Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017 Ran by Nmsha (05-06-2017 21:51:51) Running from D:\Nmsha Windows 10 Pro Version 1703 (X64) (2017-04-29 17:09:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1544021099-3984391978-3616590382-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1544021099-3984391978-3616590382-503 - Limited - Disabled) Guest (S-1-5-21-1544021099-3984391978-3616590382-501 - Limited - Disabled) Nmsha (S-1-5-21-1544021099-3984391978-3616590382-1001 - Administrator - Enabled) => C:\Users\Nmsha _ashbackuppb_ (S-1-5-21-1544021099-3984391978-3616590382-1003 - Administrator - Enabled) => C:\Users\_ashbackuppb_ ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Out of date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4} AV: Panda Protection (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Protection (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D} FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\{39f8dcb1-5f2e-4057-980e-f463756a0465}) (Version: 2.3.3693.0 - Futuremark) 3DMark (Version: 2.3.3693.0 - Futuremark) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.4.1 - Mirillis) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Ansel (Version: 382.05 - NVIDIA Corporation) Hidden ApoDispatchConfigurator (Version: 3.1.301 - ASUSTeKcomputer.Inc) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Ashampoo Backup Pro 11 (HKLM\...\{DF972766-3CEA-0FEC-AD7D-0A1791430C35}_is1) (Version: 11.07 - Ashampoo GmbH & Co. KG) ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.35 - ASUSTeK Computer Inc.) Asus Sonic Radar 3 (HKLM-x32\...\{d385a418-0a04-44f8-9284-522ed67a2926}) (Version: 3.1.3.38259 - ASUSTeKcomputer.Inc) Asus Sonic Studio 3 (HKLM-x32\...\{acef060a-19fa-4c87-b145-524e6faf08c4}) (Version: 3.1.3.38259 - ASUSTeKcomputer.Inc) Atom (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\atom) (Version: 1.16.0 - GitHub Inc.) AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.04.09 - ASUSTeK Computer Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM-x32\...\{9bffeb8a-bd07-4f43-aca3-3266700f4029}) (Version: 1.2.85.18383 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.85.18383 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.8.2.29275 - Avira Operations GmbH & Co. KG) Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.5.0.5091 - Avira Operations GmbH & Co. KG) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform) Chromium (HKLM-x32\...\{CC7924B9-9CF9-F539-2D79-85B9FDF95639}) (Version: - ) Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus) CloneDrive (HKLM-x32\...\CloneDrive) (Version: 1.00.07 - ASUSTeKcomputer Inc) CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\CopyTrans Suite) (Version: 4.013 - WindSolutions) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CPUID ROG CPU-Z 1.77 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.77 - CPUID, Inc.) DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 6.2.0.0496 - Disc Soft Ltd) Dead Rising 3: Apocalypse Edition (HKLM-x32\...\Dead Rising 3: Apocalypse Edition_is1) (Version: - ) Defiance (HKLM\...\Steam App 224600) (Version: - Trion Worlds, Inc.) DeviceRoutingConfigurator (Version: 3.1.301 - ASUSTeKcomputer.Inc) Hidden Discord (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Don't Starve Together (HKLM\...\Steam App 322330) (Version: - Klei Entertainment) Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit) EaseUS Partition Master 12.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS) EaseUS Todo Backup Free 10.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.0 - CHENGDU YIWO Tech Development Co., Ltd) EdgeRunner Multiplicity (HKLM-x32\...\Multiplicity) (Version: 3.42 - EdgeRunner, LLC.) EdgeRunner SpaceMonger (HKLM-x32\...\EdgeRunner SpaceMonger) (Version: 3.0 - EdgeRunner, LLC) EVE Online (HKLM\...\Steam App 8500) (Version: - CCP) EVGA Precision XOC (HKLM\...\Steam App 268850) (Version: - EVGA) Futuremark SystemInfo (HKLM-x32\...\{6583B359-134F-480D-9B31-9B94EFFAFE40}) (Version: 5.0.609.0 - Futuremark) GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.31) (Version: 1.5.31 - ASUSTeK COMPUTER INC.) GameFirst IV (x32 Version: 1.5.31 - ASUSTeK COMPUTER INC.) Hidden Geeks3D FurMark 1.18.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - ) HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) iExplorer (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\2ee35ebaf226322a) (Version: 4.1.4.1 - Macroplant LLC) Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) Network Connections 21.1.27.0 (HKLM\...\PROSetDX) (Version: 21.1.27.0 - Intel) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) IObit Malware Fighter 5 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 5.0 - IObit) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.2.0.933 - IObit) iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) KeyBot II (HKLM-x32\...\{56496BBC-DA67-4DC7-9B90-398982CA641D}) (Version: V1.01.02 - ASUSTeK Computer Inc.) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Line of Sight (HKLM\...\Steam App 436520) (Version: - BlackSpot Entertainment) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.578 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.578 - LogMeIn, Inc.) Hidden Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.25 - ASUSTeK Computer Inc.) Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.8201.2075 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) NahimicSettingsConfigurator (Version: 3.1.301 - ASUSTeKcomputer.Inc) Hidden Neverwinter (HKLM\...\Steam App 109600) (Version: - Cryptic Studios) NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version: - Novawave Inc.) NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden Panda Protection (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 18.01.00.0000 - Panda Security) Panda Protection (Version: 8.90.00 - Panda Security) Hidden Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games) PCMark 8 (HKLM-x32\...\{ffbe2963-bbe7-49f1-9c32-6fe7e17e5200}) (Version: 2.7.613.0 - Futuremark) PCMark 8 (Version: 2.7.613.0 - Futuremark) Hidden PlanetSide 2 (HKLM\...\Steam App 218230) (Version: - Daybreak Game Company) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd) ProductDaemonSetup (Version: 3.1.301 - ASUSTeKcomputer.Inc) Hidden PTC Creo Platform Agent 3.133 (HKLM-x32\...\{7F89E552-7586-4840-9EB5-3D56733BE98C}) (Version: 3.133.0 - PTC) qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project) Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10374 - Qualcomm Atheros) Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.260 - Qualcomm Atheros) RamCache II (HKLM-x32\...\RamCache II) (Version: 1.01.04 - ASUSTeKcomputer Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) Reload Icons Cache 1.00 (HKLM-x32\...\Reload Icons Cache 1.00) (Version: 1.00 - Mr Blade Design's) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.02.06 - ASUSTeK Computer Inc.) Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia) Sid Meiers Civilization VI (HKLM-x32\...\Sid Meiers Civilization VI_is1) (Version: - ) SkinPack macOS Sierra (HKLM-x32\...\SkinPack) (Version: macOS Sierra - SkinPack) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.3.0 - IObit) SonicMapperConfigurator (Version: 3.1.3.38194 - ASUSTeKcomputer.Inc) Hidden SonicRadar3Setup (Version: 3.1.3.38194 - ASUSTeKcomputer.Inc) Hidden SonicStudio3Setup (Version: 3.1.3.38259 - ASUSTeKcomputer.Inc) Hidden Stardock DeskScapes 8 (HKLM-x32\...\Stardock DeskScapes 8) (Version: 8.51 - Stardock Software, Inc.) Stardock Fences 3 (HKLM-x32\...\Stardock Fences 3) (Version: 3.04 - Stardock Software, Inc.) Stardock IconPackager (HKLM-x32\...\Stardock IconPackager) (Version: 10.02 - Stardock Software, Inc.) Stardock Launch (HKLM-x32\...\Stardock Launch) (Version: 1.10 - Stardock Software, Inc.) Stardock Object Desktop Manager (HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\Object Desktop Manager) (Version: 3.38 - Stardock Software, Inc.) Stardock ShadowFX (HKLM-x32\...\ShadowFX) (Version: 1.20 - Stardock Software, Inc.) Stardock SkinStudio (HKLM-x32\...\SkinStudio) (Version: 10.1 - Stardock Software, Inc.) Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.55 - Stardock Software, Inc.) Stardock Theme Manager (HKLM-x32\...\Theme Manager) (Version: 4.00 - Stardock Systems, Inc.) Stardock Tiles (HKLM-x32\...\Tiles) (Version: 1.20 - Stardock Software, Inc.) Stardock WindowBlinds (HKLM-x32\...\Stardock WindowBlinds) (Version: 10.62 - Stardock Software, Inc.) Stardock WindowFX (HKLM-x32\...\WindowFX) (Version: 6.03 - Stardock Software, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Twitch (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Twitch Interactive, Inc.) UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.2.1.0 - Manuel Hoefs (Zottel)) UxStyle (HKLM-x32\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC) UxStyle (Version: 0.2.4.2 - The Within Network, LLC) Hidden Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.9.564 - ASUS Cloud Corporation) Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.7.0.0 - Winaero) WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) XYplorer 17.90 (HKLM-x32\...\XYplorer) (Version: 17.90 - Donald Lessau, Cologne Code Company) ZoneAlarm Firewall (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point) ZoneAlarm Security (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1544021099-3984391978-3616590382-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-77F6A6301348}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1544021099-3984391978-3616590382-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {081BD58D-BAB9-425B-806D-ADABA1A1F5EA} - System32\Tasks\ASUS\KeyBot II Execute => C:\Program Files (x86)\ASUS\KeyBot II\KeyBotII.exe [2015-11-06] () Task: {0953E2F9-00EA-4C62-A63E-9925F4D35B78} - System32\Tasks\60495L43245y41572N6221 => Rundll32.exe "C:\ProgramData\60495L43245y41572N6221\60495L43245y41572N6221.dll",LyNZXgZuPl <==== ATTENTION Task: {0B930824-5C4B-49C4-9A5A-4C117B82A156} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-09-26] (IObit) Task: {0D02269D-78BC-419D-920C-D2F2E7CA86B9} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe [2016-10-17] () Task: {0EDE3989-C66B-4C7C-93E5-FFA5EA6685D3} - System32\Tasks\Avira\System Speedup\Delayed Startup\Nmsha\1 => C:\Users\Nmsha\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2017-04-29] (Microsoft Corporation) <==== ATTENTION Task: {165BDFEC-FB7E-4C61-8E9F-CDF525D3B3B0} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-04-07] (Avira Operations GmbH & Co. KG) Task: {1A75DB10-26E8-4CE0-9EB5-35E5F27C5925} - System32\Tasks\ASUS\RamDisk => C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe [2014-02-17] () Task: {232A0339-793E-40EE-B60C-4B0AD1B07A1E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd) Task: {2782C4BB-BCD5-4517-A4D4-F2C65C9A1625} - System32\Tasks\11062L66102y84384N29888 => Rundll32.exe "C:\ProgramData\11062L66102y84384N29888\11062L66102y84384N29888.dll",LyNZXgZuPl <==== ATTENTION Task: {28BFD540-8EBD-4569-87E0-6DBEDE60069A} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {2BE469B3-DBE7-4C06-BF8C-F860F5EF0068} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2016-05-03] () Task: {323C84C9-7204-4882-A913-01958CE754AD} - \SS3Svc64Run -> No File <==== ATTENTION Task: {32988D08-2A0D-420B-A642-3ADDCA75AB6A} - System32\Tasks\Uninstaller_SkipUac_Nmsha => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-10] (IObit) Task: {348860D7-0D74-4761-8116-2B0F80595D13} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\ASUSWSLoader.exe [2016-06-21] (ASUS Cloud Corporation) Task: {3571BFAA-8343-4B74-AF41-BD1ABF7C8CE8} - System32\Tasks\AutoPico Daily Restart => D:\Nmsha\KMSpico\AutoPico.exe Task: {3F7330B8-45F4-4988-92F1-AE597C3181CA} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-03-28] (IObit) Task: {42607328-6B98-4A79-AD6E-46DA4BEF6B63} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit) Task: {58C47D90-1905-4783-AA73-9C12F3E54A4B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation) Task: {5DA38AD5-817A-4434-9F65-3B99CA38FC45} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nmshafer4@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {660B0B9E-E7D5-4DE2-B2FA-D63353746CE4} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe Task: {6B9EDFBE-7FF7-4468-A039-885076B3E53B} - System32\Tasks\33221L41636y17106N50622 => Rundll32.exe "C:\ProgramData\33221L41636y17106N50622\33221L41636y17106N50622.dll",LyNZXgZuPl <==== ATTENTION Task: {7300F974-F30F-4E21-A4D5-F6CCCE368AA4} - System32\Tasks\HWMonitor.exe_1058324233 => cmd.exe /c start "" "C:\Program Files\CPUID\HWMonitor\HWMonitor.exe" Task: {748CA997-2CD9-45B2-8522-E14B8B5BAD07} - System32\Tasks\Always run as admin => C:\Program Files\CPUID\HWMonitor\HWMonitor.exe [2017-03-23] (CPUID) Task: {800F51EA-6D4B-4153-954C-1538FE15388E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {813A2AC2-1F9C-4197-B064-38C2938BFD7C} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK Task: {8302A5E5-5B6A-4062-AB9D-F66312D01D7D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe Task: {87D3B8D9-9412-4C02-8706-C3ED7EC0A5C8} - System32\Tasks\Driver Booster SkipUAC (Nmsha) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit) Task: {8C2E2EFF-6F20-40F1-8F4E-7F58D1901955} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-05-10] (Avira Operations GmbH & Co. KG ) Task: {90E3DE18-4FB5-4BAC-BB1F-E2469FCDB687} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [2014-11-28] (Secunia) Task: {94958C65-2C86-40E0-9A21-796B08E1CE6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-10] (Adobe Systems Incorporated) Task: {A2242C3B-A6A4-4F3F-979E-329E69560626} - System32\Tasks\38003L47201y18505N27024 => Rundll32.exe "C:\ProgramData\38003L47201y18505N27024\38003L47201y18505N27024.dll",LyNZXgZuPl <==== ATTENTION Task: {A676BD14-4A60-4DB2-999D-70707EA3A0FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.) Task: {A8C35270-7F03-46DD-A01A-AE4AC64EC347} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-09-26] (IObit) Task: {BE07BDF0-681D-41B2-8AD3-A5C876F40109} - System32\Tasks\Avira\System Speedup\Delayed Startup\Nmsha\2 => C:\Program Files\CCleaner\CCleaner64.exe [2017-04-10] (Piriform Ltd) <==== ATTENTION Task: {BE0B5AC0-8ABD-41AD-8341-B47B2BCEE959} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.) Task: {CD4B71CE-D3FC-4D21-A2F6-175DE8993F67} - \SS3Svc32Run -> No File <==== ATTENTION Task: {CF01FA03-8AB2-4540-A068-EC8FC68D4153} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {E1BF5115-A43E-4350-9540-347C543F889E} - System32\Tasks\Object Desktop-S-1-5-21-1544021099-3984391978-3616590382-1001 => C:\Users\Nmsha\AppData\Local\Stardock\ObjectDesktop\ObjectDesktopManager.exe [2016-09-21] (Stardock) Task: {E368BE1E-6062-42FE-9966-C9696710995C} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-04-07] (Avira Operations GmbH & Co. KG) Task: {FAE7FD70-A530-49A2-A924-507697609C82} - \OneDrive Standalone Update Task v2 -> No File <==== ATTENTION Task: {FB077FB1-CE6B-44F0-AA2A-86B79F95520A} - System32\Tasks\28166L9496y74624N92004 => Rundll32.exe "C:\ProgramData\28166L9496y74624N92004\28166L9496y74624N92004.dll",LyNZXgZuPl <==== ATTENTION Task: {FE66AFEE-C9DA-42F1-869E-C91666580A3C} - System32\Tasks\78397L87081y63641N87254 => Rundll32.exe "C:\ProgramData\78397L87081y63641N87254\78397L87081y63641N87254.dll",LyNZXgZuPl <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Uninstaller_SkipUac_Nmsha.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Exрlorеr.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.erolpxei.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhrоme.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhromium.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоogle Сhrоmе.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Сhromе.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\Users\Nmsha\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Сhrоmе.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Chrоme.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhromе.lnk -> C:\Users\Nmsha\AppData\Roaming\Browsers\exe.emorhc.bat () ==================== Loaded Modules (Whitelisted) ============== 2017-06-03 13:44 - 2014-03-22 14:38 - 03124224 _____ () C:\ProgramData\33221L41636y17106N50622\33221L41636y17106N50622.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-04-30 00:24 - 2014-04-24 03:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\dataup\dataup.exe 2017-05-24 19:22 - 2017-05-24 19:22 - 00012080 _____ () C:\Windows\TEMP\BullseyeCoverage-x64-3.dll 2017-04-30 00:24 - 2014-01-29 04:26 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2017-06-03 14:03 - 2017-03-28 15:28 - 00031664 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\backupService-abpb.exe 2017-06-03 14:03 - 2017-03-28 15:28 - 00080304 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\backupServiceLib.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00124336 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\deemon.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00398256 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\twirl.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 07988656 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\backupCore.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 04727216 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\ox.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00279984 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\tomb.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00123824 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\scoolite.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00416176 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\veem.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 01020848 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\webdave.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00261040 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\crumb.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00054192 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\lzmaUtil.dll 2017-06-03 14:04 - 2017-02-28 18:52 - 00075776 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\ziputil.dll 2017-06-03 14:04 - 2017-02-28 18:52 - 00024064 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\zlibutil.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00055728 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\minizutil.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00156080 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\netutil.dll 2017-06-03 14:03 - 2017-02-28 18:52 - 00227840 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\party.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00074672 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\ashinetutil.dll 2017-06-03 14:03 - 2017-02-28 18:52 - 00230912 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\jsoncpp.dll 2017-06-03 14:04 - 2017-02-28 18:52 - 00081408 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\zdll.dll 2017-06-03 14:03 - 2017-02-28 18:52 - 00571392 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\sqlite.dll 2017-06-03 14:03 - 2017-02-28 18:52 - 00045568 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\lzma.dll 2017-06-03 14:03 - 2017-02-28 18:52 - 00084480 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\minizip.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00027568 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\lz4util.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00038320 _____ () d:\Nmsha\Ashampoo Backup Pro 11\bin\lz4.dll 2017-04-30 00:38 - 2016-10-17 20:32 - 00247256 _____ () C:\Program Files (x86)\ASUS\AURA\AsRogAuraGpuDllServer.exe 2017-04-30 00:37 - 2015-11-06 18:31 - 01696208 _____ () C:\Program Files (x86)\ASUS\KeyBot II\KeyBotII.exe 2017-04-30 00:35 - 2016-05-03 14:55 - 07263160 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe 2017-03-18 15:58 - 2017-03-18 15:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-04-19 12:55 - 2017-04-19 12:55 - 00060888 _____ () c:\program files (x86)\stardock\fences\SdCrashReporter64.dll 2017-04-26 11:32 - 2017-04-26 11:32 - 00598528 _____ () C:\Users\Nmsha\AppData\Local\MEGAsync\ShellExtX64.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe 2017-03-18 15:59 - 2017-03-18 21:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-05-25 17:24 - 2017-05-25 17:24 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-05-25 17:24 - 2017-05-25 17:24 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-05-25 17:24 - 2017-05-25 17:24 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-05-25 17:24 - 2017-05-25 17:24 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll 2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () D:\zlib1.dll 2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () D:\libxml2.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00323504 _____ () D:\Nmsha\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe 2017-06-03 14:03 - 2017-03-28 15:28 - 05705136 _____ () D:\Nmsha\Ashampoo Backup Pro 11\bin\backupClientLib.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00291248 _____ () D:\Nmsha\Ashampoo Backup Pro 11\bin\updateman.dll 2017-06-03 14:03 - 2017-03-28 15:28 - 00120752 _____ () D:\Nmsha\Ashampoo Backup Pro 11\bin\featback.dll 2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe 2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe 2017-05-12 21:04 - 2017-04-29 21:46 - 00017408 _____ () C:\Windows\src_srv\winsrcsrv.exe 2017-06-03 12:07 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll 2017-06-03 12:07 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll 2017-04-29 22:23 - 2016-12-06 04:46 - 00259264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\dataup\help_dll.dll 2017-04-29 22:23 - 2016-03-01 16:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00019648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2017-04-29 22:23 - 2016-03-07 20:08 - 01291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00090816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll 2017-04-29 22:23 - 2004-10-05 05:08 - 00055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00182976 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00163520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00056000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll 2017-04-29 22:23 - 2017-03-01 19:44 - 00123584 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00085696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00032960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00070336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00160448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00296640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00078528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2017-04-29 22:23 - 2016-12-09 11:09 - 00305856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00026304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00074432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00142016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00737984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00195776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00414400 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00162496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00029376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00114368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00022720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00034496 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00054464 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00066240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00074944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00221376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00079040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00020672 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00138432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00021696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00045248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00367808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00141504 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00149184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00052416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00064192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2017-04-29 22:23 - 2016-12-06 04:43 - 00091840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00058560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2017-04-30 00:24 - 2017-06-05 18:08 - 00046888 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2017-04-30 00:24 - 2013-10-11 04:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2017-04-30 00:38 - 2016-10-17 18:13 - 01746432 _____ () C:\Program Files (x86)\ASUS\AURA\Vender.dll 2017-04-30 00:37 - 2010-08-09 23:23 - 00175616 _____ () C:\Program Files (x86)\ASUS\KeyBot II\AsusService.dll 2017-04-30 00:37 - 2013-09-03 12:49 - 00253952 _____ () C:\Program Files (x86)\ASUS\KeyBot II\pngio.dll 2017-04-30 00:37 - 2012-02-02 23:26 - 00208896 _____ () C:\Program Files (x86)\ASUS\KeyBot II\ImageHelper.dll 2017-04-30 00:35 - 2016-04-29 15:56 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll 2017-04-30 00:38 - 2016-10-17 18:13 - 00073216 _____ () C:\Program Files (x86)\ASUS\AURA\ClaymoreProtocol.dll 2016-09-14 20:25 - 2016-09-14 20:25 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\libcef.dll 2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll 2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\libegl.dll 2017-04-29 22:23 - 2016-12-06 04:44 - 00210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Nmsha\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 16:03 - 2017-06-04 23:57 - 00013472 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 gf.tools.avast.com 127.0.0.1 pair.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 ipm-provider.ff.avast.com 127.0.0.1 id.avast.com 127.0.0.1 v4618535.iavs9x.u.avast.com 127.0.0.1 v4618535.ivps9x.u.avast.com 127.0.0.1 v4618535.ivps9tiny.u.avast.com 127.0.0.1 v4618535.vpsnitro.u.avast.com 127.0.0.1 v4618535.vpsnitrotiny.u.avast.com 127.0.0.1 v4618535.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com 127.0.0.1 geoip.avast.com 127.0.0.1 w9448963.iavs9x.u.avast.com 127.0.0.1 w9448963.ivps9x.u.avast.com 127.0.0.1 w9448963.ivps9tiny.u.avast.com 127.0.0.1 w9448963.vpsnitro.u.avast.com 127.0.0.1 w9448963.vpsnitrotiny.u.avast.com 127.0.0.1 w9448963.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com 127.0.0.1 geoip.avast.com There are 330 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\Control Panel\Desktop\\Wallpaper -> D:\Nmsha\desktop images\waterfall_in_the_valley_by_amdpastrana-d97cszf.jpg HKU\S-1-5-21-1544021099-3984391978-3616590382-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 10.0.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMnetDHCP => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: VMware NAT Service => 2 HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk" HKLM\...\StartupApproved\Run: => "Sonic Studio 3" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger" HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter" HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent" HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk" HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent" HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1544021099-3984391978-3616590382-1001\...\StartupApproved\Run: => "Discord" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D819E0C9-BCC0-469B-94E5-F1B9E7A26B6B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{5BE20851-20BA-49DE-9539-E8943E55F60D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{DAA8C713-CD6F-4E41-A81A-F5CC0F9DD764}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{2AAAB03A-3687-4814-AB01-76BAB26EC4A9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{400AFC4B-5583-45BD-8866-0C6727FEE96A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{C3932C1C-8EC6-4D31-8DA7-6875DC30A3F5}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{744675F2-88E9-458E-8ADC-79CC77B9B16C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{989A73F3-D956-462F-A893-7FBBFDF696C3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{E0FFA93F-2072-42AE-A790-B6F059476821}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{EC417971-C3C3-4A22-BC49-26C248ADF053}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{A750EA2E-EC65-4AF4-B75B-E8B2BAF23D5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FA90473F-FA7A-4DEE-9388-80D7DD48A779}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1C66A63F-BA9A-4CEA-A9C8-7D945DF86EC1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{FE7B2D95-BEF1-4A0E-A3AA-E1876E38303F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{68D63FFE-05F7-4BBF-AE18-D5DF0C9D5CCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{D4E50F93-894D-4C27-A752-0B54B3E062F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{07BBF468-55FD-4B05-A1C4-A678C2DCEDC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe FirewallRules: [{B56875B4-642E-41B0-9577-83D66AB882A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe FirewallRules: [{1CCDDEDF-8287-4D17-927F-7C9071FD3269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe FirewallRules: [{CDBC8CB6-54FB-4977-9F94-607FB3FBF0A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\Skins\UxfTool.exe FirewallRules: [{F9DC6D0E-414F-49BE-B930-5466A0A5D62C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe FirewallRules: [{66DDDDCC-64F2-4999-9AA1-342447A0F760}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter.exe FirewallRules: [{FF07C0A5-C8D6-4D32-86F1-D1736073E2C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{1866C97A-4D12-4621-9379-7CBA851F7940}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe FirewallRules: [{25FC42E3-F605-45BB-A291-ECFA2BE49DCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{8C4C0D9F-81F2-4D57-9FCB-BC07B803111E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{58716499-7234-4D03-83AC-0EEB24F18764}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{20B4EFF5-ED64-4360-8502-A89A22610906}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe FirewallRules: [{4CFB4B9F-C739-475E-AEE7-A388CF1F6E62}] => (Allow) D:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe FirewallRules: [{9E51744C-220A-4903-A399-CC1BC863BEFB}] => (Allow) D:\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe FirewallRules: [{99BFACFC-4FE8-4BBB-950B-23C08DB143AB}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe FirewallRules: [{2D978000-5743-4F52-8F0E-1ACB9E2EB3BE}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe FirewallRules: [{7C6A5525-57B6-48AF-B195-3DFCB2B78C30}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\ASUSDMS.exe FirewallRules: [{AF7F325A-E233-4A5F-815D-F54CF9FE83AA}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\ASUSDMS.exe FirewallRules: [{41125444-1614-4148-A6D4-5554CE95DB51}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{B8050574-203C-40DE-9067-587352ED00EE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{71814104-FE12-498D-AC17-EA0E88EF9F27}] => (Allow) D:\Steam\steamapps\common\Defiance\Patcher.exe FirewallRules: [{0F9857E5-7D53-45A7-BA04-86D55B9782E7}] => (Allow) D:\Steam\steamapps\common\Defiance\Patcher.exe FirewallRules: [{E0EB683D-FF61-4CFB-A619-DBF7B61F0503}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{27FF47CB-CF54-4B45-995E-09FBCA2C3ACF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{4A28B7AF-EECA-41DF-B12F-1ECB0A37BA49}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{04B15728-CD79-4E9B-AAEB-18143D487D75}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{05EB886A-7700-48E6-9E93-E4DDAF20E502}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{30818F04-68D1-45D3-A06E-06FC9DFBA6F6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{FC7CF822-8979-4881-9187-91907A6C5CE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5DE1F506-0316-4268-98C0-3B44B66BD5A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{49FA5390-CA7A-45E0-8A85-3F37EBAED536}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{31A81639-E147-4DE8-910E-63DB508582B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{94BE956F-EE3B-46F1-A45E-8C10990DC6EB}] => (Allow) D:\iTunes.exe FirewallRules: [{77DA8FEA-9BF7-42EE-8FE3-034A50FE883A}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{151ACBE1-4683-490C-ADFE-28BB88C1DDCF}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{56B04440-B882-4972-BD5D-D070B38BA2E8}] => (Allow) C:\Users\Nmsha\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{8C15C559-E1E5-4215-92BF-02BC8E647324}] => (Allow) LPort=52861 FirewallRules: [{6593BCDD-47E1-494D-B93E-7EBBAB131AA9}] => (Allow) LPort=5000 FirewallRules: [{DDCE37BD-1DC3-4D6A-9AC0-10AFF90E4D48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{F265CB81-3D4B-486F-B9AD-4578F1CFFCB8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9FF56B04-972E-45E2-BF7C-FB33F2EF3907}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{A6783D35-4918-4677-B6A2-69BA41EABAF0}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{D59A6559-2682-4D83-81EE-1F7716E8E106}] => (Allow) D:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{64EE1A34-1C1E-4D54-AE70-07340039557F}] => (Allow) LPort=30564 FirewallRules: [{2C822115-38E0-47F3-ADE3-CF06E203FF32}] => (Allow) LPort=30565 FirewallRules: [{5BA2A622-2ED0-4120-98E7-6138D482429E}] => (Allow) LPort=30567 FirewallRules: [{32B46F37-98A3-46C2-A1FC-BE81B7B691AF}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\Multipl2.EXE FirewallRules: [{F61504A4-09AF-4AD3-B8BB-2DF515F87A2E}] => (Allow) LPort=30569 FirewallRules: [{040668ED-DA74-4413-858E-C335ACFF89EF}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\MultiPLV64.EXE FirewallRules: [{9EC2CDEE-F115-4B7E-AC86-A4D3D4973F3B}] => (Allow) C:\Program Files (x86)\EdgeRunner\Multiplicity\MPRDP64.EXE FirewallRules: [{6458F241-8B94-4CAE-9FAC-776E1E6F0F0E}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{D6B9BBD6-64EA-4169-879E-C3F83B79CC10}] => (Allow) C:\Windows\System32\rundll32.exe ==================== Restore Points ========================= 04-06-2017 22:24:06 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/05/2017 09:51:39 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:38 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:38 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:38 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 22687744 (0x00000000015a3000) (database page 5538 (0x15A2)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 5538 (0x15A2) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:37 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 6713344 (0x0000000000667000) (database page 1638 (0x666)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 1638 (0x666) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:37 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:37 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:37 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:36 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 3452928 (0x000000000034b000) (database page 842 (0x34A)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 842 (0x34A) was 1 while the flush state on flush map page 0 (0x0) was 2. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (06/05/2017 09:51:36 PM) (Source: ESENT) (EventID: 544) (User: ) Description: Catalog Database (3616) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 19599360 (0x00000000012b1000) (database page 4784 (0x12B0)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1). The flush state on database page 4784 (0x12B0) was 3 while the flush state on flush map page 0 (0x0) was 1. If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. System errors: ============= Error: (06/05/2017 09:38:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Stardock DeskScapes 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. Error: (06/05/2017 09:38:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Stardock ShadowFX service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. Error: (06/05/2017 09:38:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Stardock Launch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. Error: (06/05/2017 09:37:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Unsigned Themes service terminated unexpectedly. It has done this 1 time(s). Error: (06/05/2017 09:36:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/05/2017 07:13:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The srcsrv service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/05/2017 07:03:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The srcsrv service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/05/2017 06:53:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The srcsrv service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/05/2017 06:43:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The srcsrv service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/05/2017 06:23:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The srcsrv service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-05-20 18:10:21.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:21.334 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:21.325 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.274 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.266 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.257 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:10:16.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. Date: 2017-05-20 18:00:11.205 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\uxtheme.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 44% Total physical RAM: 16281.09 MB Available physical RAM: 9015.09 MB Total Virtual: 19281.09 MB Available Virtual: 11000.86 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:111.25 GB) (Free:29.12 GB) NTFS Drive d: () (Fixed) (Total:2793.97 GB) (Free:2392.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 09232245) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 59055E68) Partition: GPT. ==================== End of Addition.txt ============================