Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop keeps crashing


  • This topic is locked This topic is locked

#1
lhey

lhey

    Member

  • Member
  • PipPipPip
  • 105 posts
Hi! Need help on my LAPTOP its keep crashing sometimes Im in a meddle of encoding or surfing the net it freezes and automatically restarts on its own.
 
Please see below FRST.TXT
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Alea (05-02-2019 19:50:06)
Running from C:\Users\Alea\Downloads
Windows 10 Education Version 1803 17134.228 (X64) (2018-08-01 03:45:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-779348029-2860323836-2858100943-500 - Administrator - Disabled)
Alea (S-1-5-21-779348029-2860323836-2858100943-1001 - Administrator - Enabled) => C:\Users\Alea
DefaultAccount (S-1-5-21-779348029-2860323836-2858100943-503 - Limited - Disabled)
Guest (S-1-5-21-779348029-2860323836-2858100943-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-779348029-2860323836-2858100943-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.7-r126167-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Roblox Studio for Alea (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\roblox-studio) (Version:  - Roblox Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Web Companion (HKLM-x32\...\{990ffad6-7657-45e2-82c2-096a5393e763}) (Version: 4.3.1908.3686 - Lavasoft)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.60 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {015930DE-4597-46AA-B79A-8A08035661E2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {0292C572-D128-4FD1-A3C4-544FF695CDE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {056AC4FA-6CE3-47E3-996B-0F02E46F1F6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {104CCDB2-9C22-404E-9697-376488A3CD6F} - System32\Tasks\KMS_VL_ALL => C:\ProgramData\KMS_VL_ALL\KMS_VL_ALL.cmd 
Task: {2A91C96B-CD9C-4B06-B208-F98A23EFED23} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B092D90-78F3-473B-8907-AAF1602BB237} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {47827301-CEFB-4141-8511-F790198139CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] (Microsoft Windows -> )
Task: {6F60C8D9-BC11-4F7B-A528-E9D15CC845D0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {71B6E77C-F8CF-42C6-8B52-81B697DE2539} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {81684E89-07BA-4C60-95E7-CA29416AC485} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F648382-0F50-4DA7-BEFB-9BECC572A322} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A84F0089-9CC2-49EC-BA88-1B34CF2488CA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {CF9B0B32-3E50-45C1-9D9F-9CACE8ECE3B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc -> Google Inc.)
Task: {E6D3DE5C-DB7E-4676-9944-E420F85D9F5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-01-25 08:40 - 2019-01-25 08:46 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-21 10:06 - 2018-04-21 10:10 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 07:24 - 2018-11-28 07:47 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-04 09:36 - 2018-10-04 12:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-13 06:36 - 2018-12-12 13:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-13 06:36 - 2018-12-12 13:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-31 09:58 - 2015-07-31 09:58 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-15 11:54 - 2018-08-03 11:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-22 08:37 - 2018-04-22 08:39 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 002974888 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 000355840 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2018-04-21 10:06 - 2018-04-21 10:10 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-11-04 17:59 - 2018-11-04 17:59 - 000777728 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 000165888 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe
2018-04-12 02:23 - 2018-04-12 02:23 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2018-04-12 02:23 - 2018-04-12 02:23 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2018-04-12 02:23 - 2018-04-12 02:23 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 05:03 - 2017-03-19 05:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Files_Laptop\Pictures\garden.jpg
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\Run: => "Web Companion"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{189FA69B-B6D1-4CCD-A584-17086916EEC6}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{98805AAD-8AE8-4B86-8287-E7D78F1D395E}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{299C0E62-0BE8-4A65-A28B-5663E330B02D}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{901EC8B9-C216-4C38-97FA-40B09FB151CB}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{C73C5A10-DA7C-4B71-A784-CB1A720A4C99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{45844DD0-68C1-47AF-B5FA-2D7E1BDB0498}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F7558502-8A63-496B-A65C-936B593B26F5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{66718C30-E9D0-40F0-9C7D-F3297D259025}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E8B2229D-534D-4FCC-9FBB-428BB0182398}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{8A1FAF44-F727-4673-97EE-376CBB75D9B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{6662960E-C078-4C00-ABAB-0E29071B104C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{0914A2CF-6687-4AD0-8878-5EFB25B8CF80}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{54F51EBE-C550-4686-BA78-A91B2D8882E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{5B91E49D-DD9D-4549-B387-DE467946A4B8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{B437E916-578D-4E42-834D-A0A40F95E0EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{AFE9B8AE-BC6B-4896-A9CF-0FBECB73332E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E89DDAA6-551B-416D-B641-F85719C0A778}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{941825E4-E181-43CE-9C4B-998F1805B39C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90E7AFAF-F1A0-4303-8DC1-DA686731AB8F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68A63847-9EC4-44B6-9C5D-00F18CF16B9C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6690647-EF59-443E-A986-A48402C2DEE8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{0B9ECE15-ADDD-4CB5-984A-2B0056FC2258}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{21A92028-D7BA-42B2-B9EC-6EC382AE1F5F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{F803A097-CD86-4CF2-A21A-C35F14D180BB}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{FDB9A571-BBC6-4CA1-9B6F-40024B51E2AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2019 07:27:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e0c42288-980c-4788-a014-c080d2e1926e;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (02/05/2019 07:26:35 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:26:30 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:25:20 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:25:18 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:52 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:49 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6CE6BB76-0000-0000-0000-500600000000-1.bin for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
 
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6CE6BB76-0000-0000-0000-500600000000-1.bin
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (02/05/2019 07:35:12 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-M14TPK3)
Description: Unable to start a DCOM Server: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. The error:
"298"
Happened while starting this command:
C:\Windows\System32\coredpussvr.exe -Embedding
 
Error: (02/05/2019 07:29:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/05/2019 07:26:35 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:31 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:30 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/05/2019 07:26:20 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:25:58 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
 
Windows Defender:
===================================
Date: 2018-12-24 13:56:28.372
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9BE40BB1-4DF2-42CC-B34C-9A51677801F1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-24 13:25:26.524
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {959BF732-3ED1-4B0A-8CEB-CFC7828C0D76}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-23 19:46:09.359
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ABDA4F23-4D0E-46E4-8D2F-F981261E57AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-23 18:35:53.642
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4EADB283-E1CF-4A1C-AC36-EBBE85D4E39D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-22 19:09:41.413
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D27BC3F-59F8-468C-A360-C99D3D0ADC93}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-21 20:41:07.926
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.1096.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-19 11:30:11.980
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.910.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-16 10:07:59.199
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.615.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-15 06:51:02.651
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.615.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-13 06:36:04.934
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.452.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-02-05 19:24:24.066
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:24.053
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.957
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.944
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.916
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.904
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.617
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.595
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD A8-5545M APU with Radeon™ HD Graphics 
Percentage of memory in use: 77%
Total physical RAM: 3273.89 MB
Available physical RAM: 727.44 MB
Total Virtual: 4873.89 MB
Available Virtual: 1924.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:103.59 GB) (Free:63.28 GB) NTFS
Drive d: () (Fixed) (Total:361.27 GB) (Free:192.78 GB) NTFS
 
\\?\Volume{6ce6bb76-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{6ce6bb76-0000-0000-0000-60ec19000000}\ () (Fixed) (Total:0.8 GB) (Free:0.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6CE6BB76)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818 MB) - (Type=27)
Partition 4: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 4.02.2019
Ran by Alea (05-02-2019 19:50:06)
Running from C:\Users\Alea\Downloads
Windows 10 Education Version 1803 17134.228 (X64) (2018-08-01 03:45:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-779348029-2860323836-2858100943-500 - Administrator - Disabled)
Alea (S-1-5-21-779348029-2860323836-2858100943-1001 - Administrator - Enabled) => C:\Users\Alea
DefaultAccount (S-1-5-21-779348029-2860323836-2858100943-503 - Limited - Disabled)
Guest (S-1-5-21-779348029-2860323836-2858100943-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-779348029-2860323836-2858100943-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{3D383E25-72E7-4F09-AA1C-9ADE6A2EF42F}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{0C9A6167-6560-4085-9C35-EDB1AE105328}) (Version: 3.2.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\uTorrent) (Version: 3.5.5.44994 - BitTorrent Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
GameHouse Games (HKLM-x32\...\GameHouse Games) (Version: 8.60.20 - GameHouse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4d839fe1-a8d3-4edc-b0ca-844394309856}) (Version: 3.2.0.9 - Intel)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\OneDriveSetup.exe) (Version: 19.002.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.27.7-r126167-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Roblox Studio for Alea (HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\roblox-studio) (Version:  - Roblox Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Web Companion (HKLM-x32\...\{990ffad6-7657-45e2-82c2-096a5393e763}) (Version: 4.3.1908.3686 - Lavasoft)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.60 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.2 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-04-01] (win.rar GmbH -> Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {015930DE-4597-46AA-B79A-8A08035661E2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {0292C572-D128-4FD1-A3C4-544FF695CDE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {056AC4FA-6CE3-47E3-996B-0F02E46F1F6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {104CCDB2-9C22-404E-9697-376488A3CD6F} - System32\Tasks\KMS_VL_ALL => C:\ProgramData\KMS_VL_ALL\KMS_VL_ALL.cmd 
Task: {2A91C96B-CD9C-4B06-B208-F98A23EFED23} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B092D90-78F3-473B-8907-AAF1602BB237} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {47827301-CEFB-4141-8511-F790198139CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] (Microsoft Windows -> )
Task: {6F60C8D9-BC11-4F7B-A528-E9D15CC845D0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {71B6E77C-F8CF-42C6-8B52-81B697DE2539} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {81684E89-07BA-4C60-95E7-CA29416AC485} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F648382-0F50-4DA7-BEFB-9BECC572A322} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A84F0089-9CC2-49EC-BA88-1B34CF2488CA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel® Software Asset Manager -> Intel Corporation)
Task: {CF9B0B32-3E50-45C1-9D9F-9CACE8ECE3B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc -> Google Inc.)
Task: {E6D3DE5C-DB7E-4676-9944-E420F85D9F5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-04-06] (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 028012544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2019-01-25 08:40 - 2019-01-25 08:46 - 000305152 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-21 10:06 - 2018-04-21 10:10 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-28 07:24 - 2018-11-28 07:47 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 006187520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2019-01-25 08:40 - 2019-01-25 08:46 - 009388544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18112.14311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-04 09:36 - 2018-10-04 12:59 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 011029504 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 002923520 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\skypert.dll
2019-01-30 06:55 - 2019-01-30 07:01 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.38.138.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-13 06:36 - 2018-12-12 13:11 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-13 06:36 - 2018-12-12 13:11 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-31 09:58 - 2015-07-31 09:58 - 008901800 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-15 11:54 - 2018-08-03 11:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-22 08:37 - 2018-04-22 08:39 - 000948736 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\e_sqlite3.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 002974888 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 000355840 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2018-04-21 10:06 - 2018-04-21 10:10 - 000631296 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-11-04 17:59 - 2018-11-04 17:59 - 000777728 _____ () C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll
2018-10-05 07:52 - 2018-10-05 07:58 - 000165888 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.46.0_x64__8wekyb3d8bbwe\Microsoft.Notes.DesktopBridge.exe
2018-04-12 02:23 - 2018-04-12 02:23 - 000033280 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\cx_Logging.cp35-win32.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000103424 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000111616 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes35.dll
2018-04-12 02:23 - 2018-04-12 02:23 - 000041984 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000405504 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom35.dll
2018-04-12 02:23 - 2018-04-12 02:23 - 000173568 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 001934336 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 001780736 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 000505856 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2018-04-12 02:23 - 2018-04-12 02:23 - 003812864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 05:03 - 2017-03-19 05:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\Control Panel\Desktop\\Wallpaper -> D:\Users\Files_Laptop\Pictures\garden.jpg
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-779348029-2860323836-2858100943-1001\...\StartupApproved\Run: => "Web Companion"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{189FA69B-B6D1-4CCD-A584-17086916EEC6}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{98805AAD-8AE8-4B86-8287-E7D78F1D395E}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{299C0E62-0BE8-4A65-A28B-5663E330B02D}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{901EC8B9-C216-4C38-97FA-40B09FB151CB}C:\users\alea\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alea\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{C73C5A10-DA7C-4B71-A784-CB1A720A4C99}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{45844DD0-68C1-47AF-B5FA-2D7E1BDB0498}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F7558502-8A63-496B-A65C-936B593B26F5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{66718C30-E9D0-40F0-9C7D-F3297D259025}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E8B2229D-534D-4FCC-9FBB-428BB0182398}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{8A1FAF44-F727-4673-97EE-376CBB75D9B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{6662960E-C078-4C00-ABAB-0E29071B104C}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{0914A2CF-6687-4AD0-8878-5EFB25B8CF80}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe (Plays.tv, Inc -> Copyright © 2018 Plays.tv, LLC)
FirewallRules: [{54F51EBE-C550-4686-BA78-A91B2D8882E4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{5B91E49D-DD9D-4549-B387-DE467946A4B8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{B437E916-578D-4E42-834D-A0A40F95E0EA}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{AFE9B8AE-BC6B-4896-A9CF-0FBECB73332E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E89DDAA6-551B-416D-B641-F85719C0A778}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{941825E4-E181-43CE-9C4B-998F1805B39C}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90E7AFAF-F1A0-4303-8DC1-DA686731AB8F}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68A63847-9EC4-44B6-9C5D-00F18CF16B9C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E6690647-EF59-443E-A986-A48402C2DEE8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{0B9ECE15-ADDD-4CB5-984A-2B0056FC2258}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{21A92028-D7BA-42B2-B9EC-6EC382AE1F5F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{F803A097-CD86-4CF2-A21A-C35F14D180BB}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{FDB9A571-BBC6-4CA1-9B6F-40024B51E2AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/05/2019 07:27:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e0c42288-980c-4788-a014-c080d2e1926e;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (02/05/2019 07:26:35 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:26:30 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:25:20 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:25:18 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:52 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:49 PM) (Source: Software Protection Platform Service) (EventID: 8229) (User: )
Description: The rules engine failed to perform one or more scheduled actions.
Error Code:0x80070002
Path:<none>
Arguments:<none>
 
Error: (02/05/2019 07:24:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6CE6BB76-0000-0000-0000-500600000000-1.bin for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Antimalware Service Executable because of this error.
 
Program: Antimalware Service Executable
File: C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6CE6BB76-0000-0000-0000-500600000000-1.bin
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C0000185
Disk type: 3
 
 
System errors:
=============
Error: (02/05/2019 07:35:12 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-M14TPK3)
Description: Unable to start a DCOM Server: {417976B7-917D-4F1E-8F14-C18FCCB0B3A8}. The error:
"298"
Happened while starting this command:
C:\Windows\System32\coredpussvr.exe -Embedding
 
Error: (02/05/2019 07:29:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/05/2019 07:26:35 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:31 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:30 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:26:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/05/2019 07:26:20 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (02/05/2019 07:25:58 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"5"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
 
Windows Defender:
===================================
Date: 2018-12-24 13:56:28.372
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9BE40BB1-4DF2-42CC-B34C-9A51677801F1}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-24 13:25:26.524
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {959BF732-3ED1-4B0A-8CEB-CFC7828C0D76}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-23 19:46:09.359
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {ABDA4F23-4D0E-46E4-8D2F-F981261E57AB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-23 18:35:53.642
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4EADB283-E1CF-4A1C-AC36-EBBE85D4E39D}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-22 19:09:41.413
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3D27BC3F-59F8-468C-A360-C99D3D0ADC93}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-21 20:41:07.926
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.1096.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-19 11:30:11.980
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.910.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-16 10:07:59.199
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.615.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-15 06:51:02.651
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.615.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-13 06:36:04.934
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.452.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-02-05 19:24:24.066
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:24.053
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.957
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.944
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.916
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.904
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.617
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2019-02-05 19:24:23.595
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD A8-5545M APU with Radeon™ HD Graphics 
Percentage of memory in use: 77%
Total physical RAM: 3273.89 MB
Available physical RAM: 727.44 MB
Total Virtual: 4873.89 MB
Available Virtual: 1924.67 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:103.59 GB) (Free:63.28 GB) NTFS
Drive d: () (Fixed) (Total:361.27 GB) (Free:192.78 GB) NTFS
 
\\?\Volume{6ce6bb76-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{6ce6bb76-0000-0000-0000-60ec19000000}\ () (Fixed) (Total:0.8 GB) (Free:0.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6CE6BB76)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=103.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=818 MB) - (Type=27)
Partition 4: (Not Active) - (Size=361.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#2
phillpower2

phillpower2

    Mechanised Mod

  • Global Moderator
  • 24,716 posts

Hello lhey,

 

The following in no way intended as any kind of malware removal assistance and is from a tech approach only.

 

 

There appears to be a problem with the Microsoft registration of Windows on this computer, the presence of torrents is also off;

 

 Error: (02/05/2019 07:27:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e0c42288-980c-4788-a014-c080d2e1926e;NotificationInterval=1440;Trigger=TimerEvent

 

Windows 10 Education Version 1803 17134.228 (X64) (2018-08-01 03:45:41)

 

µTorrent 

 

Couple of questions if I may;

 

Do you know whether or not the version of Windows on this computer is legitimate or is it a cracked version.

 

Is this your own personal computer or is it the property of an education facility such as a school or college

 

 


  • 0

#3
lhey

lhey

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts

Hi! Yes, This is my personal laptop. I have my laptop reinstalled due to virus. It wont turned on so I ask for my friend to borrow his installer so I can install it again.

 


  • 0

#4
phillpower2

phillpower2

    Mechanised Mod

  • Global Moderator
  • 24,716 posts

As per the GTG Terms of Use that we all agreed to abide by when becoming a member no assistance will be offered if there is any illegally obtained software present.

 

If you have previously had a legitimate version of Windows 10 on this computer you will be able to download Windows 10 for free from Microsoft here

 

A clean install of a legitimate version of Windows 10 and the system drivers are most likely all that will be needed, the present Education version of Windows is not intended or permitted to be used on anything other than the computer that it was purchased for.

 


  • The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP