Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016 Ran by sapphire (03-10-2016 05:14:02) Running from C:\Users\sapphire\Downloads Windows 10 Pro Version 1511 (X64) (2016-07-05 10:32:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2363097785-2004616086-4135544681-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2363097785-2004616086-4135544681-503 - Limited - Disabled) Guest (S-1-5-21-2363097785-2004616086-4135544681-501 - Limited - Disabled) sapphire (S-1-5-21-2363097785-2004616086-4135544681-1001 - Administrator - Enabled) => C:\Users\sapphire ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2363097785-2004616086-4135544681-1001\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0492 - Disc Soft Ltd) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.135.1 - Intel Security) iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 12.0 - PlotSoft LLC) SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-2363097785-2004616086-4135544681-1001\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated) trotux - Uninstall (HKLM-x32\...\{50B362D6-0443-4876-8283-35FAA3739C19}) (Version: - ) <==== ATTENTION UnHackMe 8.20 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) WebShield (HKLM-x32\...\WebShield) (Version: - ) WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION youndoo - Uninstall (HKLM-x32\...\{7F89E1F3-74C4-416C-8CCA-7C2CBB3CCDD6}) (Version: - ) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2363097785-2004616086-4135544681-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sapphire\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1CA44E38-3615-44F4-A02B-5BABB2C07C4A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-09] (AVAST Software) Task: {221AD89A-EFD9-498D-B662-5D4D1036BAE2} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\sapphire\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation) Task: {23F5B8EF-D209-4801-B32E-2E6BDF8EDDE6} - System32\Tasks\Pusertainchaspy Verfier => C:\Program Files (x86)\Prmutprpersp\coorly.exe Task: {308CED45-0976-4BC1-B3AC-6E10AF06467C} - System32\Tasks\Anofotion Collector => C:\Program Files (x86)\Gronuchcoaregh\bemition.exe Task: {48D0486B-3310-4260-B27E-DC84AF28361C} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-08-31] (Greatis Software) Task: {5BE323E0-9FC2-4E67-9790-C4D78660343C} - System32\Tasks\svchost => C:\Users\sapphire\AppData\Local\Temp\is-0FDOQ.tmp\51490.exe [2016-09-08] () <==== ATTENTION Task: {75160D15-CB01-4350-B902-2A795E16F5CD} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION Task: {7C0A60BC-B626-4B6F-BA0E-FD66D75B5754} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {80CE8E17-00A2-49F7-8131-FFDED662E427} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-06-26] () Task: {9BA8316B-EFA9-47B0-BD08-0CDC5D65AEBF} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== ATTENTION Task: {A00DB0C3-C879-48AD-A08E-5F9534A0BA05} - System32\Tasks\BossseedUpdateTaskMachineUA => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe <==== ATTENTION Task: {A90AC898-6CB8-4378-9EE0-096CCF636B9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {C3CBEF8A-E4FA-4202-8C0D-F6B7E2459C79} - System32\Tasks\Windows Update => C:\Users\sapphire\AppData\Local\CD9DCA50F69BEAD828E2E5354D572080\0.exe Task: {C860E78B-9F2D-4B42-8A2E-13B1102DDDEC} - System32\Tasks\sapphireCorrelativesSupplicatesV2 => Rundll32.exe SegueAsocial.dll,main 7 1 <==== ATTENTION Task: {CC5BD235-4C20-44F6-BE5B-8C954ADC95EA} - System32\Tasks\SafeZone scheduled Autoupdate 1473364585 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software) Task: {D4C5E7E5-D3B2-4C30-8F25-C9B5E99D35B2} - System32\Tasks\UnregisterNonABICompliantCodeRange => C:\PROGRA~2\b5f56BD\ttt5759.bat <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION Shortcut: C:\Users\sapphire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\sapphire\AppData\Roaming\HPRewriter2\RewRun3.exe (No File) <===== Cyrillic ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 15:18 - 2015-10-30 15:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-22 02:08 - 2016-09-23 17:56 - 00448216 _____ () C:\Program Files (x86)\WinSaber\WinSaber.exe 2016-09-15 01:46 - 2016-09-07 13:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-09 02:40 - 2016-09-08 21:06 - 01839616 _____ () C:\Users\sapphire\AppData\Local\Temp\is-0FDOQ.tmp\51490.exe 2016-09-15 01:46 - 2016-09-07 13:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-27 00:11 - 2016-08-27 00:11 - 01864384 _____ () C:\Users\sapphire\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-09-09 02:46 - 2015-11-30 18:17 - 00165792 _____ () C:\Program Files\ZipTool\JZipExt.dll 2016-04-27 14:10 - 2016-04-27 14:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 21:52 - 2016-07-01 11:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-09-15 01:42 - 2016-09-07 12:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-15 01:42 - 2016-09-07 12:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-15 01:42 - 2016-09-07 12:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-15 01:42 - 2016-09-07 12:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-23 19:44 - 2016-09-22 15:44 - 00273792 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe 2016-09-30 02:31 - 2016-09-30 02:31 - 01883648 _____ () C:\Users\sapphire\AppData\Local\Temp\00007934\msiql.exe 2016-09-23 19:44 - 2016-09-22 15:44 - 00634240 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe 2016-07-05 23:00 - 2016-07-05 23:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-09-23 19:45 - 2016-05-23 10:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2016-09-09 03:51 - 2016-09-09 03:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-10-03 04:27 - 2016-10-03 04:27 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16100200\algo.dll 2016-09-09 03:51 - 2016-09-09 03:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-09-09 02:46 - 2015-11-30 18:16 - 00114080 _____ () c:\program files\ziptool\ziphost.dll 2016-09-09 02:46 - 2015-11-30 18:17 - 00085920 _____ () c:\program files\ziptool\ZipUpdater\ZipUpdate.dll 2016-09-09 02:46 - 2015-11-30 18:15 - 00261536 _____ () c:\program files\ziptool\CheckUpdate.dll 2016-09-09 02:46 - 2015-11-30 18:17 - 00084384 _____ () c:\program files\ziptool\ZipSubmit\ZipSubmit.dll 2016-09-09 02:46 - 2015-11-30 18:15 - 00164768 _____ () c:\program files\ziptool\substat.dll 2016-09-09 02:46 - 2015-11-30 18:16 - 00095648 _____ () c:\program files\ziptool\ZipPlug.dll 2016-09-09 02:46 - 2015-11-30 18:16 - 00164256 _____ () c:\program files\ziptool\wchsubstat.dll 2016-09-09 02:46 - 2015-11-30 18:15 - 00244640 _____ () c:\program files\ziptool\tipsdll.dll 2016-09-23 19:45 - 2016-05-23 10:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2016-08-27 00:11 - 2016-08-27 00:11 - 01383616 _____ () C:\Users\sapphire\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-27 00:11 - 2016-08-27 00:11 - 00118976 _____ () C:\Users\sapphire\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-09-09 03:52 - 2016-09-09 03:52 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-07-05 23:00 - 2016-07-05 23:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-07-05 23:00 - 2016-07-05 23:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 19:04 - 2016-09-09 02:36 - 00001037 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2363097785-2004616086-4135544681-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sapphire\Desktop\IMG_1596.JPG DNS Servers: 172.20.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{D1D26332-8DFE-4E1E-9B2D-0DC95068C4F7}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F11403C7-112E-4CC0-8673-9BA0171F5BFE}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{41D089B5-477D-4F83-BC8D-FF21FF6907FF}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DA022105-5B37-4B97-ABD3-2C3FE84C5D28}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BF113B68-8169-4578-9446-64B3D2694452}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2A52BE47-75DE-49CF-B6F7-A350CCF73B48}] => (Allow) C:\Users\sapphire\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{61FB19C1-230A-426B-A55F-AEE29BDE830B}C:\users\sapphire\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sapphire\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{06B5D330-D3CF-45F8-A8E4-86EDB4D32F93}C:\users\sapphire\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sapphire\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{D4128B6E-C6CC-4294-B5D9-62D3C8C9AA75}C:\users\sapphire\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sapphire\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{906DC009-C2B9-4392-AB73-5041DCB47E7F}C:\users\sapphire\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sapphire\appdata\roaming\spotify\spotify.exe FirewallRules: [{191D9BA3-800D-4708-B292-D16799E41A65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9A2239AE-E961-465E-BC22-DF0DE095B57E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E3CF2344-D6FD-4966-8CD9-8D75E3E2A64E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{374FCD63-2E06-4095-B70E-8DB0368271E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4D09B1B3-DF06-4442-BCD8-5D08BF0FE353}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{C657AABA-349C-4819-B328-9D17DFEB6252}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{5E180321-5B8D-4ED9-AA0E-D729F0B5FF12}] => (Allow) C:\Users\sapphire\AppData\Local\Temp\00016465\inst_buychannel_37.exe FirewallRules: [{B540E7CC-90D1-402C-A34C-DDA430570294}] => (Allow) C:\Users\sapphire\AppData\Local\Temp\00016465\inst_buychannel_37.exe FirewallRules: [{7779E5A5-2C9B-4437-8111-07AFE27BB603}] => (Allow) C:\Program Files (x86)\Bossseed\Application\chrome.exe FirewallRules: [{A1A01F0C-3DFB-407E-A500-6E5F1B809953}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe FirewallRules: [{B02E34AF-DF03-4633-815B-A0719A340D52}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{0229556F-5F29-4D51-BCF2-02BB9772403E}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{22117A32-C784-446A-B591-C40E857BBA09}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{09187B00-2B3F-464F-ACB3-2E0B4B6FEB4B}] => (Allow) C:\ProgramData\Bossseed\Bossseed.exe FirewallRules: [{D9CDAF7D-DBED-422E-B540-AD619CE98EC6}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe FirewallRules: [{CFDB13A9-5AF0-45CB-8681-3F6232F99C68}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\DrvUpdate.exe ==================== Restore Points ========================= 15-09-2016 02:01:58 Windows Update 23-09-2016 22:44:27 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Base System Device Description: Base System Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2016 05:10:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAPPHIRE) Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/03/2016 05:08:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAPPHIRE) Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/03/2016 04:42:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAPPHIRE) Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/03/2016 04:31:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoKMS.exe, version: 2.5.3.0, time stamp: 0x54c2b458 Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf948c Exception code: 0xe0434352 Fault offset: 0x0000000000071f28 Faulting process id: 0x5e8 Faulting application start time: 0x01d21ceae73de672 Faulting application path: C:\Windows\AutoKMS\AutoKMS.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: b166b55f-ff91-4672-b25e-db5fb81b9ff8 Faulting package full name: Faulting package-relative application ID: Error: (10/03/2016 04:31:12 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AutoKMS.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.FormatException at System.DateTimeParse.Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) at ..(.) at ..(.) at ..() Error: (10/03/2016 04:30:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (10/03/2016 04:30:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/03/2016 04:30:42 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x803F7001 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/03/2016 04:10:51 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x800704CF Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/03/2016 04:10:46 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x800704CF Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (10/03/2016 05:12:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/03/2016 05:12:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect. Error: (10/03/2016 05:12:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/03/2016 05:12:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect. Error: (10/03/2016 05:07:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/03/2016 05:07:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect. Error: (10/03/2016 04:51:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MaohaWiFiService service terminated unexpectedly. It has done this 1 time(s). Error: (10/03/2016 04:30:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service hung on starting. Error: (10/03/2016 04:30:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/03/2016 04:30:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Client License Service (ClipSVC) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2016-10-03 05:12:58.514 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 05:12:58.498 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 05:07:52.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 04:30:39.800 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 04:30:39.788 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 04:30:39.776 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 04:10:05.205 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 03:58:28.668 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 03:48:28.966 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2016-10-03 03:48:28.948 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 62% Total physical RAM: 3950.09 MB Available physical RAM: 1473.93 MB Total Virtual: 6638.09 MB Available Virtual: 3724.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:228.06 GB) (Free:170.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BFA932BE) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=228.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=495 MB) - (Type=27) Partition 4: (Not Active) - (Size=3.9 GB) - (Type=05) ==================== End of Addition.txt ============================