Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Ines (20-04-2017 16:10:13)
Running from C:\Users\Ines\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-15 00:46:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-676550262-2765486237-767571021-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-676550262-2765486237-767571021-503 - Limited - Disabled)
Guest (S-1-5-21-676550262-2765486237-767571021-501 - Limited - Disabled)
Ines (S-1-5-21-676550262-2765486237-767571021-1001 - Administrator - Enabled) => C:\Users\Ines
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Advanced Calendar 2.0.0.11380 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11380 - MEIXIAN XIE) <==== ATTENTION
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-676550262-2765486237-767571021-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Popcorn Time CE YIFY (HKLM-x32\...\{F9BC7890-4FE5-4391-8C59-CD0C556EF115}) (Version: 1.0.0 - YIFY.is) <==== ATTENTION
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.96 - Trusteer)
Rapport (x32 Version: 3.5.1804.96 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.) Hidden
Tools Assist (HKLM-x32\...\{3CA099AA-D173-49e0-B3EA-145D67934BB5}) (Version: 1.0.0.61 - Jinju Wang)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {12EBC6BC-99C4-46E4-BA21-1B8AF413BFD2} - System32\Tasks\{C1CE6231-3874-4432-89CE-D86D19A829FE} => C:\Program Files (x86)\ToolsAssist\toolserv.exe [2015-11-16] ()
Task: {582A1B47-5676-4BC8-851C-53D3C3F75982} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-03] (AVAST Software)
Task: {85013611-6C73-4191-ACEA-703FCC1890F4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-24] (Realtek Semiconductor)
Task: {C3BB9EB5-B115-4AE8-9DB8-BF9D21CFEF60} - System32\Tasks\SafeZone scheduled Autoupdate 1458699171 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {C7C868B1-3829-46FE-BAF1-EF51DA526117} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-13] (Adobe Systems Incorporated)
Task: {CFDBA839-1AD3-4C90-8D58-B719C7AECC18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {D6C974C2-5DDA-4413-B139-E99A55F57011} - System32\Tasks\{CB67D0D5-746F-41CA-820D-EE2154015763} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\MobileGo-b\unins000.exe" -c /WAF
Task: {E04C6F3F-F6F0-4C80-8EFC-17E9E25AB63E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {E328D6E8-3E4A-453A-A3EC-E662A399E6A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {E4890EDD-34A3-4973-8E4C-2679226DC041} - System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873} => C:\Program Files (x86)\tools\update\tools_update.exe [2016-07-04] ()
Task: {E6516078-B278-4618-901E-BD152339EF59} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-17] (Microsoft Corporation)
Task: {EC01C9B9-4C00-4550-91BC-635B2E778393} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-12 00:34 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-24 14:15 - 2015-09-24 14:13 - 00008192 _____ () C:\WINDOWS\SysWOW64\srvany.exe
2015-09-24 14:15 - 2015-09-24 14:13 - 00151552 _____ () C:\WINDOWS\KMService.exe
2015-11-16 09:48 - 2015-11-16 09:48 - 00202872 _____ () C:\Program Files (x86)\ToolsAssist\toolserv.exe
2017-04-12 00:34 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-16 09:08 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-27 22:12 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-27 22:13 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-27 22:13 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-27 22:13 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-12 00:33 - 2017-03-28 06:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-12 00:34 - 2017-03-28 06:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-16 09:47 - 2015-11-16 09:47 - 00374392 _____ () C:\Program Files (x86)\ToolsAssist\1.0.0.61\ErrorReport.exe
2017-04-07 14:39 - 2017-04-07 14:40 - 01695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57631.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-04-19 08:40 - 2017-04-19 08:41 - 13095104 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57631.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-04-10 19:47 - 2017-04-10 19:47 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 19:47 - 2017-04-10 19:47 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 19:47 - 2017-04-10 19:47 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 19:47 - 2017-04-10 19:47 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2017-04-06 17:11 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 17:11 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-04-03 13:04 - 2017-04-03 13:04 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-27 04:49 - 2016-09-27 04:49 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-03 13:04 - 2017-04-03 13:04 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-03 13:03 - 2017-04-03 13:03 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-03 13:04 - 2017-04-03 13:04 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-30 23:42 - 2015-12-15 08:43 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-676550262-2765486237-767571021-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg
HKU\S-1-5-21-676550262-2765486237-767571021-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TheCalendarService => 2
MSCONFIG\Services: ThevSnapshotService => 2
MSCONFIG\Services: WsAppService => 2
HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F27EA6D051630301532E4448EA4CB627"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{78489B7D-833D-4983-BB86-69B2C8B8AC75}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe
FirewallRules: [TCP Query User{0245BDB9-200E-43D6-8AF9-13EB157F2E63}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe
FirewallRules: [UDP Query User{C1276135-AB7A-4031-BCC5-A2B6BBB73F0F}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe
FirewallRules: [TCP Query User{C9AB8833-55F9-452B-BCFB-8100E5891821}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe
FirewallRules: [UDP Query User{5A146B14-BCB2-4772-AFA4-00A22A186B1E}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe
FirewallRules: [TCP Query User{72C3EC5C-C568-477F-961C-7194E494F94D}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe
FirewallRules: [UDP Query User{9EA966B9-556F-4354-AF55-D3BE605F6E3D}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{807F9233-F000-4831-A56E-6D5D2ADCFBCB}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{4ACF7381-54FB-4427-B994-79440DFEAC4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76145384-E83B-4C3B-BA6D-6B73132145EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E9E4C848-96F8-438F-92BD-C165283429D5}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDA216C9-D454-43A3-A0A6-6D37F21DEA50}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{59CB3062-2ED7-4F04-A8FC-321A8C0178EC}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4A7C3A2F-A92D-4CD7-ABDA-AC7355A582D4}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5D109965-DBEA-47EE-AAFF-B95F77B3DAC3}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACAE99DA-503B-4B81-855F-173819B1FA35}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{E5CDCA50-71E3-4BBB-B855-B545264477FF}C:\users\ines\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{60633A92-7D04-49CB-BB62-D07F8391F0BA}C:\users\ines\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\nw.exe
FirewallRules: [{A2E11485-2C2F-4252-AC1F-4F506A2C1F31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1540D5A5-8212-451D-8630-D8AE9FA3E862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{23448DF1-0859-479C-A1B7-449CD8DF1C04}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{8A73BB8A-49C8-419E-BBE2-EE44976CCA75}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{4AFA8EFA-2D8C-4440-846A-610D26BF76CC}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{79F73384-AF36-45C7-BA5F-ECF4061CB9A5}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
FirewallRules: [{C3EAA71B-E581-46C3-8E4D-E6F1F04B9D66}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{D6DA0916-45FA-4AB4-9F74-9C3FFCBAA675}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
FirewallRules: [{4014DB3D-16D8-4C1B-9C55-D1C7C23FC570}] => (Allow) C:\Users\Ines\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{426F5CE8-B4DA-416C-87F9-80A1CB49C5C0}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe
FirewallRules: [UDP Query User{A99D6071-DA41-4627-923D-CAA07AA46504}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe
FirewallRules: [TCP Query User{1761F61F-6AC3-49DB-8EC7-7B6D19CA9339}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe
FirewallRules: [UDP Query User{481F4C6A-2645-4528-A0C7-332B88C626E6}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe
FirewallRules: [TCP Query User{E04C7540-AA92-476D-A988-D3829ABFE61C}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe
FirewallRules: [UDP Query User{D09C24F5-0F9E-48FC-8B6C-C77A4AE88083}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe
FirewallRules: [{7DB03B3D-8FAC-4F10-A7B4-6370CC87958C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{38840991-5DB3-4AC9-AD36-99B36E8F56A1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{EB60C1F1-C5F3-4873-947E-04583B0FA516}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2017 03:16:26 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro.
Error: (04/20/2017 02:02:34 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Falha ao enumerar sessões de utilizador para geração de conjuntos de filtros.
Details:
(HRESULT : 0x80040210) (0x80040210)
System errors:
=============
Error: (04/20/2017 05:09:54 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/20/2017 05:09:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/19/2017 08:33:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao SID (S-1-5-19) de utilizador NT AUTHORITY\LOCAL SERVICE a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/19/2017 08:33:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao SID (S-1-5-19) de utilizador NT AUTHORITY\LOCAL SERVICE a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/19/2017 08:33:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/19/2017 08:26:08 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Falha na inicialização da imagem de erro!
Error: (04/19/2017 06:17:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/18/2017 11:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao SID (S-1-5-19) de utilizador NT AUTHORITY\LOCAL SERVICE a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/18/2017 11:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao SID (S-1-5-19) de utilizador NT AUTHORITY\LOCAL SERVICE a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
Error: (04/18/2017 11:56:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.
==================== Memory info ===========================
Processor: Quad-Core Processor (up to 1.4GHz)
Percentage of memory in use: 67%
Total physical RAM: 3526.92 MB
Available physical RAM: 1141.07 MB
Total Virtual: 4166.92 MB
Available Virtual: 1045.5 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.7 GB) (Free:54.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5B77F2A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================