Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017 Ran by HP-Notebook (29-01-2017 21:17:51) Running from C:\Users\HP-Notebook\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-12-24 08:22:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-963142042-1071990559-4209183342-500 - Administrator - Disabled) Guest (S-1-5-21-963142042-1071990559-4209183342-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-963142042-1071990559-4209183342-1002 - Limited - Enabled) HP-Notebook (S-1-5-21-963142042-1071990559-4209183342-1000 - Administrator - Enabled) => C:\Users\HP-Notebook ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-963142042-1071990559-4209183342-1000\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.) Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Any Audio Converter 4.0.6 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) Apple Application Support (32 bits) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64 bits) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Arabic Keyboard 1.0 (HKLM-x32\...\Arabic Keyboard) (Version: 1.0 - OpenQuran) Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) AVG 2016 (Version: 16.0.4656 - AVG Technologies) Hidden Ayat (HKLM-x32\...\sa.edu.ksa.ayat) (Version: 1.4 - UNKNOWN) Ayat (x32 Version: 1.4 - UNKNOWN) Hidden BitTorrent (HKU\S-1-5-21-963142042-1071990559-4209183342-1000\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Driver Magician 3.9 (HKLM-x32\...\Driver Magician_is1) (Version: - GoldSolution Software, Inc.) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{D2A2E5CD-801A-4B8D-8119-F79449A09B67}) (Version: 2.3.1.2 - Hewlett-Packard Company) HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Internet Mobile (HKLM-x32\...\Internet Mobile) (Version: 11.302.09.05.162 - Huawei Technologies Co.,Ltd) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Kodi (HKU\S-1-5-21-963142042-1071990559-4209183342-1000\...\Kodi) (Version: - XBMC-Foundation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Module de compatibilité pour Microsoft Office System 2007 (HKLM-x32\...\{90120000-0020-040C-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla) QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F52AA93-AE47-4ABE-92D6-160635F6710F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {8FD3BA9F-57C0-44BC-A56C-6363944E6976} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {92AFBD5A-C17D-4BC8-92B8-3456E8DC4693} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {B6656BA6-1330-4CED-8565-1ECE665C5725} - System32\Tasks\SafeZone scheduled Autoupdate 1476807585 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {C3E709BA-77AC-4359-804A-C09F57585016} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {CCC4D039-A4CD-46EC-9837-74D26FD7BEC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {ED0316E8-DFDC-499F-A518-2B7D52C16557} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-18] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\HP-Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank\Upgrade to High-Speed.lnk -> hxxp://xerobank.com ==================== Loaded Modules (Whitelisted) ============== 2011-01-04 21:44 - 2011-01-04 21:44 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-23 08:34 - 2014-05-23 08:34 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-10-17 21:28 - 2013-10-17 21:28 - 00028672 _____ () C:\Windows\system32\valWBFPolicyService.exe 2013-02-19 21:43 - 2013-02-19 21:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2009-09-04 21:35 - 2009-09-04 21:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2016-10-18 16:04 - 2016-10-18 16:04 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-29 16:42 - 2017-01-29 16:42 - 04377600 _____ () C:\Program Files\AVAST Software\Avast\defs\17012901\algo.dll 2016-10-18 16:04 - 2016-10-18 16:04 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2014-06-12 02:31 - 2014-06-12 02:31 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2016-10-18 16:04 - 2016-10-18 16:04 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-26 02:41 - 2014-12-26 02:41 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2012-12-25 07:58 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2017-01-26 18:16 - 2017-01-25 06:56 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libglesv2.dll 2017-01-26 18:16 - 2017-01-25 06:56 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.76\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:7CE726A8 [126] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-03-03 16:43 - 2015-11-22 17:12 - 00000782 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-963142042-1071990559-4209183342-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP-Notebook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Tango => C:\Program Files (x86)\Tango\Tango.exe -r ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{474952AC-C452-48DD-A6CD-E748B80073D8}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{98F620F6-8528-4FFA-B891-21D18BA4D7B6}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{80D111C2-F414-4E6C-A337-DAB95E3D99B3}] => C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BD331E98-77FA-4F4C-8D4B-DD1D3F758385}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B4AD9AAD-CA6B-4038-B9D5-89F0A8379367}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5D18DD60-66D2-4C6D-999B-EC24C263AB29}] => C:\Users\HP-Notebook\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B308F83C-3AC4-4016-9706-7553561E0078}] => C:\Users\HP-Notebook\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{240E44E3-4101-411D-9ABD-A1D0FA2DD9F8}] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe FirewallRules: [{ADABF58F-C609-4A6B-8DBC-F0E675FC53E3}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{94BD264D-A5E9-4251-A255-24769B466AE2}] => C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 01-11-2016 15:56:47 ASU_MSI_TRAN 16-11-2016 15:30:43 ASU_MSI_TRAN 28-01-2017 17:08:26 Point de contrôle créé par HitmanPro 28-01-2017 17:10:56 Point de contrôle créé par HitmanPro ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000039c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000003A3F000.72). hr = 0x80070005, Access is denied. . Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000004bc,(null),0,REG_BINARY,0000000001EEE290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {6c8fc3b7-f1e7-455c-b104-bc5e193b251b} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000910,(null),0,REG_BINARY,000000000512E0A0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9284c912-0913-44a9-846c-3c465dd6cd7e} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007fc,(null),0,REG_BINARY,00000000176DDE40.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {ac5bdd33-83df-406b-b77a-ffd219901787} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001fc,(null),0,REG_BINARY,00000000027CEE50.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {dd1d59db-6c80-47ec-bd14-e90888b743bb} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001bc,(null),0,REG_BINARY,00000000012FEF50.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {a9623407-6a4c-4e44-926c-bd44469e7238} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000004bc,(null),0,REG_BINARY,0000000001EEE290.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {6c8fc3b7-f1e7-455c-b104-bc5e193b251b} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,00000000019AF410.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {d4883559-4522-49af-8827-526ecc4e9fc0} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000910,(null),0,REG_BINARY,000000000512E0A0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9284c912-0913-44a9-846c-3c465dd6cd7e} Error: (01/28/2017 05:11:33 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007fc,(null),0,REG_BINARY,00000000176DDE40.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {ac5bdd33-83df-406b-b77a-ffd219901787} System errors: ============= Error: (01/18/2017 06:35:33 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:32:32 PM on ‎1/‎18/‎2017 was unexpected. Error: (01/12/2017 10:14:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:12:29 PM on ‎1/‎12/‎2017 was unexpected. Error: (01/05/2017 11:19:35 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:17:10 PM on ‎1/‎5/‎2017 was unexpected. Error: (01/01/2017 10:04:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (12/22/2016 10:25:47 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:18:26 PM on ‎12/‎22/‎2016 was unexpected. Error: (12/16/2016 03:29:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (12/16/2016 03:29:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (12/16/2016 03:29:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (12/16/2016 03:28:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (12/16/2016 03:28:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2014-12-24 00:56:18.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 00:56:18.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 00:56:18.575 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 00:56:18.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-24 00:56:18.553 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-08 01:18:45.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-08 01:18:45.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-08 01:18:45.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-08 01:18:45.758 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-12-08 01:18:45.758 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz Percentage of memory in use: 53% Total physical RAM: 3887.38 MB Available physical RAM: 1817.35 MB Total Virtual: 7772.96 MB Available Virtual: 5134.04 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.58 GB) (Free:173.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CC757715) Partition 1: (Not Active) - (Size=232.6 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS) ==================== End of Addition.txt ============================