\{27876B85-5D2F-4896-A8CA-DD371E7D8BCB}_is1) (Version: 1144 - Gameclub) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dota 2 Workshop Tools Alpha (HKLM\...\Steam App 316570) (Version: - ) Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.193.0000 - Shanda Games International) Extension Ball (HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\{C5BC3002-34E7-16FF-AF90-6681F85CBAAA}) (Version: 1.5.6 - Virtual Rush corp) <==== ATTENTION GameClub Launcher PH (Remove only) (HKLM-x32\...\{BBD9FAD7-F782-4548-B00F-E612322950F6}) (Version: 20111202 - GameClub) Garena - League of Legends (HKLM-x32\...\LoLPH) (Version: - Garena Online Pte Ltd.) GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation) NVIDIA Update 16.13.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 16.13.65 - NVIDIA Corporation) Opera Stable 33.0.1990.43 (HKLM-x32\...\Opera 33.0.1990.43) (Version: 33.0.1990.43 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PriceFountain (HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\DermaCratons) (Version: - ) <==== ATTENTION QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7368 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.) Soda Manager (x32 Version: 7.0.0.21719 - LULU Software Limited) Hidden Soda PDF 3D Reader (HKLM-x32\...\Soda PDF 3D Reader) (Version: 7.2.3.22591 - LULU Software Limited) Soda PDF 3D Reader Asian Fonts Pack (x32 Version: 7.2.3.22270 - LULU Software Limited) Hidden Soda PDF 3D Reader Create Module (x32 Version: 7.2.3.22270 - LULU Software Limited) Hidden Soda PDF 3D Reader View Module (x32 Version: 7.2.3.22270 - LULU Software Limited) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Update for PriceFountain (HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}) (Version: - Update for PriceFountain) <==== ATTENTION Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft) USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version: - Zbshareware Lab) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.10 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH) WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH) YTD Toolbar v23.8 (HKLM-x32\...\{8914848D-59A3-4DED-BB2F-8A558FD85EA3}) (Version: 23.8 - Spigot, Inc.) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-857764097-2768608196-515561602-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-857764097-2768608196-515561602-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-857764097-2768608196-515561602-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B02B11E-FB0C-4B50-93B5-5A7DE268C3C2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo) Task: {0C607C14-7905-4127-B725-2B7B3060EC12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {0E8638F3-5A2C-4865-88E3-6A1C429C40F2} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-04-01] () Task: {0EB5F29D-C96F-4764-9D2C-EB9A06F27B7B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for AIDRIAN-pc user Aidrian => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation) Task: {1F606E99-D267-415C-8B5D-72BF3DB80492} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {3116FFDC-8763-4B5D-8B80-FC911BE9534D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-16] (Google Inc.) Task: {449E85B6-FA8C-4FE6-894D-C66A9D232F18} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-piedraaidrian@yahoo.com.ph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {625362FE-8C8C-4D2F-AC96-C1B580C10866} - System32\Tasks\Opera scheduled Autoupdate 1446518661 => C:\Program Files (x86)\Opera\launcher.exe Task: {7B7F13ED-0F97-4D7E-8FC2-D7DF353E71D5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-05-14] () Task: {B7BDDD53-5150-4D1E-851F-269CABA2D2F8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {C2111C94-31AD-41B2-B2BC-B35AAAE2E8B4} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe Task: {D4E8915C-E492-469E-A9F9-A987131F3D1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-16] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\pc user\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat () Shortcut: C:\Users\pc user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\FRST\Quarantine\C\Program Files (x86)\Seablue\Seablue\chrome.exe (Google Inc.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-14 05:19 - 2014-11-04 06:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-21 09:12 - 2015-03-21 09:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-04-01 14:33 - 2016-04-01 14:33 - 00174632 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe 2015-04-14 17:14 - 2015-04-14 17:14 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-02-08 00:49 - 2014-02-08 00:49 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll 2014-02-08 00:49 - 2014-02-08 00:49 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll 2014-02-08 00:49 - 2014-02-08 00:49 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll 2014-02-08 00:49 - 2014-02-08 00:49 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll 2015-06-19 09:37 - 2014-12-05 10:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll 2015-06-19 09:37 - 2014-12-05 10:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll 2016-04-01 14:33 - 2016-04-01 14:33 - 03310632 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll 2016-06-13 23:39 - 2014-12-05 10:27 - 00104328 _____ () C:\Users\pc user\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll 2015-04-14 17:14 - 2015-04-14 17:14 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-05-19 21:29 - 2016-05-13 17:02 - 01708416 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Seablue\Seablue\libglesv2.dll 2016-05-19 21:29 - 2016-05-13 17:02 - 00080256 _____ () C:\FRST\Quarantine\C\Program Files (x86)\Seablue\Seablue\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKLM\...\batfile\DefaultIcon: C:\Windows\SysWow64\imageres.dll,-68 <===== ATTENTION HKU\S-1-5-21-857764097-2768608196-515561602-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 21:25 - 2016-06-11 14:14 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-857764097-2768608196-515561602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pc user\Desktop\La\HAH\arc_reactor___wallpaper_by_luned13-d58ktp9.png DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{61456281-8B15-49F0-A449-AD1F0AB75CCD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{7D7BFE57-1D56-47CB-B0C9-1EE96A5641A4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F55E71BA-B473-4DA3-A06A-F6B26C4EACD8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{AD77A1B3-0490-4412-A2B5-12AD441BD42E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{BB3B0D22-A8F3-47E1-985F-AAED276B6313}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D5E1EACC-76F3-4CF2-B417-1B0F146F2642}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{0A12AE30-DCDE-4E6F-9FEC-63AD463EFD07}] => (Allow) C:\Users\pc user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{250C11D7-07BE-46E0-9865-67FBA4548FDF}] => (Allow) C:\Users\pc user\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F7A54F8B-D32A-4C51-942E-299956896345}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{25AFA802-8F0D-4A21-839A-09949B9644B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8063E93D-4734-4C1A-AB58-DAE37BE04C71}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C4A7D8FC-38C8-4E21-B92E-1B3A53402FE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{D6A79696-21F6-4CFC-A5D5-388D5B6B2BFB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{F7975DBF-C78A-4E83-A27B-5F2CA20BCB39}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{1FADC76D-B082-4A7F-AAF7-6FB6912E7210}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{0FBBEBD4-755B-4615-A697-4E5F928C45DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [TCP Query User{4A15C367-90CB-4C8B-BCDB-BD28D61C3E7A}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{F52BA236-C727-4243-A49F-BB1D1B1CE4B3}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{F7E2A6E3-E8D6-480F-A1EE-35B4A02F9FEA}] => (Allow) C:\Windows\SysWOW64\rundll32.exe FirewallRules: [{B730FFC7-4F0E-4F19-8E55-0AEDA983B762}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe FirewallRules: [{9FF6726B-D3C1-489C-B337-6DC1E96A6490}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe FirewallRules: [{9858EF9E-38A7-4C25-A7D0-9BD83303DB9F}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe FirewallRules: [TCP Query User{35E535FB-2769-493F-A713-1D84CCB14DB1}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe FirewallRules: [UDP Query User{89FB6835-931B-4DAC-84CD-0A8F99B25EDD}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe FirewallRules: [{EE82616B-9A05-4BB1-B46E-2A6CC29117D4}] => (Allow) LPort=8370 FirewallRules: [{10D204A7-B83C-4036-A2B7-5DBDA32BCF46}] => (Allow) LPort=8370 FirewallRules: [{5702E028-4D30-4F52-8295-7AC3B61F28DE}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{2C273390-889B-4F69-87F6-6C0114A8E171}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{36AFD11A-54CA-40B2-987B-5A426563357D}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [{C10BFC69-4B9F-43C1-8A13-6F1B2698DE0B}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [{5B225544-B587-4ACF-9BFA-3AD2FC6EDDDE}] => (Allow) LPort=6899 FirewallRules: [{63D2F30C-EF9E-49EB-9951-3B153E5DF59C}] => (Allow) LPort=6899 FirewallRules: [TCP Query User{C0862356-BE80-4C59-8EEE-DF7EDE6A952A}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe FirewallRules: [UDP Query User{07FBCBA1-AC12-4441-9234-EC047DCDDC0A}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe FirewallRules: [TCP Query User{F23AC7F4-5404-469E-B18B-3AF3C6D53D24}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe FirewallRules: [UDP Query User{61F1A42F-D359-4913-809D-851FE1A85D94}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe FirewallRules: [TCP Query User{5C6D8541-7FCF-4F26-AB51-9E68225C2BC1}E:\dishonored\binaries\win32\dishonored.exe] => (Allow) E:\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{25A30EB8-6764-440F-A27E-3F66EF68DF9E}E:\dishonored\binaries\win32\dishonored.exe] => (Allow) E:\dishonored\binaries\win32\dishonored.exe FirewallRules: [TCP Query User{1E35D2F7-1A20-4C3F-90E3-008BE105209B}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{37A77408-5D0C-4227-86BE-DF2DA43A5625}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Allow) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [{064814F0-E5CE-462B-9819-860D4B193C0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{BD144A18-12F5-4CE0-9CAE-6EB8C86B764D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe FirewallRules: [{B3C88735-B57F-4675-B806-83E62F8DEBF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{88CA123A-AF66-4E83-886A-1813A078185F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{97EDD308-80CA-487D-A3F5-82ACFC3C9BDB}] => (Allow) LPort=50248 FirewallRules: [{38C1306A-17DB-4457-B523-D5D83D370ACA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{941327EC-FCC8-4E97-BFD7-126719CFEC8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{5A5D103B-F77D-440D-BEB5-19444C58AA22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{F97D38D9-8DC3-4F14-88A6-83B38AC68382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{F6298FD0-FEAF-476E-8A84-EF9F22861C1A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{606E10D2-55BF-475B-A0B1-907050D9DD7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BC5A3E0A-8EB4-420D-BF44-C89E1CC24AB3}] => (Allow) C:\Users\pc user\Downloads\HoNInstaller.exe FirewallRules: [{0A1EFC0E-0363-4FE9-8F8C-217231492550}] => (Allow) C:\Users\pc user\Downloads\HoNInstaller.exe FirewallRules: [TCP Query User{134F8C45-35C8-4BDF-9F97-916940D08754}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [UDP Query User{69F95E25-4726-4605-814E-F164D6C0DBDE}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe FirewallRules: [{922769BD-88A3-4B5B-B705-25EB8129D53B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{522FF329-4CCE-4F17-A881-C578FDD7A5F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{78B377A3-90D7-4F8A-B2CA-F488D7E3C2C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{E4035A4E-FB03-4C05-9191-2F5BF993F3D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EB73C7C8-B753-4029-989B-08C786AD60D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{4F5CEB94-6350-438C-9BCC-89F755A55594}] => (Allow) 㩃啜敳獲灜⁣獵牥䅜灰慄慴剜慯業杮獜湳獜湳攮數 FirewallRules: [{51877684-9B4B-4E70-8E6F-F2CFD743540A}] => (Allow) 㩃啜敳獲灜⁣獵牥䅜灰慄慴剜慯業杮獜湳畜摰獳⹮硥e FirewallRules: [{9819032D-D412-423E-8CEF-440EBEA8832C}] => (Allow) C:\Program Files (x86)\ADSafe\ADSafe.exe FirewallRules: [{67D7306B-63B0-4579-8C70-E0BA9F5A567E}] => (Allow) C:\Program Files (x86)\ADSafe\ADSafeSvc.exe FirewallRules: [TCP Query User{C69997EB-495E-4E72-9742-604B29443D39}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{01AFC62E-32FD-4214-9847-616B99227FE0}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [TCP Query User{861D3AAE-503C-46BE-9166-44CA65106849}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{213A2247-46F9-4214-BAEB-DAF7AA2DD6FA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{E7949BA4-4596-499C-80C6-39DECC10214F}] => (Allow) C:\Users\pc user\Desktop\Steam.exe FirewallRules: [{8822EFCA-6455-4A25-B9CC-A90BB755A492}] => (Allow) C:\Users\pc user\Desktop\Steam.exe FirewallRules: [{338598F7-EBAA-4CAE-A7C4-D8A1BC321F68}] => (Allow) C:\Users\pc user\Desktop\bin\steamwebhelper.exe FirewallRules: [{F116227F-C3E3-450A-801C-7C7D94AC243F}] => (Allow) C:\Users\pc user\Desktop\bin\steamwebhelper.exe FirewallRules: [{B59D401D-E086-456D-B369-74ECB856E145}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe FirewallRules: [{0E2E859B-5C0C-4BBB-B20A-0EEEC34B009B}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe FirewallRules: [{CCF167FB-D064-4248-A8AF-18089649AB18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{1F2F74F6-E169-4A29-9BB9-E99F9FC4F97B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{903C6DA4-515B-4E5E-B8D4-1CA44588BA01}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe FirewallRules: [{690203C3-72EF-4633-85AE-1CCD39807D3E}] => (Allow) C:\GarenaDownload\Games\lolph\LoLInstaller.exe FirewallRules: [{1B0EAF4F-A291-4AB0-9E6B-BCF27D0EB10C}] => (Allow) LPort=8370 FirewallRules: [{68A65D1F-D01A-437F-B14A-7E40CB106CCF}] => (Allow) LPort=8370 FirewallRules: [{2E2F5D0C-E5D9-4584-8A6B-527FA3C3E984}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{A951B191-3E92-413F-B734-0121FB78BCEF}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe FirewallRules: [{0960934B-E7F7-47F3-B421-0C305A5C8A9A}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [{B48EA4C0-0EA8-41F8-A32E-8677827401D4}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe FirewallRules: [TCP Query User{7C065E94-08E2-4070-A677-6F7D56F65EB1}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe FirewallRules: [UDP Query User{C41FF730-AF0A-44BE-84BA-BB48389100D0}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe FirewallRules: [TCP Query User{9A6C019A-1B80-4485-9402-D5532DA5537C}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe FirewallRules: [UDP Query User{3910B53E-71A4-4903-8D98-B9057F1C6546}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe FirewallRules: [{627C5C46-9528-4736-8A6C-34D74C68DADE}] => (Allow) C:\GarenaDownload\Games\hon\HoNInstaller.exe FirewallRules: [{B5E90E09-83F6-494B-B438-7A39AA167618}] => (Allow) C:\GarenaDownload\Games\hon\HoNInstaller.exe FirewallRules: [{C906A032-6798-415E-BDC9-FCD060C6D5BA}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe FirewallRules: [TCP Query User{C84B2E9E-2ADD-441A-B3CE-07CFDB4EE64F}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe FirewallRules: [UDP Query User{F7F21D90-0202-46FD-B2DE-535ED7A389F4}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe FirewallRules: [{1B7EA065-9917-4CFA-856D-26C660DF0403}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{404E1A6C-68BE-4273-8E9C-25F0EE266666}] => (Allow) C:\Program Files (x86)\Seablue\Seablue\chrome.exe FirewallRules: [{A0ABCDA1-5645-43E0-9D4D-B28615719A24}] => (Allow) C:\Program Files (x86)\Seablue\Seablue\bin\Seablue_server.exe ==================== Restore Points ========================= 23-05-2016 08:58:39 Scheduled Checkpoint 01-06-2016 03:50:02 Scheduled Checkpoint 08-06-2016 07:34:40 Scheduled Checkpoint 11-06-2016 15:15:25 Removed Bonjour 13-06-2016 17:04:33 JRT Pre-Junkware Removal 13-06-2016 17:05:17 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (06/13/2016 11:39:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SODA Manager service failed to start due to the following error: %%1053 Error: (06/13/2016 11:39:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the SODA Manager service to connect. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Percentage of memory in use: 26% Total physical RAM: 8146.35 MB Available physical RAM: 6003.6 MB Total Virtual: 16338.35 MB Available Virtual: 14112.71 MB ==================== Drives ================================ Drive c: (Ian) (Fixed) (Total:223.57 GB) (Free:27.44 GB) NTFS Drive d: (SUPER SECRET) (Fixed) (Total:465.42 GB) (Free:84.27 GB) NTFS Drive g: (ci) (Fixed) (Total:465.76 GB) (Free:77.8 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A93B64B4) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: A93B648C) Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: F32FA91C) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================