Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017 Ran by Christopher Davis (25-05-2017 00:58:31) Running from G:\Virus Removal Windows 10 Home Version 1703 (X64) (2017-05-01 07:00:01) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4090596654-981251898-3671960314-500 - Administrator - Disabled) Christopher Davis (S-1-5-21-4090596654-981251898-3671960314-1001 - Administrator - Enabled) => C:\Users\Christopher Davis DefaultAccount (S-1-5-21-4090596654-981251898-3671960314-503 - Limited - Disabled) Guest (S-1-5-21-4090596654-981251898-3671960314-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371} AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-4090596654-981251898-3671960314-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Active@ ISO Burner 4 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 4 - LSoft Technologies Inc) Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender) Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.6.12 - Bitdefender) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.5.6618 - CyberLink Corp.) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.) CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Greenshot 1.2.9.129 (HKLM\...\Greenshot_is1) (Version: 1.2.9.129 - Greenshot) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Chipset Device Software (x32 Version: 10.1.1.34 - Intel(R) Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation) iolo technologies' Search and Recover (HKLM-x32\...\{D56C7EAB-BEE6-4D51-86CF-419FFC07FF11}_is1) (Version: 5.4.12 - iolo technologies, LLC) iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.) Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc) Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) K-Lite Codec Pack 13.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.0 - KLCP) Malwarebytes Anti-Malware version 1.80.1.1011 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.80.1.1011 - Malwarebytes Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue) Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.1 - OBS Project) OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation) QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.) SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.10 - Synaptics Incorporated) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Driver Package - Intel Corporation (iagpioe) System (05/21/2015 604.10120.2652.361) (HKLM\...\AF9226384B030787C4D0F761A23F48F7649D6D17) (Version: 05/21/2015 604.10120.2652.361 - Intel Corporation) Windows Driver Package - Intel Corporation (iai2ce) System (05/21/2015 604.10120.2654.367) (HKLM\...\B37036F6A0766DAC3E418F6CAE67005C5F3A8C40) (Version: 05/21/2015 604.10120.2654.367 - Intel Corporation) Windows Driver Package - Intel Corporation (iauarte) System (05/21/2015 604.10120.2653.391) (HKLM\...\1D4FF76A05A14FF5BA3636A41E0AB237F3A55E14) (Version: 05/21/2015 604.10120.2653.391 - Intel Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4090596654-981251898-3671960314-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {259E0597-699D-4D13-BD1A-1C4E2A31B87F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.) Task: {B70AE4CA-8329-488B-8437-16D2135B65B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-23] (Google Inc.) Task: {C97A67DB-FD70-4472-AD68-82B14C0B3953} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2015-03-17] (Symantec) Task: {CD7E528A-0EB4-4C70-85EC-D5108DF20D0A} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-07-01] (CyberLink Corp.) Task: {F6E8BA78-A4B2-41F3-A532-46685F090C76} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-05-18 17:02 - 2012-09-11 23:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2017-05-21 23:59 - 2016-04-16 21:07 - 00280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll 2017-05-21 23:59 - 2017-02-07 12:29 - 01008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl 2017-05-21 23:59 - 2017-02-07 12:29 - 00541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl 2017-05-21 23:59 - 2017-02-07 12:29 - 03243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl 2017-05-21 23:59 - 2017-02-07 12:29 - 01544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl 2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [197] AlternateDataStreams: C:\Users\Christopher Davis\Documents\Rebuild_Icon_Cache.bat:$CmdTcID [64] AlternateDataStreams: C:\Users\Christopher Davis\Documents\Rebuild_Icon_Cache.bat:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-03-18 14:01 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4090596654-981251898-3671960314-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christopher Davis\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{6d49ee23-0e47-4f05-9452-911bf14bd973}.jpg DNS Servers: 192.168.254.254 - 74.40.74.41 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: DiskDoctorService => 3 MSCONFIG\Services: gupdate => 3 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: ioloSystemService => 3 MSCONFIG\Services: NU16StartManagerSvc => 3 MSCONFIG\Services: SpeedDiskService => 3 MSCONFIG\Services: TeamViewer => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "Greenshot" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run32: => "SSDMonitor" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-4090596654-981251898-3671960314-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-4090596654-981251898-3671960314-1001\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{0CC788B4-BC46-49C8-A7C0-401BB5D705E4}E:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) E:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [UDP Query User{95A2ECDB-1D89-4F6C-BACD-0E83E8326A08}E:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) E:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [TCP Query User{B70536BE-5953-45B4-BE3A-18D2AAC80749}E:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) E:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [UDP Query User{63BA1129-FDCC-4703-8B04-AAE60BA9C65B}E:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) E:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [{A6E3ED59-51CC-46F7-AAD2-A367FB0C3441}] => (Allow) C:\Users\Christopher Davis\Documents\Tech Tool Store\Tech tool store tools\TechToolStore64.exe FirewallRules: [{D648347A-C98F-407F-A8BB-F9B59AF52F5E}] => (Allow) C:\Users\Christopher Davis\Documents\Tech Tool Store\Tech tool store tools\TechToolStore64.exe FirewallRules: [{A393D69B-C1AB-4E22-A3A5-92EC22594AB3}] => (Allow) G:\Tech Tools Store\TechToolStore64.exe FirewallRules: [{67868367-0C2B-482E-B9A2-1CD9BD1CCCF3}] => (Allow) F:\Tech Tools Store\TechToolStore64.exe FirewallRules: [{64CBD2D3-3D9D-4676-B269-6E56E3BF71D5}] => (Allow) F:\Tech Tools Store\TechToolStore64.exe FirewallRules: [{99CEB5FC-C9A7-4E9E-B915-D999B9F67732}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{33EBF5AD-2934-4D22-B1BB-C58868F56396}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A30C326F-3DF2-47F0-AABC-BBEC51285A7A}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7DB3165A-459E-4BC1-AFC1-EEA9BE08D1DF}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0E5E58E0-27E7-4CE0-A6DD-6FBBE230C020}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{ABF4CE69-35CB-4983-8E3E-CC1A38D2A290}] => (Allow) C:\Users\Christopher Davis\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{98179D41-2F99-4EA1-9719-D48D7541583F}F:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) F:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [UDP Query User{14CC9BA2-9AEC-418E-B557-EBD8486F51C8}F:\windows drivers\sdi_eng\sdi_x64_r1741.exe] => (Allow) F:\windows drivers\sdi_eng\sdi_x64_r1741.exe FirewallRules: [{0500C942-0DD1-47A2-AE5D-FEC5BD3544F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{43ABF680-7F83-4A9C-B7B1-A455A38CD5CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{10707B5F-9DD7-431A-9F3D-AA9E96E8B4B5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{71C26A3A-589B-4CBD-BF02-937F2414E762}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{65E1EABC-329F-487A-9A95-3950553DBB18}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{55A09346-6885-4CAB-AE3D-408C56BE73B3}F:\windows drivers\sdi_x64_r1751.exe] => (Allow) F:\windows drivers\sdi_x64_r1751.exe FirewallRules: [UDP Query User{39AB9027-FD4A-4702-A894-5CD236526456}F:\windows drivers\sdi_x64_r1751.exe] => (Allow) F:\windows drivers\sdi_x64_r1751.exe FirewallRules: [{C1629843-097F-481D-98C0-D8258499D930}] => (Block) F:\windows drivers\sdi_x64_r1751.exe FirewallRules: [{B00A70AE-0E94-43AB-B89F-C87C82224A15}] => (Block) F:\windows drivers\sdi_x64_r1751.exe FirewallRules: [{199C691E-4BD1-4EF6-B764-FD33F554E5F1}] => (Allow) C:\Users\Christopher Davis\Documents\Tech Tool Store\Tech tool store tools\TechToolStore64.exe FirewallRules: [{3340E399-66E0-4ACC-A805-D381D7EC8045}] => (Allow) C:\Users\Christopher Davis\Documents\Tech Tool Store\Tech tool store tools\TechToolStore64.exe FirewallRules: [{DB46F6C4-1D2D-4868-8360-4380C15A178C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{F7BD4BC5-5D8B-4D12-BE8E-48C863FFAF03}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{DC673FE4-AE2D-4804-959E-89A8DEF2D737}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{020F9D20-DDB5-479C-B3D3-C7F7FF88D5DB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{158DC74C-FB5A-4D85-B9C6-CB0B006AE9F0}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{6C6ADC7F-6F46-4144-917A-224C93270F36}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [{EC60E9E4-5D0C-4A73-9D05-1EFAE73DE277}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{74251FB0-39B9-4B0A-9384-56FDF328272F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{B14AF85C-69CF-4C45-A157-3D124339EF6E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [TCP Query User{7D8890FE-34CC-4182-89EE-5FAFF6A4DE81}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [UDP Query User{F30054C2-D575-489D-B61D-1BEC0473FE24}C:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [{5E1285ED-BEBD-4D12-B3C0-39206D06E9AF}] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [{6B5479F0-5003-4EB2-B231-AD605C747A88}] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [{CB6967C2-0364-4876-A554-5138844D7D5B}] => (Allow) G:\Tech Tools Store\TechToolStore64.exe FirewallRules: [{A4AF8E75-6B69-466B-B597-6C0DCAD8A3E2}] => (Allow) G:\Tech Tools Store\TechToolStore64.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2017 12:59:20 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Operation: Instantiating VSS server Error: (05/25/2017 12:59:20 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Operation: Instantiating VSS server Error: (05/24/2017 09:23:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SMIRKS-LAPTOP) Description: Package Facebook.317180B0BB486_99.799.32924.0_x86__8xx8rvfyw5nnt+App was terminated because it took too long to suspend. Error: (05/24/2017 05:37:53 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . Error: (05/24/2017 05:37:53 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {0b5a2c52-3eb9-470a-96e2-6c6d4570e40f} and name Coordinator cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. ] Error: (05/24/2017 05:23:39 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "G:\Tech Tools Store\Tech tool store tools\EssetOnlineScan.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest. Error: (05/24/2017 04:27:23 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "G:\Virus Removal\EssetOnlineScan.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest. Error: (05/23/2017 01:43:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: SMIRKS-LAPTOP) Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00031401-0001-0000-0057-300000000000} was terminated because it took too long to suspend. System errors: ============= Error: (05/25/2017 12:58:17 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:54 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:51 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:51 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:51 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:51 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:39 AM) (Source: DCOM) (EventID: 10016) (User: SMIRKS-LAPTOP) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user SMIRKS-LAPTOP\Christopher Davis SID (S-1-5-21-4090596654-981251898-3671960314-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (05/25/2017 12:52:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (05/24/2017 06:05:55 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (05/24/2017 05:20:38 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. CodeIntegrity: =================================== Date: 2017-05-22 00:36:05.760 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\Active Virus Control\avc3_00126_002\avcuf64.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-22 00:14:39.294 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\Active Virus Control\avc3_00126_002\avcuf64.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-22 00:14:39.147 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\Active Virus Control\avc3_00126_002\avcuf64.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-22 00:02:20.666 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender Antivirus Free\Active Virus Control\Avc3_000_001\avcuf64.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz Percentage of memory in use: 22% Total physical RAM: 8081.95 MB Available physical RAM: 6231.41 MB Total Virtual: 9361.95 MB Available Virtual: 7456.7 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.92 GB) (Free:180.25 GB) NTFS Drive e: (STORAGE) (Removable) (Total:14.82 GB) (Free:14.71 GB) FAT32 Drive g: (Repair_Tools) (Removable) (Total:14.56 GB) (Free:0.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4E494E48) Partition: GPT. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 140F0F36) Partition 1: (Not Active) - (Size=14.8 GB) - (Type=0C) ======================================================== Disk: 2 (Size: 14.6 GB) (Disk ID: 595350B5) Partition 1: (Active) - (Size=14.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================