Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2016 Ran by Nazmun (2016-06-08 00:20:14) Running from C:\Users\Nazmun\Downloads Windows 10 Home Version 1511 (X64) (2015-12-15 11:53:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4161326916-1721736676-864866012-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4161326916-1721736676-864866012-503 - Limited - Disabled) Guest (S-1-5-21-4161326916-1721736676-864866012-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4161326916-1721736676-864866012-1005 - Limited - Enabled) Nazmun (S-1-5-21-4161326916-1721736676-864866012-1002 - Administrator - Enabled) => C:\Users\Nazmun ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4161326916-1721736676-864866012-1002\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated) Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant) Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.224.0 - Conexant Systems) CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{4386A5EF-BD23-49F4-9DAD-CD76B4F6A8BF}) (Version: 2.8.006.00 - Lenovo Group Limited) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Spotify (HKU\S-1-5-21-4161326916-1721736676-864866012-1002\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden UserTesting (HKU\S-1-5-21-4161326916-1721736676-864866012-1002\...\UserTestingPlugin) (Version: - UserTesting.com) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4161326916-1721736676-864866012-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nazmun\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4161326916-1721736676-864866012-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) CustomCLSID: HKU\S-1-5-21-4161326916-1721736676-864866012-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {111A2241-198D-4CFC-881C-9ECE2942BEA9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {18AF0854-3A4D-4110-93F0-712B9A736C7B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {22599861-D87A-457B-9A24-3E3F4BD00494} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {3447A514-98C3-4A20-947C-1C21DF27B7CC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {358F98FD-6E0B-40AB-81AD-1548C2DAD3DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {38836F29-0445-4CB0-9381-26E5205F16A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {4DC1E01F-8D01-473D-9320-FCD345719B67} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-03-01] () Task: {5135A693-2670-4950-807A-8C8D33DEB082} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.) Task: {51BB8BC5-0963-47DC-80B5-34374C64E595} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5B2AED3D-154B-4456-954D-0BD0BCBDA586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {68EE326E-7C79-41D4-8B93-C93C15BFC7C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {6C4B8883-AAB7-4617-8E58-014EC5A56E9E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {7D5ACB87-B13C-4788-822C-4F11871B760F} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo) Task: {7E889E25-4E20-4A8D-A4B5-073EDB606885} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-12-10] (Lenovo) Task: {B0F42D40-D40D-4DD5-9A7A-A58D8EB282B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation) Task: {B17E3D91-6B16-46D4-AE09-1EEC291E18CB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BF6ECEA3-9776-4071-9E2B-016BBBB6D233} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C0A3B6EE-6260-46E1-891E-3F129D747E7F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo) Task: {CFFD32F3-DE82-4948-9E38-3F7A6EEF85AB} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {EC75525A-2DF5-4341-BD58-05F04B458C8E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo) Task: {ECA7E4C2-3DC2-4BCC-ABCE-7728EDCD50C3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {EDF7B2FD-E30F-465F-8BDE-AB0D5D66367D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo) Task: {F63C635D-91A0-4F2A-ABDE-D6A04D071F6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.) Task: {F8DB4A3C-7DF1-4919-B72E-388E09CEF721} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {FA7D77D1-BAE8-4AA6-8080-F4921D4EC3B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-02-24 14:37 - 2012-04-25 03:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-04-13 05:17 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-13 05:17 - 2016-03-29 11:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-27 00:17 - 2016-05-27 00:17 - 00959168 _____ () C:\Users\Nazmun\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-01-12 19:58 - 2016-01-12 19:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-17 01:51 - 2015-12-17 02:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-05-11 16:38 - 2016-04-23 05:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 16:38 - 2016-04-23 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 16:38 - 2016-04-23 04:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 16:39 - 2016-04-23 05:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-04 17:43 - 2015-11-04 17:43 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2016-05-13 02:30 - 2016-05-11 04:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll 2016-05-13 02:30 - 2016-05-11 04:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll 2015-10-30 08:18 - 2015-10-30 08:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll 2016-05-27 00:16 - 2016-05-27 00:16 - 00679624 _____ () C:\Users\Nazmun\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2015-12-17 01:51 - 2015-12-17 02:08 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-17 01:51 - 2015-12-17 02:12 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4161326916-1721736676-864866012-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Nazmun\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\nature (11).jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{90C57579-4B6F-4A45-9DA5-ADCD716452A6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{98CB81E4-EA66-4BEB-905D-FC4AA7D0BF6D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{EA5DC331-11D7-4B16-BC21-115A7A6664C2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{5608BBF5-4F6D-415A-AEC2-0528617AE48D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{53481F17-F6ED-47DA-816A-C6C7DC447D57}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{2E764BDE-A6F5-4AAC-97F8-D8F355B4631F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{32727E15-B05B-428B-9D5B-195E8AB50D63}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{33C2DB74-B452-4907-B06D-283B7FCC78D5}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe FirewallRules: [{F48AB3BE-753D-4068-B1EF-F30E8BE8C51D}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe FirewallRules: [{D644B31A-5527-4104-946C-A6B1CAC6AE1B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{84D6EEA5-04C2-4BE5-965F-44A1EFEB2044}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{620A1220-0E33-48B6-8FF7-ECA82C2F3475}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DE017364-FC34-470E-AE2F-AC12019B89F7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{CC9344A3-7E7B-4A38-BAFE-88F964762E0E}C:\users\nazmun\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nazmun\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{15D03FE4-DAB5-4AD4-B726-FB2E2E39E5C5}C:\users\nazmun\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nazmun\appdata\roaming\spotify\spotify.exe FirewallRules: [{A4D7A619-788F-4423-9BBD-B12B1794725A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1883E1AB-2228-4839-8CD0-0DE3CBF5A676}] => (Allow) LPort=2869 FirewallRules: [{3EB29014-4D90-4959-877F-D45D4B9725FD}] => (Allow) LPort=1900 FirewallRules: [{6E4E3E92-E296-470A-8DC3-D8D9F1FE0E78}] => (Allow) C:\Users\Nazmun\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9748F2A3-2EE1-4B83-BF44-63F3EED5FDFC}] => (Allow) C:\Users\Nazmun\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8ABCC634-AE7C-48C2-A514-DC8D03151B7E}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpncmgr_x64.exe FirewallRules: [{2BBE6544-A25C-4FD3-B0ED-4EE17D609D36}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient.exe FirewallRules: [{5BB4AB1B-6B77-4B94-B721-61D1D01EB775}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpncmgr.exe FirewallRules: [{A8114B84-AA4C-4476-B369-9D635E79A4BF}] => (Allow) C:\Program Files\Trust.Zone VPN Client\vpnclient_x64.exe FirewallRules: [TCP Query User{253077FE-F014-4DD3-99AB-3168F08A4DED}C:\users\nazmun\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nazmun\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{5D3AD4AA-1966-4E68-9BC1-388B78DD0A58}C:\users\nazmun\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nazmun\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{E116F307-F688-42BC-B5ED-A3FCB7035455}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [UDP Query User{F8114644-F010-41D1-8EC7-E70BF95F7B4E}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe FirewallRules: [{F35938A5-4C32-41B5-8CFC-42E4BDDFB2E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{19DC25A9-7F30-42BE-9F5A-A80463B1FEA4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{54DFA38D-67EB-4AC5-85F3-198066B6474B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{26787C2A-D75F-433F-A997-66038080FFE7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6806A2E6-87F1-4594-B64C-D293E2C12E1B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-05-2016 19:08:40 Scheduled Checkpoint 30-05-2016 03:36:14 Removed PS4 Remote Play ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/08/2016 12:20:19 AM) (Source: ESENT) (EventID: 454) (User: ) Description: svchost (6096) Database recovery/restore failed with unexpected error -501. Error: (06/08/2016 12:20:18 AM) (Source: ESENT) (EventID: 465) (User: ) Description: svchost (6096) Corruption was detected during soft recovery in logfile C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 416 (0x000001A0). This logfile has been damaged and is unusable. Error: (06/08/2016 12:20:18 AM) (Source: ESENT) (EventID: 477) (User: ) Description: svchost (6096) The log range read from the file "C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log" at offset 1703936 (0x00000000001a0000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch. The expected checksum was 615717115611712355 (0x88b7774562a0b63) and the actual checksum was 615717115611712355 (0x88b7774562a0b63). The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup. Error: (06/08/2016 12:20:18 AM) (Source: ESENT) (EventID: 465) (User: ) Description: svchost (6096) Corruption was detected during soft recovery in logfile C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 416 (0x000001A0). This logfile has been damaged and is unusable. Error: (06/08/2016 12:20:18 AM) (Source: ESENT) (EventID: 477) (User: ) Description: svchost (6096) The log range read from the file "C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log" at offset 1703936 (0x00000000001a0000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch. The expected checksum was 615717115611712355 (0x88b7774562a0b63) and the actual checksum was 615717115611712355 (0x88b7774562a0b63). The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup. Error: (06/08/2016 12:20:17 AM) (Source: ESENT) (EventID: 454) (User: ) Description: svchost (6096) Database recovery/restore failed with unexpected error -501. Error: (06/08/2016 12:20:16 AM) (Source: ESENT) (EventID: 465) (User: ) Description: svchost (6096) Corruption was detected during soft recovery in logfile C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 416 (0x000001A0). This logfile has been damaged and is unusable. Error: (06/08/2016 12:20:16 AM) (Source: ESENT) (EventID: 477) (User: ) Description: svchost (6096) The log range read from the file "C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log" at offset 1703936 (0x00000000001a0000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch. The expected checksum was 615717115611712355 (0x88b7774562a0b63) and the actual checksum was 615717115611712355 (0x88b7774562a0b63). The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup. Error: (06/08/2016 12:20:16 AM) (Source: ESENT) (EventID: 465) (User: ) Description: svchost (6096) Corruption was detected during soft recovery in logfile C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 416 (0x000001A0). This logfile has been damaged and is unusable. Error: (06/08/2016 12:20:16 AM) (Source: ESENT) (EventID: 477) (User: ) Description: svchost (6096) The log range read from the file "C:\Users\Nazmun\AppData\Local\Comms\UnistoreDB\USS.log" at offset 1703936 (0x00000000001a0000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch. The expected checksum was 615717115611712355 (0x88b7774562a0b63) and the actual checksum was 615717115611712355 (0x88b7774562a0b63). The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup. System errors: ============= Error: (06/08/2016 12:20:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:20:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:20:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:18:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:07:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:07:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:07:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:07:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 Error: (06/08/2016 12:07:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} Error: (06/08/2016 12:07:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The User Data Access_3c38c service terminated with the following error: %%1358 CodeIntegrity: =================================== Date: 2016-06-07 22:09:45.336 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:45.291 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:45.227 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:45.007 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:44.971 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:44.919 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:44.636 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:44.592 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:09:44.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-07 22:08:55.060 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A8-4500M APU with Radeon(tm) HD Graphics Percentage of memory in use: 50% Total physical RAM: 5327.26 MB Available physical RAM: 2620.72 MB Total Virtual: 6223.26 MB Available Virtual: 3363.39 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:888.28 GB) (Free:555.98 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: F8728B7C) Partition: GPT. ==================== End of Addition.txt ============================