Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016 Ran by Administrator (2016-02-03 12:16:43) Running from C:\Users\administrator\Desktop Windows 10 Pro (X64) (2015-12-11 18:50:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-767562735-1566109874-383603450-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-767562735-1566109874-383603450-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-767562735-1566109874-383603450-503 - Limited - Disabled) Guest (S-1-5-21-767562735-1566109874-383603450-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1494889691-692003638-653252256-500\...\uTorrent) (Version: 3.4.3.39944 - BitTorrent Inc.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.50.1277, 19.06.2013 - AIMP DevTeam) Ashampoo Burning Studio 14 v.14.0.4 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.4 - Ashampoo GmbH & Co. KG) Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - ) Avast Premier (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) AVG (Version: 16.31.7357 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Entity Framework 6.1.0 Tools for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation) ezvid (HKLM-x32\...\{38C27BF3-6977-4CB1-94C4-A05A9989A137}) (Version: 0.6.18 - ezvid, inc.) FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory) Google Chrome (HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Google Chrome) (Version: 25.0.1323.1 - Google Inc.) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.6.25 - IObit) Iota 2.3.3 (HKLM-x32\...\{0C8A4930-B317-4012-85FF-3E116BEFB68F}_is1) (Version: - iyesus.com) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.129 - PandoraTV) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden Longman Advanced American Dictionary (HKLM-x32\...\NSIS_laad) (Version: - ) Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia) Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.1500 - Maxthon International Limited) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team) Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Power Ge'ez 2010 (HKLM-x32\...\Power Ge'ez 2010) (Version: 10.0.0 - cRACK CDS Ge'ez #10) Power Ge'ez 2010 (x32 Version: 10.0.0 - cRACK CDS Ge'ez #10) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden ROX Player version 1.480 (HKLM-x32\...\ROX Player_is1) (Version: 1.480 - ) SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) UnHackMe 7.95 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) VMware Workstation (HKLM\...\{132E3257-14F1-411A-BC6C-0CA32D3A9BC6}) (Version: 12.0.0 - VMware, Inc.) WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL)) washra-fonts-4.1 (HKLM-x32\...\{53F31108-F08F-4F0D-9FFF-4794C00DE796}) (Version: 1.0.0 - HCCS) WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Wondershare Filmora(Build 6.6.0) (HKLM-x32\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-3 - Bitnami) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C10CAA0-7900-4E4B-9AE3-9FC2C942DF4C} - System32\Tasks\{72D5B80C-855E-455A-AF34-B7A213FA2A25} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Oarpmany.exe" -c /removereleaseinpatch "{90150000-012B-0409-1000-0000000FF1CE}" "{E7396A71-6BAC-4A67-8B4F-384CA2257A41}" "1033" "0" Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {0E1BA573-918B-4F8A-9985-3872BE22E30D} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {2F6410E0-AE21-4902-8DF4-7D9A8AC1FFC7} - System32\Tasks\SafeZone scheduled Autoupdate 1454395245 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software) Task: {33460132-7E18-496B-B4B5-6D4F052AAF07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {51EE82B7-F436-4B02-93EA-D503BF430E44} - System32\Tasks\0615piUpdateInfo => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe [2015-11-03] () Task: {806E3E1C-0832-4A58-A244-0F782ECE592A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {9F3A30B3-4A2C-4D80-BCA3-ABC294F09A06} - System32\Tasks\{C9C215DF-5473-4004-B5A5-C7C0F73947A4} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ventodinfresh\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Ventodinfresh\uninstall.dat" -a uninstallme A0D57ECE-3060-465E-894C-92507362C854 DeviceId=188e94e0-21e6-19a1-3c26-dbe19ea3acba BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev Task: {B806DEDA-F5C4-4419-BB7D-12275A28FAC3} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-12-09] (IObit) Task: {C357A9B3-9702-4E4B-AE9E-A1454D5DE9DD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {C3FDFA2B-254D-4B4C-849F-D343D407CC7B} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-02-03] (Greatis Software) Task: {C8422F6E-E5A2-4B88-AD59-D2727DA65096} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-02] (AVAST Software) Task: {CC02A91D-68EB-4FD7-A0BA-4BF4CEE7CDEA} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {D8DAE5F1-9B8D-459B-BEE6-D4145D5FC9EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-01] (Adobe Systems Incorporated) Task: {DA1D419A-D6F8-46B6-9E98-ECFFC08E82F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {EA60DD6F-88C7-479F-9E1C-2C12AD09225A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated) Task: {FF33EA59-31C1-4B10-BC23-4435AE79FB23} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2014-08-20] (Maxthon International ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-09-30 04:28 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2015-09-25 05:45 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-12-12 07:30 - 2015-12-12 07:30 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-12 07:30 - 2015-12-12 07:30 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2014-01-23 16:05 - 2014-01-23 16:05 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-09-22 16:02 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2015-09-22 16:02 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll 2015-10-30 10:17 - 2015-10-30 10:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-10-30 10:17 - 2015-10-30 10:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2014-05-19 13:27 - 2014-05-19 13:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe 2015-09-25 08:19 - 2014-01-14 18:54 - 10966528 _____ () C:\xampp\mysql\bin\mysqld.exe 2015-12-12 07:30 - 2015-12-12 07:30 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-12 07:30 - 2015-12-12 07:30 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-12 07:30 - 2015-12-12 07:30 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-12 07:30 - 2015-12-12 07:30 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-02 09:38 - 2016-02-02 09:38 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-02-02 09:38 - 2016-02-02 09:38 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-02-02 21:38 - 2016-02-02 21:38 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020201\algo.dll 2016-02-02 09:38 - 2016-02-02 09:38 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-09-25 08:17 - 2013-07-08 14:34 - 00114688 _____ () C:\xampp\apache\bin\pcre.dll 2015-09-25 08:19 - 2014-02-06 01:54 - 00128512 _____ () C:\xampp\php\libpq.dll 2015-08-14 14:02 - 2015-08-14 14:02 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2015-10-07 03:47 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-10-07 03:47 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2015-10-07 03:47 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2015-10-07 03:47 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2016-01-30 13:30 - 2015-04-07 16:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll 2016-02-02 09:38 - 2016-02-02 09:38 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-09-22 12:05 - 2014-04-18 08:15 - 00258944 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll 2015-11-20 08:18 - 2014-04-22 09:33 - 00247096 _____ () C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll 2015-09-22 12:05 - 2014-04-18 08:15 - 00258944 _____ () C:\Program Files (x86)\Maxthon\Bin\maxzlib.dll 2015-11-20 08:18 - 2014-04-18 08:16 - 00887064 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libglesv2.dll 2015-11-20 08:18 - 2014-04-18 08:16 - 00109336 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\libegl.dll 2015-11-20 08:18 - 2014-04-18 08:16 - 04055504 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\pdf.dll 2015-11-20 08:18 - 2014-04-18 08:16 - 02128152 _____ () C:\Program Files (x86)\Maxthon\Core\Webkit\ffmpegsumo.dll 2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00143296 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 02631616 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll 2015-04-13 16:58 - 2015-04-13 16:58 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll 2015-04-13 16:56 - 2015-04-13 16:56 - 00070675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 02158528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00593344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00332736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll 2015-04-13 16:58 - 2015-04-13 16:58 - 01264064 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00089024 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00032192 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00040384 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00127936 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libhttp_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00044992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00026048 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00035264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00037312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00025536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 13522368 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00242112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00108992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00096704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll 2015-04-13 16:57 - 2015-04-13 16:57 - 00091584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 01549248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll 2015-04-13 17:00 - 2015-04-13 17:00 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00140224 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00176576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00067520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00029632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll 2015-04-13 16:59 - 2015-04-13 16:59 - 00034240 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1494889691-692003638-653252256-500\...\baidu.com -> hxxps://www.baidu.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 14:04 - 2015-11-12 03:48 - 00001445 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 onhax.net 127.0.0.2 www.onhax.net 127.0.0.2 forum.onhax.net 127.0.0.1 labs.onhax.net 127.0.0.1 do2dear.net 127.0.0.1 https://forum.onhax.net 127.0.0.1 dlgratis.com 127.0.0.1 p30world.com 127.0.0.1 mhktricks.net 127.0.0.1 www.mhktricks.net 127.0.0.1 piratecity.net 127.0.0.1 activation.cloud.techsmith.com 127.0.0.1 oscount.techsmith.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1494889691-692003638-653252256-500\Control Panel\Desktop\\Wallpaper -> C:\Users\administrator\Desktop\indonesia-bali\Bali13.jpg DNS Servers: 208.67.222.123 - 208.67.220.123 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: RsRavMon => 2 HKLM\...\StartupApproved\StartupFolder: => "Ge'ez 2010.lnk" HKLM\...\StartupApproved\StartupFolder: => "AdFender.lnk" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager" HKLM\...\StartupApproved\Run32: => "smallbox" HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "RSDTRAY" HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent" HKLM\...\StartupApproved\Run32: => "RsTurboball" HKLM\...\StartupApproved\Run32: => "RavTRAY" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKLM\...\StartupApproved\Run32: => "Attend Scheduler" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\StartupFolder: => "IMG003.exe" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "Advanced SystemCare 8" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "apphide" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "L09AXLRD_201312078" HKU\S-1-5-21-1494889691-692003638-653252256-500\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A1548BE6-B6D7-4AF1-AC72-8B7811D6AE73}] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{3B134008-033A-40D2-A3F1-EA37FF7BDD16}] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [UDP Query User{5D6A81ED-47A0-4395-AE71-E73C04710F93}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [TCP Query User{6254B854-E931-435F-9651-12516CBC3DF6}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{9F66E629-8154-4ACF-91E7-564B735A6AD0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E3DC4DA6-28E3-4CF3-A0C9-F629B1AB77A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2A0758DE-B699-42D4-AD94-E641F9353EAD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{6A260A46-A085-4742-9808-32697B018FE1}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{57E3CE3E-B9DE-4AC6-96A4-E192983BEA10}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{2C3D2B2C-46F5-4E81-85CE-E16FBC4C9989}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{BF9742DC-1F2B-4792-8734-0E8C7F0C753D}] => (Allow) LPort=8080 FirewallRules: [UDP Query User{DF39FB05-565B-41EC-8AAB-6E22DEC7B10F}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [TCP Query User{C173B7E3-9D27-4044-A99E-AD294EA3AE6F}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe FirewallRules: [{DAF37F1F-9F37-41AB-8BA9-E8499A9DBA2E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{511E4C92-B9DC-4FBA-AA51-D38B946F93A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{0CC51CA7-545E-43BF-875A-185D980D0D9F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{EDD6C34D-7BE0-4339-A4D9-61D2E9FF03A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{44EC2133-F9C8-4C8D-ABA6-312DAF2D6E95}] => (Block) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [{502EDB8A-F745-45F2-81E3-69CF657AF224}] => (Block) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [UDP Query User{0305C619-1821-45AE-B02A-AFED4C0DFD8D}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [TCP Query User{68917788-A583-40CD-96A4-B001D8255A6C}C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\administrator\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [UDP Query User{0FDF5E74-061E-4E3B-9CFE-1B18C7FAD802}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{ABF61D39-E245-4FDE-A501-9C5E36D7640B}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{2F948318-E188-4097-8673-39CA770632A6}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{D7A3DC28-6D3F-4BD7-A4ED-11F85BEBE574}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{3B7660B8-5645-4054-ACFE-9B0A37C5A8C1}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{5A9B1AC0-F8EA-41E7-9054-36E0CBC4A7C5}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{705FFA7B-AA71-4500-819E-60504759ADDE}] => (Allow) LPort=12292 FirewallRules: [{47A56AC8-CDFE-4DCF-917C-8E0E6A7CF91B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{5008E752-CF1C-42CD-B5FB-D783E1AFBC7A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{C2C06F1C-6EA1-42B2-AC80-65D863FC2A36}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{4792955A-FBA7-4C50-93F8-7479B6D2AF51}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{104F71FE-9B4F-4AB8-B038-1BB266F5A588}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{CA0B55CC-3003-4AC2-8099-E4B21D65F4DB}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{32EB4B43-B6F6-4CDB-BFF0-7EFCB2E8C942}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{E0069D97-A8C7-429A-95F2-515F21D5EA0D}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DC0E7D15-E8D1-4205-A401-922CB761A4BB}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{40769A86-181A-4556-ADFE-B399A167E94E}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{61102C00-0249-44BE-8256-0ADB0752AD53}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{490CCAC6-D23C-482B-90FF-D80F48B070B7}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{91762153-0B32-4E23-B4FB-32AF8B4B1AC6}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2CCFAA4A-39F6-4ACD-8387-A4AE3606941D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B3D06DEF-412A-4C4B-866C-309242F7CAAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B77709A4-D1F3-470A-85D0-69CDA4ABF582}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{267BBC79-3FA2-4403-9D05-D156A8CB73D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{ABAA3F2E-88B1-4D00-AB49-6B61A090281B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{79E96453-B81C-4B4C-927B-E52C202EAC94}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8DDDB064-10EA-43DD-9091-1212BFC7DB14}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{3594D39D-6D49-4DEB-A9EF-4C90DE70E3F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{88A9E207-0C25-4B42-B208-71EEEAED7BBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{27CE5AC2-6AC0-445D-8BD7-60F9AA5AD46F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{83F6F84A-5B93-4B3D-B39F-8779F9C7A0DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{FD02BE8D-69F5-4BC8-8481-3D849DA8A344}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A5959C36-1494-471A-AC74-5EC9B846D90A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{12BD4F6A-8731-4206-B2AC-5A980C5CFECB}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe FirewallRules: [{768C6F8F-638C-4DF9-9C2A-6FA9F7D23C3B}] => (Allow) C:\Users\administrator\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe FirewallRules: [{9D983DE3-CF3B-4E3B-A34B-7868ACF0D76E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{515E2D0F-4C78-46D4-B25A-91C67E9FC254}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{F24D1E41-6F9E-4244-A09A-B72F403AA4C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{1CF1A232-22DA-4A3B-9F37-3A5BBAA6FE37}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{3DC59585-0198-4322-8570-7F2CE3BB9FA9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{DBDF564D-F7AA-49D7-A904-647DB415134C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{C80D11B7-C885-4D3F-80F2-E31493C64D52}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{BD7F3C34-AC2C-4B38-A30A-0A0E620A41FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{9968C925-DA26-4013-9150-1F21A007428D}] => (Allow) C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe FirewallRules: [{DC56EDD2-F683-4578-86DD-6E19E79C977F}] => (Allow) C:\Users\administrator\AppData\Local\ROX Player\roxplayer.exe FirewallRules: [{5D126417-D871-4C27-A694-F36D5E5B8C17}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{496055CA-A3BE-47D6-999B-610C3A1EA05F}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{EBC891D0-4B6F-474D-904C-A3B4C977FD9B}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{32641551-6ACA-424D-8666-1282FC542807}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{525365A9-9B5E-4EA2-B61C-C8A27DCDC0A3}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{767D924E-0FD9-460D-9FFE-E40D513E5DEF}] => (Allow) C:\Users\administrator\AppData\Roaming\BitTorrent\BitTorrent.exe ==================== Restore Points ========================= 02-02-2016 13:24:26 Installed Asoftech Photo Recovery ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: SAMSUNG Mobile USB Serial Port (COM3) Description: SAMSUNG Mobile USB Serial Port Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318} Manufacturer: SAMSUNG Electronics Co., Ltd. Service: ssudserd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: GT-S7562 Description: GT-S7562 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: SAMSUNG Electronics Co. Ltd. Service: WUDFWpdMtp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32) Resolution: The start type for this driver is set to disabled in the registry. Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2016 01:24:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (02/02/2016 12:21:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6 Exception code: 0xc0000005 Fault offset: 0x000000000006bd5e Faulting process id: 0x26f4 Faulting application start time: 0xrsUI.exe0 Faulting application path: rsUI.exe1 Faulting module path: rsUI.exe2 Report Id: rsUI.exe3 Faulting package full name: rsUI.exe4 Faulting package-relative application ID: rsUI.exe5 Error: (02/02/2016 12:19:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6 Exception code: 0xc0000005 Fault offset: 0x000000000006bd5e Faulting process id: 0x26f4 Faulting application start time: 0xrsUI.exe0 Faulting application path: rsUI.exe1 Faulting module path: rsUI.exe2 Report Id: rsUI.exe3 Faulting package full name: rsUI.exe4 Faulting package-relative application ID: rsUI.exe5 Error: (02/02/2016 11:53:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6 Exception code: 0xc0000005 Fault offset: 0x000000000006bd5e Faulting process id: 0x26f4 Faulting application start time: 0xrsUI.exe0 Faulting application path: rsUI.exe1 Faulting module path: rsUI.exe2 Report Id: rsUI.exe3 Faulting package full name: rsUI.exe4 Faulting package-relative application ID: rsUI.exe5 Error: (02/02/2016 11:48:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSIH) Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/02/2016 11:31:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6 Exception code: 0xc0000005 Fault offset: 0x000000000006bd5e Faulting process id: 0x26f4 Faulting application start time: 0xrsUI.exe0 Faulting application path: rsUI.exe1 Faulting module path: rsUI.exe2 Report Id: rsUI.exe3 Faulting package full name: rsUI.exe4 Faulting package-relative application ID: rsUI.exe5 Error: (02/02/2016 11:26:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 1.1.1.0, time stamp: 0x567c039f Faulting module name: LSASRV.dll, version: 10.0.10586.17, time stamp: 0x56518aa6 Exception code: 0xc0000005 Fault offset: 0x000000000006bd5e Faulting process id: 0x26f4 Faulting application start time: 0xrsUI.exe0 Faulting application path: rsUI.exe1 Faulting module path: rsUI.exe2 Report Id: rsUI.exe3 Faulting package full name: rsUI.exe4 Faulting package-relative application ID: rsUI.exe5 Error: (02/01/2016 11:38:37 AM) (Source: IMFservice) (EventID: 0) (User: ) Description: The handle is invalid Error: (02/01/2016 11:00:20 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: The handle is invalid Error: (02/01/2016 08:54:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SSIH) Description: Activation of app windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (02/03/2016 11:50:13 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error: %%193 Error: (02/03/2016 11:49:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program. Error: (02/03/2016 11:48:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/03/2016 11:47:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (02/03/2016 11:46:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WsAppService service failed to start due to the following error: %%1053 Error: (02/03/2016 11:46:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect. Error: (02/03/2016 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The BstHdLogRotatorSvc service failed to start due to the following error: %%1053 Error: (02/03/2016 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the BstHdLogRotatorSvc service to connect. Error: (02/03/2016 11:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MobogenieService service failed to start due to the following error: %%2 Error: (02/03/2016 11:46:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The rsEngineSvc service failed to start due to the following error: %%3 CodeIntegrity: =================================== Date: 2016-02-01 11:07:51.586 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-01 11:07:51.531 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-01 11:07:49.851 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-02-01 11:07:49.750 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 13:40:50.353 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-30 13:22:01.197 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 13:22:01.150 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 13:22:00.643 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 13:22:00.528 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-01-30 11:34:02.771 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Percentage of memory in use: 49% Total physical RAM: 3977.05 MB Available physical RAM: 2022.73 MB Total Virtual: 6793.05 MB Available Virtual: 3813.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:279.02 GB) (Free:16.43 GB) NTFS Drive d: (win7) (Fixed) (Total:253.01 GB) (Free:60.44 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (External) (Fixed) (Total:186.29 GB) (Free:5.36 GB) NTFS Drive f: (backup) (Fixed) (Total:192.08 GB) (Free:15.69 GB) NTFS Drive i: (os-soft) (Fixed) (Total:20.62 GB) (Free:1.57 GB) NTFS Drive y: () (Network) (Total:359.45 GB) (Free:48.47 GB) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 18C9E6EB) Partition 1: (Active) - (Size=253 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=192.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 50F54FE5) Partition 1: (Active) - (Size=279 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 MB) - (Type=27) Partition 3: (Not Active) - (Size=186.3 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================