Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-06-2019 Ran by JUNI (01-07-2019 23:39:10) Running from C:\Users\JUNI\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2019-06-22 19:48:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3580717453-3749451280-948394680-500 - Administrator - Disabled) ASPNET (S-1-5-21-3580717453-3749451280-948394680-1004 - Limited - Enabled) Guest (S-1-5-21-3580717453-3749451280-948394680-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3580717453-3749451280-948394680-1002 - Limited - Enabled) JUNI (S-1-5-21-3580717453-3749451280-948394680-1001 - Administrator - Enabled) => C:\Users\JUNI ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3uTools (HKLM\...\3uTools) (Version: 2.23.011 - ShangHai ZhangZheng Network Technology Co., Ltd.) AOMEI Partition Assistant 8.2 (HKLM\...\{04F850ED-FD0F-4ED1-AE1B-4498165BF3D2}_is1) (Version: - AOMEI Technology Co., Ltd.) Apple Application Support (32-bit) (HKLM\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{CE84DF09-7A4C-45AC-BEAE-7313AE8FD18E}) (Version: 12.2.1.12 - Apple Inc.) Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform) Clover V3.4 (HKLM\...\Clover) (Version: 3.4.9.19610 - 易捷科技) DualBootPRO 1.1 Retail [ by Raeeka/Soft98.iR ] (HKLM\...\DualBootPRO_is1) (Version: 1.1 - by Raeeka/Soft98.iR) EasyBCD 2.4 (HKLM\...\EasyBCD) (Version: 2.4 - NeoSmart Technologies) Final Uninstaller (HKLM\...\{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1) (Version: 2.6 - FinalUninstaller.com) Glary Utilities PRO 5.122 (HKLM\...\Glary Utilities 5) (Version: 5.122.0.147 - Glarysoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems) iMazing 2.9.13.0 (HKLM\...\iMazing_is1) (Version: 2.9.13.0 - DigiDNA) IsoBuster 4.4 (HKLM\...\IsoBuster_is1) (Version: 4.4 - Smart Projects) iTunes (HKLM\...\{929A8699-3B3E-44DE-98BB-951B47E6C162}) (Version: 12.9.5.7 - Apple Inc.) jv16 PowerTools (HKLM\...\jv16 PowerTools) (Version: - Macecraft Software) LockHunter 3.2.3.126 (HKLM\...\LockHunter_is1) (Version: 3.2.3.126 - lrepacks.ru) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Core 2.2.5 - Windows Server Hosting (HKLM\...\{2b131191-2385-411e-b253-c7c2f13d3bae}) (Version: 2.2.5.0 - Microsoft Corporation) Microsoft .NET Core Runtime - 2.2.5 (x86) (HKLM\...\{7cf4a245-e47d-4efa-9f77-299a9e6e1f8c}) (Version: 2.2.5.27618 - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24516 (HKLM\...\{B4EB15A2-6582-346E-8501-B6E907F23B80}) (Version: 14.0.24516 - Microsoft Corporation) Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24516 (HKLM\...\{7B82F823-A226-3463-B438-AF4DDDE2B810}) (Version: 14.0.24516 - Microsoft Corporation) NVIDIA Graphics Driver 263.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 263.09 - NVIDIA Corporation) OneClickFirewall (HKLM\...\OneClickFirewall) (Version: 1.0.0.2 - hxxp://winaero.com) PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version: - Bart Lagerweij) PE Explorer 1.99 R6 (HKLM\...\PE Explorer_is1) (Version: 1.99.6 - Heaventools Software) PowerISO (HKLM\...\PowerISO) (Version: 7.4 - Power Software Ltd) Reg Organizer (HKLM\...\Reg Organizer 8.29 Final) (Version: - ) Revo Uninstaller Pro 4.1.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.1.0 - VS Revo Group, Ltd.) SmartFix Tool (HKLM\...\SmartFix) (Version: 2.1.5 - simplix) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.31.1 - Synaptics Incorporated) TeraCopy version 3.3 beta (HKLM\...\TeraCopy_is1) (Version: 3.3 beta - Code Sector) Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 7.1.2 - UltraDefrag Development Team) Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.8 - CrystalIDEA Software) UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 10.8.4.0 - Carifred) VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes) Windows 7 Manager 5.2.0 (HKLM\...\Windows 7 Manager_is1) (Version: 5.2.0 - lrepacks.ru) Winja version 7.1.0.0 (HKLM\...\Winja_is1) (Version: 7.1.0.0 - Phrozen SAS) WinRAR 5.71 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.2 - win.rar GmbH) Wise Program Uninstaller 2.3.5 (HKLM\...\Wise Program Uninstaller_is1) (Version: 2.3.5 - WiseCleaner.com, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> ) ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd) ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> ) ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG) ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt32.dll [2017-07-20] (Crystal Rich Ltd -> Crystal Rich Ltd) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> ) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-18] (Power Software Limited -> Power Software Ltd) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2016-12-07] (Code Sector -> ) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-16] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\JUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> -no-sandbox ShortcutWithArgument: C:\Users\JUNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\8c51120aee4c2d11\CCleaner Browser.lnk -> C:\Users\JUNI\Downloads\Ccleaner_browser\SECURE.PACKED\Safer-bin\CCleanerBrowser.exe (Piriform Software) -> --profile-directory=Default -no-sandbox ==================== Loaded Modules (Whitelisted) ============== 2019-06-22 23:47 - 2017-03-14 16:51 - 001051648 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy.dll 2019-06-28 08:25 - 2019-06-28 08:25 - 000317440 _____ () [File not signed] C:\Windows\system32\lua5.1a.dll 2019-06-23 02:58 - 2019-04-17 09:39 - 000136232 _____ (FoxxApp/PortableAppZ.ru) [File not signed] C:\Users\JUNI\Downloads\Revo.Uninstaller.Pro.4.1.0.Portable\Revo.Uninstaller.Pro.4.1.0.Portable\RevoUninstallerPROPortable.exe 2019-01-25 03:56 - 2019-01-25 03:56 - 003000320 _____ (Microsoft Corporation) [File not signed] C:\Windows\Explorer.EXE 2010-11-20 23:29 - 2010-11-20 23:29 - 000232448 _____ (Microsoft Corporation) [File not signed] C:\Windows\servicing\TrustedInstaller.exe 2019-01-25 04:00 - 2019-01-25 04:00 - 000128000 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\AUDIODG.EXE 2010-11-20 23:29 - 2010-11-20 23:29 - 000330240 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\cmd.exe 2019-01-25 04:00 - 2019-01-25 04:00 - 000299008 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\conhost.exe 2009-07-14 01:43 - 2009-07-14 03:14 - 000034816 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\DllHost.exe 2010-11-20 23:29 - 2010-11-20 23:29 - 000254976 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\taskmgr.exe 2010-11-20 23:29 - 2010-11-20 23:29 - 000285184 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wbem\wmiprvse.exe 2019-01-25 04:00 - 2019-01-25 04:00 - 000163840 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\wuauclt.exe 2019-06-28 08:26 - 2019-06-28 08:26 - 001009664 _____ (UltraDefrag Development Team) [File not signed] C:\Program Files\UltraDefrag\ultradefrag.exe 2019-06-28 08:25 - 2019-06-28 08:25 - 000054784 _____ (UltraDefrag Development Team) [File not signed] C:\Windows\system32\udefrag.dll 2019-06-28 08:25 - 2019-06-28 08:25 - 000333312 _____ (UltraDefrag Development Team) [File not signed] C:\Windows\system32\zenwinx.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2019-06-28 21:18 - 000000904 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 asc.iobit.com 0.0.0.0 serius.mwbsys.com 0.0.0.0 keystone.mwbsys.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3580717453-3749451280-948394680-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 172.20.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: ActiveSMART Service => 2 MSCONFIG\Services: AdvancedSystemCareService12 => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Avira.ServiceHost => 2 MSCONFIG\Services: AviraOptimizerHost => 2 MSCONFIG\Services: Backupper Service => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CleanupPSvc => 3 MSCONFIG\Services: defragsvc => 3 MSCONFIG\Services: ehRecvr => 3 MSCONFIG\Services: ehSched => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 3 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMService => 3 MSCONFIG\Services: ReviverSoft Smart Monitor Service => 3 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: Suite Service => 2 MSCONFIG\Services: TeraCopyService => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Avast Cleanup Premium.lnk => C:\Windows\pss\Avast Cleanup Premium.lnk.CommonStartup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{260860BC-43B3-44B2-81F7-241B1C8CD62C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E25E692C-485B-4E99-989F-4BF9ACDFC03A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{2F055956-19BF-4B67-8593-8E39F2A1A960}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe (Carifred.com) [File not signed] FirewallRules: [{7FBBC36B-F4E4-40A5-B0F7-2247EE70528B}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe (Carifred.com) [File not signed] FirewallRules: [{5E1999C1-20A4-48F8-85D6-DFF1C5C2E198}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe (Carifred.com) [File not signed] FirewallRules: [{A0DFFA0E-3487-4B9B-BB1A-0F3A03754023}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{79FDE35F-77EA-4CAE-B502-F0F8FC1504D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F5EAEE23-848C-4920-AF54-DEFFE8A3BAAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{50B47141-9FBF-4BEE-AC08-086E23B88AB1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{404C7E10-8726-434F-8842-A9DBB00190D0}] => (Allow) C:\Program Files\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{2D1220BA-6759-4D85-A4BD-353DDB89F6F4}] => (Allow) C:\Program Files\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司) FirewallRules: [{5F8CEE71-73C0-4F69-981F-A776E61E9DA5}] => (Allow) LPort=80 FirewallRules: [TCP Query User{7466A5C1-C2BC-4744-9407-0F1F63984A0D}C:\users\juni\downloads\ccleaner_browser\secure.packed\safer-bin\ccleanerbrowser.exe] => (Allow) C:\users\juni\downloads\ccleaner_browser\secure.packed\safer-bin\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software) FirewallRules: [UDP Query User{073A0522-6718-4540-9512-C094C5449ADA}C:\users\juni\downloads\ccleaner_browser\secure.packed\safer-bin\ccleanerbrowser.exe] => (Allow) C:\users\juni\downloads\ccleaner_browser\secure.packed\safer-bin\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software) FirewallRules: [{3D96EF17-7747-4E83-8BF1-4C6A1265FAF2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) StandardProfile\AuthorizedApplications: [C:\Windows\system32\winlogon.exe] => enabled:@shell32.dll,-1 StandardProfile\AuthorizedApplications: [C:\Windows\system32\wininit.exe] => enabled:@shell32.dll,-1 ==================== Restore Points ========================= 24-06-2019 21:09:06 Software Distribution Service 3.0 25-06-2019 04:41:14 Software Distribution Service 3.0 26-06-2019 23:02:54 Software Distribution Service 3.0 27-06-2019 22:44:11 Software Distribution Service 3.0 29-06-2019 03:38:38 Windows Modules Installer 30-06-2019 03:04:29 Windows Update 01-07-2019 03:13:13 PC Cleaner Pro System Backup 01-07-2019 05:03:19 Windows Defender Checkpoint ==================== Faulty Device Manager Devices ============= Name: Apple Mobile Device Ethernet Description: Apple Mobile Device Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Apple Service: Netaapl Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2019 10:15:44 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). Error: (07/01/2019 10:14:38 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 10:06:38 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 09:58:38 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 09:50:39 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 09:42:40 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 09:34:39 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/01/2019 09:26:39 PM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. System errors: ============= Error: (07/01/2019 10:04:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Advanced SystemCare Service 12 service terminated unexpectedly. It has done this 1 time(s). Error: (07/01/2019 10:02:30 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {DD72B942-27D2-4A3C-9353-FA0441FBABA0} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2019-07-01 05:01:53.306 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Peroclee&threatid=242080 Name:Misleading:Win32/Peroclee ID:242080 Severity:High Category:Potentially Unwanted Software Path Found:file:C:\Users\JUNI\Downloads\14.0.18.6.3-PVP\14.0.18.6.3-PVP\PCPro-Installer.exe Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2019-07-01 04:51:43.647 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Peroclee&threatid=242080 Name:Misleading:Win32/Peroclee ID:242080 Severity:High Category:Potentially Unwanted Software Path Found:file:C:\Users\JUNI\Downloads\14.0.18.6.3-PVP\14.0.18.6.3-PVP\PCPro-Installer.exe Detection Type:Concrete Detection Source:Real-Time Protection Status:Unknown Process Name: Date: 2019-06-30 05:14:55.904 Description: Windows Defender scan has been stopped before completion. Scan ID:{FB299929-C04A-43B2-B0D6-23D08E985DAD} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2019-06-28 23:52:10.845 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Softeallion&threatid=240809 Name:Misleading:Win32/Softeallion ID:240809 Severity:High Category:Potentially Unwanted Software Path Found:file:C:\Program Files\SmartPCFixer\SmartPCFixer.exe;process:pid:7988 Detection Type:Concrete Detection Source:Real-Time Protection Status:Unknown Process Name: CodeIntegrity: =================================== Date: 2019-07-01 23:28:40.491 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 22:43:27.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 22:04:10.217 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 21:06:03.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 20:55:30.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 05:32:31.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 04:58:01.573 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. Date: 2019-07-01 04:36:39.390 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== BIOS: Acer V3.60 08/12/2008 Motherboard: Acer Grapevine Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz Percentage of memory in use: 90% Total physical RAM: 2046.12 MB Available physical RAM: 195.89 MB Total Virtual: 8424.12 MB Available Virtual: 5724.99 MB ==================== Drives ================================ Drive c: (NEW) (Fixed) (Total:115.2 GB) (Free:38.69 GB) NTFS Drive d: (JJ) (Fixed) (Total:108.04 GB) (Free:14.67 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (back-up) (Fixed) (Total:74.85 GB) (Free:21.7 GB) NTFS Drive g: (GParted-live) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS Drive h: (CDROM) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FE1C698E) Partition 1: (Not Active) - (Size=190 GB) - (Type=0F Extended) Partition 2: (Active) - (Size=108 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================