Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by I (24-01-2017 09:57:46)
Running from C:\Users\I\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-30 15:12:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1713304671-2554689163-3342802706-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1713304671-2554689163-3342802706-503 - Limited - Disabled)
Guest (S-1-5-21-1713304671-2554689163-3342802706-501 - Limited - Disabled)
I (S-1-5-21-1713304671-2554689163-3342802706-1000 - Administrator - Enabled) => C:\Users\I
Invited (S-1-5-21-1713304671-2554689163-3342802706-1001 - Limited - Enabled) => C:\Users\Invited
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Compiled Driver Disk (Android) 1.0 (HKLM\...\{759A91E8-0024-45F3-A8F3-CDC5E13B4425}_is1) (Version: 1.0.9.9 - COMPELSON Labs)
Compiled Driver Disk (MediaTek) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811207}_is1) (Version: 1.0.9.3 - COMPELSON Labs)
Compiled Driver Disk (Samsung) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811206}_is1) (Version: 1.0.8.1 - COMPELSON Labs)
Compiled Driver Disk (SONY) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811215}_is1) (Version: 1.0.9.7 - COMPELSON Labs)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.62.03 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.62.03 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version: - EASEUS)
ESET Internet Security (HKLM\...\{78044E82-0B61-42DA-A4E6-9BD0BD28797F}) (Version: 10.0.386.0 - ESET, spol. s r.o.)
GiliSoft Video Editor 7.5.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.5.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\{0579179A-9E50-34B0-9957-A02A288A2F10}) (Version: 55.0.2883.87 - Google, Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GreedyTorrent v1.01 beta build 170 (HKLM-x32\...\GreedyTorrent_is1) (Version: - Alex N J (www.alexnj.com))
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
MetaTrader 4 Terminal (HKLM-x32\...\MetaTrader 4 Terminal) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MOBILedit ver. 8.7.1.21224 (HKLM-x32\...\{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1) (Version: 8.7.1.21224 - COMPELSON Labs)
MOBILedit! Support Libraries (HKLM-x32\...\{9DF587A2-054C-46A2-9B1A-4A230F389E4B}) (Version: 12.0.0 - COMPELSON Labs)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Ninja Blaster (HKLM-x32\...\{7789DDA6-C790-4B7E-9E49-732236536333}) (Version: 1.0.0 - Ninja Blaster)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.0 - Duodian Technology Co. Ltd.)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
Phone Drivers Downloader 1.1 (HKLM\...\{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1) (Version: 1.1.0.0 - COMPELSON Labs)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)
RogueKiller version 12.9.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.4.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - BigNox Corporation YSDrv System (12/26/2016 4.3.12) (HKLM\...\F2B0D5BB68B49599C93223B0816974DBDFAA2B0A) (Version: 12/26/2016 4.3.12 - BigNox Corporation)
Windows Password Key Standard (HKLM-x32\...\Windows Password Key Standard) (Version: - PasswordSeeker, Inc.)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare PDFelement(Build 5.7.3) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.7.3.7 - Wondershare Software Co.,Ltd.)
WWM - MetaTrader 4 (HKLM-x32\...\WWM - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
Zoom (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AA1416-D809-404F-8E9A-5DA770A2CDE9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0A441D95-18F5-459E-B2AF-EFB089BAA405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1061B044-5754-40BC-AA9F-5388BC428793} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-04] ()
Task: {1162229F-531E-4510-BA1E-B2E0BDD660DC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {117CF813-125C-4DAD-B86C-9051E85A2936} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1570B4F4-119E-41A9-9EB3-DF2412757CD0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {18AF99F8-87EE-4209-B00A-E40634104E51} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {32C9495F-2F0C-4ABB-8027-2A0E6095BF8A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3682F39A-F8A1-41B1-8370-8F11555B5E27} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {36F437A0-FA57-4F85-9B20-0CBF1B0E6558} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {372D4F24-D4B4-4039-8B2B-71B491668373} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {37EDADCA-CA58-45DA-843B-07FBB518715D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {39BC2C7C-59ED-49F3-9BF1-26EDB63677F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {4A800B0A-CAF4-4838-8061-6290FDE89C52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4C454BA6-FFB4-4769-AB2F-203F3E4D36CF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56A04ED0-0BF4-4E34-AC10-5318529EC431} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56CC8251-6FB5-45EA-9753-FC61C7255847} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5934193C-9152-4922-85EA-D23A889082F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D938047-5AD6-491C-9120-6C3645B9AF42} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {66F100AD-8A0A-4670-9AB6-FD50BE7A2530} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6716EE2C-663B-4E32-A007-1BABEF540AC5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {6957A954-C3D9-4283-8AF8-71928D8047EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6D4BAEF5-FD3F-4BC6-B2A9-DACD8556C31E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71FF5B99-3018-4496-8EBA-C723D029F0DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {771D04B5-B1A8-472C-A1CC-B851DE5A07C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {807000BE-CF2C-447B-A9BE-79157421D14A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {86D0DCA3-56F5-4A77-A913-8F44FAAE3C28} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\I\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {89A6DBDC-951F-4746-BE0C-4504D910FB58} - System32\Tasks\Opera scheduled Autoupdate 1483470935 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {9320ABB5-EBA2-4C7B-B98D-B79B5A09EB0A} - System32\Tasks\AdobeAAMUpdater-1.0-I-PC-I => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {94142D1A-9FF5-4B8D-8AE2-C8D4D84C163A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {980ADA8E-1AD5-4BAB-8EA0-7D020A8F666E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC416CB3-DBD5-4A05-AF67-09406B4D5A2A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6D87739-2CEA-4D30-A2DD-18F5AFFA2490} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {D611AED7-0DE2-4A90-96D3-5EDDB2A32F8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D6489E56-C266-4509-A3D0-E3D181D4026D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5BA6EBD-94D1-4684-875B-F70B3E626BAF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6654CD3-1BB8-4E5A-AD4A-112B4A971924} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F5E80A8F-D796-4C81-9556-E261A92395FA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6FBEF25-B7CE-4301-849B-5D384F9B10C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F7C954C7-29AB-4D6C-AA24-A20BEFA017CC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FB51814B-3307-46DE-B99D-F34BED021079} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 12:29 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 14:29 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00525176 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-23 00:06 - 2017-01-23 00:09 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 00:06 - 2017-01-23 00:09 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 00:06 - 2017-01-23 00:09 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:51 - 2016-12-14 12:53 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-14 12:29 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-11-12 20:06 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-09-30 23:15 - 2016-09-30 23:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 02:56 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 02:56 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 02:56 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 02349432 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 01365368 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00405368 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00219000 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\SkinSharp.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00156536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-04-22 00:08 - 2016-04-22 00:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:08 - 2016-04-22 00:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-22 20:10 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-22 20:10 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00098816 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32api.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00110080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pywintypes27.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00364544 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pythoncom27.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00320512 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32com.shell.shell.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00914432 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_hashlib.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01176576 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._core_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00806400 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._gdi_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00816128 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._windows_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01067008 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._controls_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00733184 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._misc_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00682496 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pysqlite2._sqlite.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00088064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_ctypes.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00686080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\unicodedata.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00119808 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32file.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00108544 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32security.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00007168 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\hashobjs_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00017920 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\thumbnails_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00088064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\usb_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00012800 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\common.time34.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00018432 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32event.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00167936 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32gui.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00046080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_socket.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01303552 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_ssl.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00128512 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_elementtree.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00127488 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pyexpat.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00038912 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32inet.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00036864 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_psutil_windows.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00524248 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\windows._lib_cacheinvalidation.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00011264 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32crypt.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00123392 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._wizard.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00077312 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._html2.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00027648 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_multiprocessing.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00020480 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_yappi.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00035840 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32process.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00078848 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._animate.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00024064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32pipe.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00010240 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\select.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00025600 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32pdh.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00017408 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32profile.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00022528 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32ts.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 46.105.86.82 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "UnlockerAssistant"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{2AAA8256-6192-4C8B-A521-EEF7205265DC}] => C:\Users\I\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{71C20AF3-CCA1-4C33-A242-1A4903C47A8D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{704B927C-9CE7-4687-AF66-3CE744519A6B}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{F51D63F1-9DBE-486E-BB38-67C90CD7AD32}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{E98490A9-E26A-4813-A236-1627577F9E2B}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5CAA6A9E-DBA2-4BD3-80D6-4A3447A0BBC3}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{41EE2C43-8B8B-424F-9EDF-DD3913EB24D9}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A352D5DB-B042-4376-B74C-4BF73D706F5B}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [UDP Query User{FB91D349-AF42-46F3-8B41-AE4FA3E4BF42}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{E8BC9DE8-71BC-4796-A1A1-65D423FDAC6C}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{E643558B-E8D3-44BE-92E7-C82E7D9D7689}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B27270DB-BA51-465F-BB96-5CC7FE532312}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1CAD647-9483-4BF4-AB6F-7F1394DB8F0A}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B12BF205-441A-40CB-B69B-6739FDB1ED28}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E68A88E-1EBD-4F9B-BA00-9EC5A799DA92}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3C3DD0A-83C7-489E-8C56-FAC3031337E9}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8CFDDE0-8310-48C1-853C-5A4EE1422E66}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB5D3B02-8897-4DA2-B7B4-372AC92B3F71}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{A6E032B8-F56F-47A2-8BA2-D48AA26B03B4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{5CEDB48B-3912-4FBE-A46E-61B112691DD7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{778D1A91-F7FC-4AEC-B535-A2446C788C22}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{507D8FB6-8177-4735-8696-4936B091502D}C:\program files (x86)\greedytorrent\gtor.exe] => C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [UDP Query User{6B41B771-5FD7-4D53-B6A8-035D57B192B3}C:\program files (x86)\greedytorrent\gtor.exe] => C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [{E420C79E-18B2-40FB-9AED-88FE99AA8FA0}] => C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{3437935A-1A71-4BAD-9CB9-53E2D38EDBE6}] => C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{4EB98E5E-E01B-43AF-A7D1-4E47BA682C0C}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{BBC0859C-9B50-4DFC-96E0-3E50C6FD14C1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-01-2017 02:08:03 Installed Ninja Blaster
09-01-2017 14:38:40 Removed Ninja Blaster
16-01-2017 20:20:31 Scheduled Checkpoint
21-01-2017 13:42:52 Removed Bonjour
22-01-2017 01:29:52 JRT Pre-Junkware Removal
24-01-2017 09:51:41 Restore 240117
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2017 09:52:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/24/2017 08:30:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (01/24/2017 04:32:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: I-PC)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (01/23/2017 04:10:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = ff; Error = 0x80070005).
Error: (01/23/2017 04:09:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = syst; Error = 0x80070005).
Error: (01/23/2017 04:08:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = 2301; Error = 0x80070005).
Error: (01/23/2017 04:08:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = systeme 23-01; Error = 0x80070005).
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000360,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000266EC7F120.72). hr = 0x80070005, Access is denied.
.
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00001170,(null),0,REG_BINARY,000000F64087DB30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {6d0ad356-b413-44e4-8bcb-97109956779a}
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007c4,(null),0,REG_BINARY,000000B2986FDBF0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b4a6a56b-6599-4e07-8c10-458892a6892e}
System errors:
=============
Error: (01/24/2017 05:06:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 05:05:52 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/24/2017 05:05:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/24/2017 04:50:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 04:50:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
Error: (01/24/2017 04:49:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2017-01-22 19:48:36.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\I\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-21 13:41:43.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:43.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:42.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:42.442
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:41.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:41.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:40.945
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:40.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:36.888
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 6050.04 MB
Available physical RAM: 3250.65 MB
Total Virtual: 12194.04 MB
Available Virtual: 8988.55 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:868.76 GB) (Free:509.72 GB) NTFS
Drive d: (Seagate Expansion Drive) (Fixed) (Total:4657.52 GB) (Free:4009.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 052A0AB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=868.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End of Addition.txt ============================
Ran by I (24-01-2017 09:57:46)
Running from C:\Users\I\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-30 15:12:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1713304671-2554689163-3342802706-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1713304671-2554689163-3342802706-503 - Limited - Disabled)
Guest (S-1-5-21-1713304671-2554689163-3342802706-501 - Limited - Disabled)
I (S-1-5-21-1713304671-2554689163-3342802706-1000 - Administrator - Enabled) => C:\Users\I
Invited (S-1-5-21-1713304671-2554689163-3342802706-1001 - Limited - Enabled) => C:\Users\Invited
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security 10.0.386.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Compiled Driver Disk (Android) 1.0 (HKLM\...\{759A91E8-0024-45F3-A8F3-CDC5E13B4425}_is1) (Version: 1.0.9.9 - COMPELSON Labs)
Compiled Driver Disk (MediaTek) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811207}_is1) (Version: 1.0.9.3 - COMPELSON Labs)
Compiled Driver Disk (Samsung) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811206}_is1) (Version: 1.0.8.1 - COMPELSON Labs)
Compiled Driver Disk (SONY) 1.0 (HKLM\...\{3DCF00F5-04A5-4543-A088-705480811215}_is1) (Version: 1.0.9.7 - COMPELSON Labs)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.62.03 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.62.03 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
EASEUS Data Recovery Wizard Professional 5.5.1 (HKLM-x32\...\EASEUS Data Recovery Wizard Professional 5.5.1_is1) (Version: - EASEUS)
ESET Internet Security (HKLM\...\{78044E82-0B61-42DA-A4E6-9BD0BD28797F}) (Version: 10.0.386.0 - ESET, spol. s r.o.)
GiliSoft Video Editor 7.5.0 (HKLM-x32\...\{3908B421-EF03-4389-A38C-DBAF6252E312}_is1) (Version: 7.5.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\{0579179A-9E50-34B0-9957-A02A288A2F10}) (Version: 55.0.2883.87 - Google, Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GreedyTorrent v1.01 beta build 170 (HKLM-x32\...\GreedyTorrent_is1) (Version: - Alex N J (www.alexnj.com))
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IQ Option (HKLM-x32\...\IQ Option) (Version: 1.0 - IQOption)
iTools 3 (HKLM-x32\...\ThinkSky) (Version: - Shenzhen Thinksky Technology Co., Ltd.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
MetaTrader 4 Terminal (HKLM-x32\...\MetaTrader 4 Terminal) (Version: 6.00 - MetaQuotes Software Corp.)
Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MOBILedit ver. 8.7.1.21224 (HKLM-x32\...\{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1) (Version: 8.7.1.21224 - COMPELSON Labs)
MOBILedit! Support Libraries (HKLM-x32\...\{9DF587A2-054C-46A2-9B1A-4A230F389E4B}) (Version: 12.0.0 - COMPELSON Labs)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Ninja Blaster (HKLM-x32\...\{7789DDA6-C790-4B7E-9E49-732236536333}) (Version: 1.0.0 - Ninja Blaster)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.8.0.0 - Duodian Technology Co. Ltd.)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
Phone Drivers Downloader 1.1 (HKLM\...\{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1) (Version: 1.1.0.0 - COMPELSON Labs)
Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd)
RogueKiller version 12.9.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.4.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - BigNox Corporation YSDrv System (12/26/2016 4.3.12) (HKLM\...\F2B0D5BB68B49599C93223B0816974DBDFAA2B0A) (Version: 12/26/2016 4.3.12 - BigNox Corporation)
Windows Password Key Standard (HKLM-x32\...\Windows Password Key Standard) (Version: - PasswordSeeker, Inc.)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare PDFelement(Build 5.7.3) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.7.3.7 - Wondershare Software Co.,Ltd.)
WWM - MetaTrader 4 (HKLM-x32\...\WWM - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)
Zoom (HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1713304671-2554689163-3342802706-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00AA1416-D809-404F-8E9A-5DA770A2CDE9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0A441D95-18F5-459E-B2AF-EFB089BAA405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1061B044-5754-40BC-AA9F-5388BC428793} - System32\Tasks\iToolsDaemon => C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2016-07-04] ()
Task: {1162229F-531E-4510-BA1E-B2E0BDD660DC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {117CF813-125C-4DAD-B86C-9051E85A2936} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1570B4F4-119E-41A9-9EB3-DF2412757CD0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {18AF99F8-87EE-4209-B00A-E40634104E51} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {32C9495F-2F0C-4ABB-8027-2A0E6095BF8A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {3682F39A-F8A1-41B1-8370-8F11555B5E27} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {36F437A0-FA57-4F85-9B20-0CBF1B0E6558} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {372D4F24-D4B4-4039-8B2B-71B491668373} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {37EDADCA-CA58-45DA-843B-07FBB518715D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {39BC2C7C-59ED-49F3-9BF1-26EDB63677F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {4A800B0A-CAF4-4838-8061-6290FDE89C52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4C454BA6-FFB4-4769-AB2F-203F3E4D36CF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56A04ED0-0BF4-4E34-AC10-5318529EC431} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56CC8251-6FB5-45EA-9753-FC61C7255847} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5934193C-9152-4922-85EA-D23A889082F4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D938047-5AD6-491C-9120-6C3645B9AF42} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {66F100AD-8A0A-4670-9AB6-FD50BE7A2530} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6716EE2C-663B-4E32-A007-1BABEF540AC5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {6957A954-C3D9-4283-8AF8-71928D8047EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6D4BAEF5-FD3F-4BC6-B2A9-DACD8556C31E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71FF5B99-3018-4496-8EBA-C723D029F0DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {771D04B5-B1A8-472C-A1CC-B851DE5A07C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {807000BE-CF2C-447B-A9BE-79157421D14A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {86D0DCA3-56F5-4A77-A913-8F44FAAE3C28} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\I\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {89A6DBDC-951F-4746-BE0C-4504D910FB58} - System32\Tasks\Opera scheduled Autoupdate 1483470935 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
Task: {9320ABB5-EBA2-4C7B-B98D-B79B5A09EB0A} - System32\Tasks\AdobeAAMUpdater-1.0-I-PC-I => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {94142D1A-9FF5-4B8D-8AE2-C8D4D84C163A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {980ADA8E-1AD5-4BAB-8EA0-7D020A8F666E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC416CB3-DBD5-4A05-AF67-09406B4D5A2A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6D87739-2CEA-4D30-A2DD-18F5AFFA2490} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {D611AED7-0DE2-4A90-96D3-5EDDB2A32F8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D6489E56-C266-4509-A3D0-E3D181D4026D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E5BA6EBD-94D1-4684-875B-F70B3E626BAF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E6654CD3-1BB8-4E5A-AD4A-112B4A971924} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {F5E80A8F-D796-4C81-9556-E261A92395FA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6FBEF25-B7CE-4301-849B-5D384F9B10C1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F7C954C7-29AB-4D6C-AA24-A20BEFA017CC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FB51814B-3307-46DE-B99D-F34BED021079} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 12:29 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 14:29 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00525176 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-23 00:06 - 2017-01-23 00:09 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 00:06 - 2017-01-23 00:09 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 00:06 - 2017-01-23 00:09 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 12:51 - 2016-12-14 12:53 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-14 12:29 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-11-12 20:06 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2016-09-30 23:15 - 2016-09-30 23:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 02:56 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 02:56 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 02:56 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 02:56 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 02349432 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\iOSDevice.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 01365368 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscCore.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00180088 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MiscMods.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00405368 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\TSLib.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00219000 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\SkinSharp.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00668536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\UICore.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00103288 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\ZLib.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00156536 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Network.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00044920 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Common.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00548728 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\Sqlite.dll
2016-07-04 23:31 - 2016-07-04 23:31 - 00385912 _____ () C:\Program Files (x86)\ThinkSky\iTools 3\MediaUtil.dll
2016-04-22 00:08 - 2016-04-22 00:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:08 - 2016-04-22 00:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-22 20:10 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-22 20:10 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00098816 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32api.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00110080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pywintypes27.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00364544 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pythoncom27.dll
2017-01-24 09:11 - 2017-01-24 09:11 - 00320512 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32com.shell.shell.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00914432 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_hashlib.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01176576 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._core_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00806400 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._gdi_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00816128 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._windows_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01067008 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._controls_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00733184 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._misc_.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00682496 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pysqlite2._sqlite.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00088064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_ctypes.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00686080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\unicodedata.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00119808 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32file.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00108544 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32security.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00007168 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\hashobjs_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00017920 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\thumbnails_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00088064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\usb_ext.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00012800 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\common.time34.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00018432 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32event.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00167936 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32gui.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00046080 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_socket.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 01303552 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_ssl.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00128512 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_elementtree.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00127488 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\pyexpat.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00038912 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32inet.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00036864 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_psutil_windows.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00524248 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\windows._lib_cacheinvalidation.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00011264 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32crypt.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00123392 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._wizard.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00077312 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._html2.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00027648 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_multiprocessing.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00020480 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\_yappi.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00035840 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32process.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00078848 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\wx._animate.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00024064 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32pipe.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00010240 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\select.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00025600 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32pdh.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00017408 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32profile.pyd
2017-01-24 09:11 - 2017-01-24 09:11 - 00022528 ____R () C:\Users\I\AppData\Local\Temp\_MEI58042\win32ts.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1713304671-2554689163-3342802706-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 46.105.86.82 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma Loader.lnk"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "UnlockerAssistant"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [{2AAA8256-6192-4C8B-A521-EEF7205265DC}] => C:\Users\I\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{71C20AF3-CCA1-4C33-A242-1A4903C47A8D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{704B927C-9CE7-4687-AF66-3CE744519A6B}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{F51D63F1-9DBE-486E-BB38-67C90CD7AD32}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{E98490A9-E26A-4813-A236-1627577F9E2B}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5CAA6A9E-DBA2-4BD3-80D6-4A3447A0BBC3}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{41EE2C43-8B8B-424F-9EDF-DD3913EB24D9}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A352D5DB-B042-4376-B74C-4BF73D706F5B}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [UDP Query User{FB91D349-AF42-46F3-8B41-AE4FA3E4BF42}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{E8BC9DE8-71BC-4796-A1A1-65D423FDAC6C}C:\program files (x86)\sopcast\sopcast.exe] => C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{E643558B-E8D3-44BE-92E7-C82E7D9D7689}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B27270DB-BA51-465F-BB96-5CC7FE532312}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1CAD647-9483-4BF4-AB6F-7F1394DB8F0A}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B12BF205-441A-40CB-B69B-6739FDB1ED28}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E68A88E-1EBD-4F9B-BA00-9EC5A799DA92}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3C3DD0A-83C7-489E-8C56-FAC3031337E9}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8CFDDE0-8310-48C1-853C-5A4EE1422E66}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB5D3B02-8897-4DA2-B7B4-372AC92B3F71}] => C:\Users\I\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{A6E032B8-F56F-47A2-8BA2-D48AA26B03B4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{5CEDB48B-3912-4FBE-A46E-61B112691DD7}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{778D1A91-F7FC-4AEC-B535-A2446C788C22}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{507D8FB6-8177-4735-8696-4936B091502D}C:\program files (x86)\greedytorrent\gtor.exe] => C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [UDP Query User{6B41B771-5FD7-4D53-B6A8-035D57B192B3}C:\program files (x86)\greedytorrent\gtor.exe] => C:\program files (x86)\greedytorrent\gtor.exe
FirewallRules: [{E420C79E-18B2-40FB-9AED-88FE99AA8FA0}] => C:\Program Files (x86)\Nox\bin\Nox.exe
FirewallRules: [{3437935A-1A71-4BAD-9CB9-53E2D38EDBE6}] => C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{4EB98E5E-E01B-43AF-A7D1-4E47BA682C0C}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
FirewallRules: [{BBC0859C-9B50-4DFC-96E0-3E50C6FD14C1}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-01-2017 02:08:03 Installed Ninja Blaster
09-01-2017 14:38:40 Removed Ninja Blaster
16-01-2017 20:20:31 Scheduled Checkpoint
21-01-2017 13:42:52 Removed Bonjour
22-01-2017 01:29:52 JRT Pre-Junkware Removal
24-01-2017 09:51:41 Restore 240117
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/24/2017 09:52:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/24/2017 08:30:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (01/24/2017 04:32:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: I-PC)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (01/23/2017 04:10:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = ff; Error = 0x80070005).
Error: (01/23/2017 04:09:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = syst; Error = 0x80070005).
Error: (01/23/2017 04:08:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = 2301; Error = 0x80070005).
Error: (01/23/2017 04:08:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = "C:\WINDOWS\system32\systempropertiesprotection.exe" ; Description = systeme 23-01; Error = 0x80070005).
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000360,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000266EC7F120.72). hr = 0x80070005, Access is denied.
.
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00001170,(null),0,REG_BINARY,000000F64087DB30.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {6d0ad356-b413-44e4-8bcb-97109956779a}
Error: (01/23/2017 11:23:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007c4,(null),0,REG_BINARY,000000B2986FDBF0.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b4a6a56b-6599-4e07-8c10-458892a6892e}
System errors:
=============
Error: (01/24/2017 05:06:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 05:05:52 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/24/2017 05:05:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
Error: (01/24/2017 04:50:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 04:50:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Net.Msmq Listener Adapter service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.
Error: (01/24/2017 04:50:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
Error: (01/24/2017 04:49:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2017-01-22 19:48:36.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\I\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-21 13:41:43.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:43.600
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:42.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:42.442
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:41.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:41.327
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:40.945
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:40.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 13:41:36.888
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Internet Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 6050.04 MB
Available physical RAM: 3250.65 MB
Total Virtual: 12194.04 MB
Available Virtual: 8988.55 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:868.76 GB) (Free:509.72 GB) NTFS
Drive d: (Seagate Expansion Drive) (Fixed) (Total:4657.52 GB) (Free:4009.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 052A0AB4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=868.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
==================== End of Addition.txt ============================