Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01 Ran by Owner (15-06-2017 14:20:00) Running from C:\Users\Owner\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2016-07-21 22:30:45) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-296150329-2951745003-2715392215-500 - Administrator - Disabled) Guest (S-1-5-21-296150329-2951745003-2715392215-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-296150329-2951745003-2715392215-1007 - Limited - Enabled) Owner (S-1-5-21-296150329-2951745003-2715392215-1000 - Administrator - Enabled) => C:\Users\Owner postgres (S-1-5-21-296150329-2951745003-2715392215-1001 - Limited - Enabled) => C:\Users\postgres ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Smart Security 10.0.390.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360随身WiFi (HKLM-x32\...\360AP) (Version: 5.3.0.3085 - 360互联网安全中心) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.3 - Atheros Communications) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) DaVinci Resolve (HKLM\...\{C6A49D2B-7359-4ED1-BC9F-F76A1957BC7A}) (Version: 12.5.4019 - Blackmagic Design) ESET Smart Security (HKLM\...\{25238D9A-1A44-4D60-BA3A-163CB995C763}) (Version: 10.0.369.0 - ESET, spol. s r.o.) Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.9.0 - Sentelic) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.) Google Chrome (HKLM\...\{83F2CE66-1F17-38DE-83BD-1BAD39009FB6}) (Version: 58.0.3029.110 - Google, Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}) (Version: 13.01.1000 - Intel Corporation) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) K-Lite Codec Pack 12.7.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.7.0 - KLCP) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla) PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.) SmartApp (HKLM-x32\...\{74C732EB-DE42-4EAD-985F-5C45837D0951}) (Version: 3.5.3 - SmartApp) Spotify (HKU\S-1-5-21-296150329-2951745003-2715392215-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Wondershare Filmora(Build 8.2.2) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-296150329-2951745003-2715392215-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07846D5E-E88F-4DF5-9740-01BD1792F9E1} - System32\Tasks\Games\UpdateCheck_S-1-5-21-296150329-2951745003-2715392215-1000 Task: {1276CA8C-407C-40D7-917A-923BE07C97C4} - System32\Tasks\SmartAppMonitor => C:\Program Files (x86)\SmartApp\SmartAppMonitor.exe [2017-05-26] (Verto Analytics Inc.) Task: {7E815C82-38A4-4583-937F-2CFA41AC88A9} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-12-10] () Task: {7F5D3483-E2E6-4919-91B6-84FB8F0C807E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {80332D59-1051-42AF-BB01-1B3A90656058} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION Task: {9035F375-ABFD-40AE-8C15-CF455767B615} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.) Task: {B8F3B943-98BD-42BF-A9CE-A6E03DCD45A1} - \{05787F47-7E09-0E04-0A11-097D04051178} -> No File <==== ATTENTION Task: {C87A7EF2-98A9-45E1-BA03-CBEF03C2A06D} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {C938ED19-CC45-49BE-B360-040A24294606} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-14] (Adobe Systems Incorporated) Task: {CB901C8C-DA63-401D-9C25-B97D33C6252F} - System32\Tasks\360safe\360APMainProg => C:\Program Files (x86)\360AP\360AP.exe [2017-06-08] (360.cn) Task: {F8B7C028-556D-4A44-B800-FAD8DE21588A} - System32\Tasks\SmartAppLiveUpdater => C:\Program Files (x86)\SmartApp\SmartAppLiveUpdater.exe [2017-05-26] (Verto Analytics Inc.) Task: {FA7DE640-935C-4060-9214-2905E412B175} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.) Task: {FD19BCFF-7197-43A5-842B-E60FF9983C57} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\drumbit.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pоlаrr Phоtо Еditоr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Skеtсhpаd 3.5.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sоlitаirе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sсrееn Rесоrdеr.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехplоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File) Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (No File) ==================== Loaded Modules (Whitelisted) ============== 2010-01-19 17:27 - 2010-01-19 17:27 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-02 18:23 - 2013-04-01 22:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll 2017-01-02 18:23 - 2012-08-14 08:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll 2017-06-14 22:52 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2017-05-15 22:35 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll 2017-05-15 22:35 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll 2017-06-14 20:07 - 2017-06-10 11:18 - 31132672 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.126\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2017-06-14 23:06 - 00000836 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 platform.wondershare.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-296150329-2951745003-2715392215-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F6E9DE0F-192A-4469-9984-DF9A13A55239}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DABB2062-CA1E-4CB8-8BB6-4E093C2FF081}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A83F0571-F336-4B52-8211-C1044E9D0552}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{64604DDB-BA2C-490C-A088-BAC48BC8A0FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{83872E63-EC66-43CE-8B57-94E982029DBE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{17A490DE-DDA3-4839-9A8F-054BF692C48D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A2AC8B87-9D83-4B5D-9874-9AB1E6DCD83A}] => (Allow) C:\Program Files (x86)\Populations\nauman.exe FirewallRules: [{39C91C57-49BC-4350-B499-F9547C84E5F0}] => (Allow) C:\Program Files (x86)\Karelian\nauman.exe FirewallRules: [{80BCC2AC-FADE-45E6-AC86-9ADB8529B7D7}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe FirewallRules: [{33203B31-0D42-4299-B100-57978B9401EE}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe FirewallRules: [{333BDBD7-723E-4C0F-BC90-4CFC5EEEE8BC}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe FirewallRules: [{9CB61103-8DD2-4BBA-AEEA-1668270E8078}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe FirewallRules: [{EAA1DE52-6EBB-4A44-80A6-7B94711E6B2D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe FirewallRules: [{CB8B6A81-6241-4FA4-B3BF-C2ED0881C19A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe FirewallRules: [{71434BCE-CC6D-4593-B0D8-092285E424F1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe FirewallRules: [{80BC09B5-F416-42AE-8FEE-16F61A76BDFF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe FirewallRules: [{A84B0B50-B29B-4039-B5C6-E0B3E2B6D06D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe FirewallRules: [{A1B942E2-50D5-4783-AAAC-78BBEC68A10B}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe FirewallRules: [{FEEB9EF7-61A7-49FA-8044-7B3447EA067E}] => (Allow) C:\Users\Owner\AppData\Local\Temp\andy-x64\Setup.exe FirewallRules: [{42A73CAB-7313-44EB-B5D3-555B80042FA5}] => (Allow) C:\Users\Owner\AppData\Local\Temp\andy-x64\Setup.exe FirewallRules: [{4AB908ED-D6E6-459C-9A06-C8765E4E8F34}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{1E859C1A-485A-4931-890A-9BC53E1DBC43}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{359103D6-FAF2-4DFA-A3C5-917923296E6C}] => (Allow) C:\Program Files\Andy\AndyConsole.exe FirewallRules: [{644E7996-EBD0-4F2B-A56A-2BA5EBBAEA0B}] => (Allow) C:\Program Files\Andy\AndyConsole.exe FirewallRules: [{9AA2BA04-37EF-4CDE-BE8B-71832F9CFDCF}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{C6C1592C-7754-41A4-8E3C-6074CC635AD0}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{08AB2195-949B-4FE8-85A4-5627F37474D5}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe FirewallRules: [{ECBCEAB4-B88B-4471-9775-AE3FACD20F91}] => (Allow) C:\Program Files\Andy\SetupFiles\Uninstall.exe FirewallRules: [{AEB3DD9F-69D7-48B7-9036-80843CC3D78A}] => (Allow) C:\Users\Owner\AppData\Local\Temp\RemoveTemp.exe FirewallRules: [{22DD7D8A-6DA9-4B24-A6E8-E96856E134B1}] => (Allow) C:\Users\Owner\AppData\Local\Temp\RemoveTemp.exe FirewallRules: [{9F8C1463-DF65-47F6-9C3A-AC28EFEE2638}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe FirewallRules: [{3D0743BC-823A-4FB8-8C98-406E0E2CAA47}] => (Allow) C:\Program Files\Andy\SetupFiles\VMwareCheck.exe FirewallRules: [{292C1D30-055D-432D-B15E-F3E57A8971E0}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe FirewallRules: [{C0D6224B-6D46-46F0-AF40-856171CE98C1}] => (Allow) C:\Program Files\Andy\SetupFiles\AndyDoctor.exe FirewallRules: [{0188F3A3-BFDC-4396-AF75-9F7653C32083}] => (Allow) C:\Program Files (x86)\360AP\360AP.exe FirewallRules: [{1AA36C0C-DE36-4F2E-AA67-83405FE58FD9}] => (Allow) LPort=65435 FirewallRules: [{4FEE7F84-1DA7-4425-B44A-C4344E3477BA}] => (Allow) LPort=67 FirewallRules: [{8BD74776-2872-4129-86CA-9C0E6CD77C69}] => (Allow) LPort=53 FirewallRules: [{82199CC9-8135-4FA0-9D4E-882191CBF61C}] => (Allow) C:\Program Files (x86)\360AP\LiveUpdate360.exe FirewallRules: [{ED7933C2-6CEE-4564-B9A5-9702BFFD310D}] => (Allow) C:\Program Files (x86)\360AP\LiveUpdate360.exe FirewallRules: [TCP Query User{D09326C4-B1F5-44D7-89FE-DC35D96E3A7E}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\owner\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{61888752-D83C-4909-B61C-D667D696B16A}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\owner\appdata\roaming\spotify\spotify.exe FirewallRules: [{9012CCD6-163F-4053-BA0C-FC5AF80B015C}] => (Allow) C:\Program Files (x86)\360AP\LiveUpdate360.exe FirewallRules: [{BB5C706C-B210-41E5-B96F-62521C207C4C}] => (Allow) C:\Program Files (x86)\360AP\LiveUpdate360.exe FirewallRules: [{4E4F32F3-3DFA-4B97-ACA4-2115EFE716D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CBD613D7-155D-405B-BF4E-ED985383FC7F}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 24-05-2017 13:11:52 Windows Update 25-05-2017 03:00:10 Windows Update 27-05-2017 13:37:51 Installed SmartApp 14-06-2017 19:36:56 Camtasia 9 14-06-2017 22:06:35 Malwarebytes Anti-Rootkit Restore Point 15-06-2017 13:45:24 Windows Update 15-06-2017 14:00:24 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2017 01:59:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (06/15/2017 01:59:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (06/15/2017 01:52:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/15/2017 01:49:20 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe". Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/15/2017 01:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (06/15/2017 01:47:55 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (06/15/2017 01:42:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/15/2017 12:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1045 Error: (06/15/2017 12:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1045 Error: (06/15/2017 12:00:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (06/15/2017 02:14:08 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: The system detected an address conflict for IP address 2602:30a:c0a4:c5b0:2018:b260:d65b:691f with the system having network hardware address 80-7A-BF-99-38-FB. Network operations on this system may be disrupted as a result. Error: (06/15/2017 01:52:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (06/15/2017 01:52:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (06/15/2017 01:51:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool x64 - June 2017 (KB890830). Error: (06/15/2017 01:51:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800706be: 2017-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4022719). Error: (06/15/2017 01:51:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\IWMSSvc.dll Error: (06/15/2017 01:51:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (06/15/2017 01:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/15/2017 01:50:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/15/2017 01:50:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management & Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-06-14 21:41:30.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 21:41:30.512 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 21:41:30.290 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 21:41:29.941 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 21:41:29.675 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 21:41:29.495 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 20:50:48.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 20:50:48.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 20:50:48.535 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. Date: 2017-06-14 20:50:48.268 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\ESET\ESET Smart Security\Updfiles\base_nonnups\nod69AA.dll.nup.raw because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz Percentage of memory in use: 61% Total physical RAM: 3893.86 MB Available physical RAM: 1516.41 MB Total Virtual: 7785.9 MB Available Virtual: 5392.52 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.47 GB) (Free:144.82 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 2E4C6617) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================