Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016 Ran by Natascha (02-11-2016 16:10:27) Running from C:\Users\Natascha\Desktop Windows 10 Home Version 1511 (X64) (2015-12-07 08:23:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-336042120-3881833094-1070839671-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-336042120-3881833094-1070839671-503 - Limited - Disabled) Guest (S-1-5-21-336042120-3881833094-1070839671-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-336042120-3881833094-1070839671-1008 - Limited - Enabled) Natascha (S-1-5-21-336042120-3881833094-1070839671-1001 - Administrator - Enabled) => C:\Users\Natascha ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden Adobe Acrobat X Pro - English, Russian (HKLM-x32\...\{AC76BA86-1048-8780-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{74CEB968-8452-C76B-8BAE-C5B291399639}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ares 3.1.8.4045 (HKLM-x32\...\{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1) (Version: 3.1.8.4045 - Ares) ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.3.4 - ASUSTeK Computer Inc.) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS) BitTorrent (HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\BitTorrent) (Version: 7.9.5.41713 - BitTorrent Inc.) BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) calibre (HKLM-x32\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal) Camtasia 9 (HKLM-x32\...\{357abfe9-0513-4326-9e53-3b7654e9819d}) (Version: 9.0.0.1306 - TechSmith Corporation) Camtasia 9 (Version: 9.0.0.1306 - TechSmith Corporation) Hidden Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.0.0.0159 - Disc Soft Ltd) Dropbox (HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.) Facebook Gameroom 1.0.0.2 (HKLM-x32\...\{F48C71C0-2162-4A4C-A52B-C4D10BE04C91}) (Version: 1.0.0.2 - Facebook) FileZilla Client 3.14.0 (HKLM-x32\...\FileZilla Client) (Version: 3.14.0 - Tim Kosse) GitHub (HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\5f7eb300e2ea4ebf) (Version: 3.0.11.0 - GitHub, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.1.0.001 - HTC Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) Kingo ROOT version 1.4.5.2663 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.5.2663 - Kingosoft Technology Ltd.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation) Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg) Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg) Mobistel Cynus F4 Drivers(x64) (HKLM-x32\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Mobistel) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 43.0.1 (x86 nl) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 nl)) (Version: 43.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) ON1 Resize 10 (HKLM\...\ON1 Resize 10 PE) (Version: 10.5.1 - ON1) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PdaNet+ for Android 4.19 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer) Total Tester A+ 2012 Demo (HKLM-x32\...\{3B1C2CAF-BF10-4B28-A0FA-A6A57B1AB411}) (Version: 12.4.0000 - Total Seminars, LLC) Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL)) WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.) Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 5.00 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.5 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Natascha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-336042120-3881833094-1070839671-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Natascha\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04EFA230-A897-4332-B289-C07C24F70582} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {07740B2E-BE8C-4936-A0AA-9B6C992AF5A7} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1AB2C711-B22C-4D83-B8FF-3D607DE0E5DE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3180C7D1-325B-49D9-886E-D97B7339F737} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-336042120-3881833094-1070839671-1001UA => C:\Users\Natascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.) Task: {333F1F5F-AC91-44F3-9ED3-024C278A16D2} - System32\Tasks\{B37AF9E6-5A79-41DA-B5F5-AD50D35215DD} => Chrome.exe hxxp://ui.skype.com/ui/0/7.12.64.101/en/go/help.faq.installer?LastError=1618 Task: {342F6877-39D8-4C73-9742-8F2CA2190E0A} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {3690CB8C-00A4-4F22-8394-75F81B420A63} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe Task: {3F61F2D6-218F-4D28-BEB2-82AA60DFB740} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {467E6CA3-6C38-4D3D-ABE4-9D0D69CB2539} - System32\Tasks\{62A4F304-30C9-4D9B-A20B-40EDC8491F41} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=-9 Task: {50EC26CB-F098-4F60-92B0-366DED45E262} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {67A46A20-6306-4147-BE63-3A6D69961EE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {8811266B-CB70-43BC-A47A-E8FC496E1036} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe Task: {964AEEC8-68F3-470E-B1E5-A75C7D4D6AB5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {AAB8A5C7-CC92-4050-9631-754ECD1BE4FE} - System32\Tasks\{3B950049-3D10-47CA-85AF-FE13148D8F33} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/en/abandoninstall?page=tsMain Task: {ACF4B2E2-8469-478D-B9A5-61FB94E63CA0} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe Task: {BE686CF3-AEF9-4D42-80F9-F569FEDCB0FC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Natascha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation) Task: {C1EC6871-E1DB-461E-A630-D248BD7E93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated) Task: {C9AE9010-96D2-4EC2-A365-BB8B49149399} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {F5B1016E-862B-4F9F-93C0-F04DB242EC52} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-336042120-3881833094-1070839671-1001Core => C:\Users\Natascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-336042120-3881833094-1070839671-1001Core.job => C:\Users\Natascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-336042120-3881833094-1070839671-1001UA.job => C:\Users\Natascha\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Natascha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 04:17 - 2015-10-30 04:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-06-02 16:19 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2016-07-12 20:39 - 2016-07-01 01:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2012-08-04 14:34 - 2012-08-04 14:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2016-07-12 20:39 - 2016-07-01 01:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll 2016-08-23 00:42 - 2016-08-23 00:42 - 01864384 _____ () C:\Users\Natascha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-06-04 01:34 - 2016-04-28 19:33 - 01058616 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe 2015-08-21 22:09 - 2015-08-21 22:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2016-08-23 00:42 - 2016-08-23 00:42 - 01383616 _____ () C:\Users\Natascha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-23 00:42 - 2016-08-23 00:42 - 00118976 _____ () C:\Users\Natascha\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 01029120 _____ () C:\Users\Natascha\AppData\Local\Facebook\Games\CefSharp.Core.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 49805824 _____ () C:\Users\Natascha\AppData\Local\Facebook\Games\libcef.dll 2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-09-04 21:14 - 2013-09-04 21:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 19:45 - 2010-10-20 19:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 00688640 _____ () C:\Users\Natascha\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 01665024 _____ () C:\Users\Natascha\AppData\Local\Facebook\Games\libglesv2.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 00074752 _____ () C:\Users\Natascha\AppData\Local\Facebook\Games\libegl.dll 2016-10-20 18:48 - 2016-10-20 05:47 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-20 18:48 - 2016-10-20 05:47 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [20324] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360904] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1157922] AlternateDataStreams: C:\Users\Natascha\Cookies:gs5sys [2560] AlternateDataStreams: C:\Users\Natascha\Desktop\desktop.ini:gs5sys [2560] AlternateDataStreams: C:\Users\Natascha\Desktop\Site1.wpp:SummaryInformation [227] AlternateDataStreams: C:\Users\Natascha\Desktop\Site1.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Natascha\Desktop\Site2.wpp:SummaryInformation [213] AlternateDataStreams: C:\Users\Natascha\Desktop\Site2.wpp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\Natascha\AppData\Local\History:gs5sys [2560] AlternateDataStreams: C:\Users\Natascha\Documents\desktop.ini:gs5sys [2048] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 02:26 - 2015-01-25 17:19 - 00001918 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com 127.0.0.1 ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com 127.0.0.1 localhost 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-336042120-3881833094-1070839671-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Natascha\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg DNS Servers: 200.1.159.58 - 200.2.162.14 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Apache2.2 => 2 MSCONFIG\Services: BITS => 2 HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk" HKLM\...\StartupApproved\StartupFolder: => "Monitor Apache Servers.lnk" HKLM\...\StartupApproved\Run32: => "ASUSWebStorage" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "DAEMON Tools Ultra Agent" HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "AlcoholAutomount" HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-336042120-3881833094-1070839671-1001\...\StartupApproved\Run: => "ares" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{66263CDA-B014-4A79-9869-8B5721614491}] => (Allow) LPort=3306 FirewallRules: [{70E2CED5-4C32-4BB0-B039-027D9AA23F9F}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{4387D602-0BCB-4FAA-BED6-6B28E2A74953}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe FirewallRules: [{36D50E19-51D0-4246-93CC-E2B75A51C99B}] => (Allow) LPort=7935 FirewallRules: [UDP Query User{AB4B19EA-C645-4793-B670-025F0838BB68}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{3F0E5E17-0456-4347-9114-FDECA8E418CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{DB35B47A-4D79-44B4-8619-8D18BD98093B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{D2E88FDA-8C2C-4895-BEE2-E900363C9F6D}] => (Allow) LPort=3306 FirewallRules: [TCP Query User{E7CB09F6-B0DE-4CB3-A2E1-CBE3C3BDA453}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{2B665DD6-C2FA-4DBA-BE6B-476F023D8E83}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{3B117899-7C92-4B56-B046-E1BC207B5C62}C:\users\natascha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\natascha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{1B2AC651-8F5D-4AE0-9DF5-33B4F335C272}C:\users\natascha\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\natascha\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{F1207DF9-E009-4A6E-A7DC-4B46F67D568D}] => (Allow) C:\Users\Natascha\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1650AE06-04CF-4062-9305-80CD22034118}] => (Allow) C:\Users\Natascha\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{257398D7-7BC9-47A9-A958-0A9F933526A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4392BC6E-47FE-4415-8B88-E8384729C05A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3D06BB47-3378-4D04-9360-5C175C11BE63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{581A18B8-EFCA-4310-B6EF-CEFAD49FABA7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C1D94D74-860A-469A-A538-0600DAD2C17F}] => (Allow) C:\Users\Natascha\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B5B6EA9E-ED48-4970-B144-8A07FCC59E2C}] => (Allow) C:\Users\Natascha\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B59FC7DD-CD1B-4924-BEC4-49D1C75B4AE9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C22DFA8-C7B1-423C-A47E-B3B3BD2669EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{0B6E7D11-045F-4F27-BDA4-F5CCC086C3D3}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [UDP Query User{08833584-416C-4803-B457-2A94CA86DCCD}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [TCP Query User{43DD8BB9-1BDA-448F-BE0D-B10D1A333182}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{A8728611-0BD4-4022-873A-A08CDD1CFE05}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{4AA72B15-5B3D-438A-B675-A7CBAC5E86B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{F8F273D9-2764-4967-916D-2BA73D4B9248}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{F064BC65-8912-4430-84C2-CC5177B218DE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{DB96FA8A-C7DD-433C-8CF3-F86017690201}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{4397E87A-0C3B-4981-AEFA-AD87D44C9734}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{EF565271-793F-400E-89D5-B90C3AE2FBF3}C:\users\natascha\desktop\android-studio\bin\studio.exe] => (Allow) C:\users\natascha\desktop\android-studio\bin\studio.exe FirewallRules: [UDP Query User{157ED4FF-4EB1-4801-B0FD-E2474F28B641}C:\users\natascha\desktop\android-studio\bin\studio.exe] => (Allow) C:\users\natascha\desktop\android-studio\bin\studio.exe FirewallRules: [TCP Query User{B05975F5-AF84-4583-B4CA-B783C04F81D6}C:\program files (x86)\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.8.0_45\bin\java.exe FirewallRules: [UDP Query User{C69D67FE-899E-43CD-9E56-9780A5977CB2}C:\program files (x86)\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.8.0_45\bin\java.exe FirewallRules: [TCP Query User{F201AA61-07AB-402F-8BD5-52D1288B25CB}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [UDP Query User{6D190431-900D-4423-AAD3-265EC1EEA02E}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [TCP Query User{15C3AA6F-F44D-4147-8026-D99A116D3DE7}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{1CAACA63-4B00-437D-B448-E4CDEB5ADFD6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{F28508A3-C980-45FB-B2F5-D84695551827}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AFDE2860-8E08-4E0C-838F-19E6B961B0BD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F7D77FCF-09F1-4EFC-90B2-5E7662BCBF9B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{1D0836F6-4653-42DD-BA4C-3BA78295ACF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5F2BBF7C-A6E6-414C-B8FD-377DF62B7362}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{ABB65C1C-9079-491E-8740-CCEDF7E46AB9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E1C9421A-D375-4B37-A38E-221FDC88A0E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2AFA3F0F-DBAF-4D80-83F9-E2092CE9791B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{6A97558E-A143-41F2-9EFD-BDE25E4D0266}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Block) C:\program files (x86)\prompt downloader\promptdownloader.exe FirewallRules: [UDP Query User{0A98E3D8-676D-4954-B6EB-E04459FAC7F9}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Block) C:\program files (x86)\prompt downloader\promptdownloader.exe FirewallRules: [{F496CCEA-8A33-4978-A716-10DD4BE107BE}] => (Allow) LPort=443 FirewallRules: [{ECD7716D-C266-4706-9C33-E5CA4B52CADA}] => (Allow) LPort=80 FirewallRules: [{F3303F74-9470-4E35-909F-9D38FB5BD1F4}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{AE70BA5E-2573-4D40-86E1-6744091AB713}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe FirewallRules: [{BB42AC14-8451-4C73-BC9A-B26B102CC396}] => (Allow) LPort=4481 FirewallRules: [{BC1A445F-86F5-4982-8574-C0476B3CEEC6}] => (Allow) LPort=4481 FirewallRules: [{A7C3DDE8-EC7C-4272-8497-C9EDF6341780}] => (Allow) LPort=4482 FirewallRules: [{80922CB7-C9F3-4737-8373-4C4EFF63B884}] => (Allow) LPort=4482 FirewallRules: [TCP Query User{8193BCCE-ACC7-4C8D-98B7-6E06C681C01B}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe FirewallRules: [UDP Query User{66E59F94-1E2F-4D10-B781-44889D2FB7BC}C:\program files\on1\on1 resize 10\on1 resize 10.exe] => (Allow) C:\program files\on1\on1 resize 10\on1 resize 10.exe FirewallRules: [{85C4B87E-0A71-4ED8-89A2-FAB3EC5D96A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{C4FC4F5D-6C23-4C39-837D-E6EDBD714839}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9C935C9D-96BD-4125-98B3-40EF73406B63}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{507B0609-647A-4F4B-A154-D295C33C51AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{756506BA-8D2A-401B-B74F-6C3446FDA3B1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{EA1500BC-556D-458E-9CB3-A9E5160813AC}] => (Allow) LPort=8318 FirewallRules: [{929E571B-FB1A-429B-835A-F0E62E01B72C}] => (Allow) C:\Users\Natascha\AppData\Local\Temp\inst_buychannel_45.exe FirewallRules: [{A4B2F277-7A91-465D-8DAE-66DFF39B9ED3}] => (Allow) C:\Users\Natascha\AppData\Local\Temp\inst_buychannel_45.exe FirewallRules: [{71492358-944B-42FC-AF0B-83E56ECADBDF}] => (Allow) C:\Users\Natascha\AppData\Local\Temp\is-MNT3H.tmp\download\MiniThunderPlatform.exe FirewallRules: [{019F33D5-253D-446E-B8EE-34C516ED386C}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{BFD03374-31B3-4D4D-9A18-6709562A7463}] => (Allow) C:\Program Files (x86)\LuDaShi\ComputerZTray.exe FirewallRules: [{2C9338A5-153D-40E2-8ABC-624A1E6C229D}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe FirewallRules: [{A25BAC1C-F133-4104-9190-BD7CE8310B27}] => (Allow) C:\Program Files (x86)\LuDaShi\Utils\mininews.exe FirewallRules: [{166922F8-FC62-440A-9388-9F43B1C8E539}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe FirewallRules: [{91214408-5CBD-457E-AED2-78F16D98BCE1}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe ==================== Restore Points ========================= 01-11-2016 18:28:32 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (11/02/2016 04:12:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YAZZYBEE) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout. Error: (11/02/2016 04:12:30 PM) (Source: DCOM) (EventID: 10010) (User: YAZZYBEE) Description: The server CortanaUI.AppXn2sqjsh234msy8bk0yaj2y6fzvwv5t10.mca did not register with DCOM within the required timeout. CodeIntegrity: =================================== Date: 2016-11-02 11:45:05.766 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-01 18:21:11.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-01 18:21:10.948 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-01 18:19:02.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-01 18:19:01.338 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-11-01 18:19:01.280 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-31 11:27:35.036 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-30 14:52:32.110 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-30 14:52:32.050 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-30 11:27:24.978 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 50% Total physical RAM: 3673.35 MB Available physical RAM: 1824.43 MB Total Virtual: 5593.35 MB Available Virtual: 3729.08 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:65.41 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:167.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 944CB54D) Partition: GPT. ==================== End of Addition.txt ============================