Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2017 Ran by Momin (12-07-2017 16:47:36) Running from C:\Users\Momin\OneDrive\Documents\FRST Windows 10 Pro Version 1703 (X64) (2017-05-16 21:25:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-792130682-3646775307-2699870585-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-792130682-3646775307-2699870585-503 - Limited - Disabled) Guest (S-1-5-21-792130682-3646775307-2699870585-501 - Limited - Disabled) Momin (S-1-5-21-792130682-3646775307-2699870585-1001 - Administrator - Enabled) => C:\Users\Momin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) 64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Application Profiles (HKLM-x32\...\{F3EBDF29-2413-AABB-55A2-2AA43E5C6B1C}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.36.1 - Asmedia Technology) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11266.0 - Cisco Consumer Products LLC) CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version: - id Software) DragonBoost (HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\DragonBoost) (Version: - ) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.22.13 - HP Inc.) iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) Logitech Gaming Software 8.90 (HKLM\...\Logitech Gaming Software) (Version: 8.90.117 - Logitech Inc.) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 54.0.1 (x64 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.11 - MSI) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.13.1223.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.4 - Rockstar Games) s5m (HKLM-x32\...\s5m) (Version: 2.0.2 - s5m) <==== ATTENTION Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 307.2016.1230.2300 - Wrye & Wrye Bash Development Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers01: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov) ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-04-24] (Advanced Micro Devices, Inc.) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2013-04-15] (Power Software Ltd) ContextMenuHandlers06: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit) ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0AA13CC6-CC23-4DB1-B209-19C773C54963} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit) Task: {10280DEA-FBF3-4442-A278-F0AA1BFF4A02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {121005F4-63F8-4ACE-91C7-61731F96A671} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated) Task: {18A1695E-DF15-4AFB-BF47-7A8CA83701C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {1F5999D7-A560-40BD-BDF6-A52A8832A1B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.) Task: {206D655B-8DCC-4B34-AFDE-43C8A480B2FF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] () Task: {26EFB8D7-26D5-49F5-9E16-0A661AE5C3D8} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-05-25] (IObit) Task: {3820F974-DAE0-4B0D-B98D-5280CADAA250} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {3838B0AA-C211-4558-A652-E1B202AA69FE} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {3A5313EA-5081-47F9-84FA-040E30D628DE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] () Task: {3E36CEE3-C303-4DCD-95FE-A3FD4868FF7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.) Task: {45D3A057-FA1F-45B7-A834-A693DE348A81} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.) Task: {4E41FC31-8FFF-40BC-80A3-772D3A40056E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-06] (Microsoft Corporation) Task: {50CDC554-6AC9-4AB3-A400-63315CA6E3A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.) Task: {5727AE89-DA6C-4819-AD89-1F5368095EFB} - System32\Tasks\SmartDefrag_AutoDefrag => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit) Task: {59BD00EB-3DA0-4A41-A71A-EC9E53ADE595} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-06] (Microsoft Corporation) Task: {63EA9D09-7783-49D6-8AC9-4FD1F0E29524} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit) Task: {6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} - \5004826 -> No File <==== ATTENTION Task: {75EC8BF8-0230-46D3-A5E0-69714D0643BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-04] (Google Inc.) Task: {76D6A26C-F7B0-466A-AB49-836C272CAB36} - System32\Tasks\Driver Booster SkipUAC (Momin) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit) Task: {7A90763B-7A73-4F54-9F2F-084B0B071EBB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation) Task: {80FE9B32-E8E4-4218-A530-302A8A6AB80D} - System32\Tasks\HPCeeScheduleForMomin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.) Task: {814F8A76-7BF0-4C9C-B889-7CFE37925A1B} - System32\Tasks\ASC10_SkipUac_Momin => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit) Task: {838EEBBF-691E-4BCF-B9DB-93973FE886AB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-06] (Microsoft Corporation) Task: {ADAE536A-5CDA-4DF0-A151-79375897F73F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {AE4C2CD4-449B-4BFE-B0DE-977C11101226} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {BB2505B0-438B-4898-94B3-733919F1FB9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.) Task: {CB5CEEF6-8DFB-4D32-B454-0F6D5B613D81} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-03-28] (IObit) Task: {CDA58E99-645D-41C7-9B1A-D03F39DCD05E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {D70EE492-B29E-4EA1-9BDE-2346BD58AB94} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate] Task: {F5F54E1E-292E-4A67-96E5-2B38E8BC3A02} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-05-31] (IObit) Task: {FBB7D968-BA85-4FAA-B15F-347626FD586B} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2015-07-09] (Realtek Semiconductor) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForMomin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe 2017-03-18 16:57 - 2017-03-18 16:57 - 00037376 _____ () C:\WINDOWS\system32\SpectrumSyncClient.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-07-06 16:01 - 2017-07-06 16:01 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-05-03 17:11 - 2017-05-03 17:11 - 00619008 ____N () C:\windows\system32\tprdpw64.exe 2017-03-18 16:59 - 2017-03-18 22:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-06-20 23:26 - 2017-06-20 23:26 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-20 23:26 - 2017-06-20 23:26 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-20 23:26 - 2017-06-20 23:26 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-20 23:26 - 2017-06-20 23:26 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-14 02:59 - 2016-09-14 02:59 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-14 02:59 - 2016-09-14 02:59 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-09-14 03:00 - 2016-09-14 03:00 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2017-05-30 21:52 - 2017-05-30 21:52 - 00689664 ____N () C:\Users\Momin\AppData\Local\wrirmrmv\wyivdei\ct.exe 2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe 2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe 2008-05-04 16:02 - 2008-05-04 16:02 - 04603904 _____ () C:\Users\Momin\AppData\Roaming\U3\016482141E91445F\LaunchPad.exe 2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 _____ () C:\WINDOWS\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll 2017-07-06 16:01 - 2017-07-06 16:01 - 08931528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\libcef.dll 2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll 2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\libegl.dll 2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 _____ () C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll 2007-10-23 09:23 - 2007-10-23 09:23 - 02600960 _____ () C:\Users\Momin\AppData\Roaming\U3\016482141E91445F\u3dapi10.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\sharepoint.com -> hxxps://waynestateprod-files.sharepoint.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 03:24 - 2017-01-15 22:54 - 00001148 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 clients2.google.com 127.0.0.1 v1.ff.avast.com 127.0.0.1 vlcproxy.ff.avast.com 162.222.193.86 aoaomo.tremorhub.com 188.95.50.62 bobomo.tremorhub.com 162.222.193.86 www.howcast.com 162.222.193.86 howcast.com 192.192.3.8 www.virustotal.com 192.192.3.8 virustotal.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-792130682-3646775307-2699870585-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Momin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: sgbupt => 2 HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Launch LCore" HKLM\...\StartupApproved\Run: => "nightingalesnightingales" HKLM\...\StartupApproved\Run: => "nightingales" HKLM\...\StartupApproved\Run32: => "Live Update" HKLM\...\StartupApproved\Run32: => "MapsGalaxy" HKLM\...\StartupApproved\Run32: => "rozenrozen" HKLM\...\StartupApproved\Run32: => "rozen" HKLM\...\StartupApproved\Run32: => "SilentCleanService" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "pilcher" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "espadaespada" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "espada" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "uncertainityuncertainity" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "uncertainity" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "incredible" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "zazill" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "EvolveClient" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "World of Tanks" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "World of Tanks (1)" HKU\S-1-5-21-792130682-3646775307-2699870585-1001\...\StartupApproved\Run: => "uTorrent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{8CAC9F8C-A7BD-4EA4-BA50-2C555B06580F}] => (Allow) E:\Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{84F55681-3E2A-4085-A113-8C8DCDCF65E3}] => (Allow) E:\Games\Grand Theft Auto V\GTA5.exe FirewallRules: [{04FAA2F4-E6C9-4AE9-A7B6-464774E62ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{7E12DDEE-B39F-4DDB-BD30-9FF6B49B9676}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{463937C2-3AEE-4809-A8C6-E94DDCF550D7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9F90423B-7D37-4EE7-AA1F-FCFB2D40C3B5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{6BBBC466-4768-47F0-BC6A-C342FC2178B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{0B53B2EC-693B-4456-B148-4684961B380F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A552DD9D-5F13-44D1-98D7-8CE3D62804F0}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{77EC7DDF-96E8-4747-9454-836FCEE8C354}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{817B489B-91FD-4D10-9B84-09F7056C4981}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{EEDA9985-F406-4099-A158-0CAD50CF3F5C}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe FirewallRules: [{B0D12898-EAAC-46E6-8662-28547BE0DE39}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [UDP Query User{9B3BC549-2113-4B3D-9293-ABDA0DC93FC0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{896EEF28-CE95-4BCD-B3A5-E6512AA193F5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{E8E590D7-7361-4845-80C4-7B0A5100943F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{33E955AD-65A1-46AE-B3CC-86870A9F9216}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [UDP Query User{BB1D6128-CC2B-466F-B2C3-F9AE94D80875}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{59C75EB1-03F6-421B-BF50-BBA718B72E42}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{EAE34C0A-7811-4D53-9070-79059BED8DB8}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{1BA1C8F0-5762-4FB7-8939-22472117EE7D}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{C6E79216-390B-4834-8768-3D925C551BA9}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{7E5C14DF-B613-4BE6-88B6-9E8919216ABA}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{4F230FBB-7B5A-40B1-B22F-F3FEB3F1A817}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe FirewallRules: [{C1FC097B-C1FA-47AC-9E80-085691AC0288}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe FirewallRules: [{77B7E2F8-7FC1-4F0C-8668-F680F96C548A}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe FirewallRules: [{FF82FCF9-E2D3-4FE4-AC5B-2E099D42B56B}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.admin.exe FirewallRules: [UDP Query User{4805BD45-3AE0-4E3D-91A6-44A7633A8E6C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{DD3BBA1D-9E96-4CDA-BCC3-A825099B42DF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{316DE2AB-82EB-42AE-97F2-080339D460AE}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{D5EE7856-E9ED-49BE-BB85-3401D24912AA}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [{7AEF778C-35D8-48C6-8760-12BC57ECE0D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{85181F83-8D68-4E49-BA6F-324BA48961BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{402843F1-8982-455B-AD89-122D6F7053CF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe FirewallRules: [{048E8419-E4EB-4AD2-B886-D8E42A971D35}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe FirewallRules: [{E9FE2638-401F-4221-B147-80160073D6FA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe FirewallRules: [{A926D28B-AA22-44A8-A75E-F6E89C00E95F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe FirewallRules: [{DA371FD4-CBE6-4204-8ECB-108AE2E4B61B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{9EF257C7-A228-4364-9BD0-7B37397481AB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{C45CA4DE-B539-4318-89E8-A7D57E850AB6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{D191B923-1AF3-4A56-89D1-CD13ED43E245}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{14802212-D5E0-4FB9-93B7-82B497B0847A}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{41BDCBF9-4365-479C-85E2-830C6C03227F}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C5E64B6B-8DF1-49CB-B432-4D306F73390C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{36818692-6306-4EEF-9618-B4E75BA9BEC1}E:\games\planetary annihilation - titans\bin_x64\server.exe] => (Allow) E:\games\planetary annihilation - titans\bin_x64\server.exe FirewallRules: [UDP Query User{9083BF30-1E4D-43D2-9D36-EBD121E442C0}E:\games\planetary annihilation - titans\bin_x64\server.exe] => (Allow) E:\games\planetary annihilation - titans\bin_x64\server.exe FirewallRules: [{18DF5214-987B-4BD7-AC55-776E3D7690AD}] => (Block) E:\games\planetary annihilation - titans\bin_x64\server.exe FirewallRules: [{82FEB322-7A6C-4C80-9610-0174D9127CB0}] => (Block) E:\games\planetary annihilation - titans\bin_x64\server.exe FirewallRules: [{A436912F-92B1-41B6-8DA8-D2FA95B7C8F9}] => (Allow) E:\Games\Planetary Annihilation - TITANS\PA.exe FirewallRules: [{35BF96B6-7562-41F0-B5E5-B2E91EE256A8}] => (Allow) E:\Games\Planetary Annihilation - TITANS\PA.exe FirewallRules: [{A8630499-B80E-4CCB-868B-72EB01B39F42}] => (Allow) E:\Games\Planetary Annihilation - TITANS\PA.exe FirewallRules: [{88F9D38D-E947-4E74-9791-1D2FFFD53D43}] => (Allow) E:\Games\Planetary Annihilation - TITANS\PA.exe FirewallRules: [{914CDA5F-4F8B-43A2-B6E7-612505C7ACC5}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{7A9468C6-2C60-4E2F-86CA-68D6DB004E0B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{56A153F3-B07B-448A-BF08-45B499EBBAB8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{E3E96D3E-A61C-41EE-92F9-10B5810FE3A0}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{B84C2F80-1E90-4CB4-B735-1622BD307BAA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4D082FB4-3C30-448E-B2EC-589C9CF85EA5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{4C16911B-7272-4477-9827-B8D861F933E1}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{25BF5F54-BDB5-4807-A9B1-58D1529719F9}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2FDA4D5D-A742-479B-B5BE-0E0510F1D650}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BE8E8CCB-AD77-421F-B3FF-C7273505829D}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{926E4758-FB80-4A8D-A21D-E3E4657CC098}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{22D73CF0-C6A3-4FAE-BEBF-2D19E3D23D8B}] => (Allow) C:\Users\Momin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{966B54FB-076D-4C56-B573-DCBA82C52C16}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{AF0674DD-6BE1-4308-81DC-96A4EC7871D0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{4A8BFBDB-17E3-454D-ABB5-3134C476A7AF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe FirewallRules: [{C73411AD-42EB-4E02-8CE5-E67CB987403B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{27347D0C-CA65-418C-907F-F6285F05E71B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe FirewallRules: [{FE25DDDB-C695-4391-AD57-2479640A8718}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{73434DD9-0060-42D2-ABF3-628A31E98B16}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe FirewallRules: [{DFFE4536-09CB-481F-A5C3-79D2D0708DF0}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{06D47088-ECF6-49E2-B69D-8B7A4FC65C35}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe FirewallRules: [{21D54FCB-E9B8-4FE2-BEB3-DFB1A00ACAB0}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [TCP Query User{896A31FE-E51E-4886-8A29-BC71E14D2517}E:\games\doom\doomx64.exe] => (Allow) E:\games\doom\doomx64.exe FirewallRules: [UDP Query User{0D8AD7D2-7945-4E0C-ABE4-9D6A9E80538A}E:\games\doom\doomx64.exe] => (Allow) E:\games\doom\doomx64.exe ==================== Restore Points ========================= 06-07-2017 17:42:23 Driver Booster : AMD IOMMU Device 11-07-2017 16:10:31 Windows Update ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2017 03:39:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x1e50 Faulting application start time: 0x01d2fb4699bcab65 Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: aad1da43-8baf-4094-b5d3-53db9875fd50 Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:38:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x1f50 Faulting application start time: 0x01d2fb4671fdcd53 Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: 03bf9e9a-3a68-41b1-a578-b30f6b05ff11 Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:38:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (07/12/2017 03:37:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x1038 Faulting application start time: 0x01d2fb45fa15a345 Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: ff0ceb04-6d56-454e-a174-1f3bb6e1428c Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:37:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/12/2017 03:14:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x21bc Faulting application start time: 0x01d2fb431015b4af Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: 67a9dbdc-9535-4930-a473-6fe330e95fe3 Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:13:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x23b4 Faulting application start time: 0x01d2fb42eb84226f Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: 344ec8d0-87a8-4c53-8654-3e6324d79c20 Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:12:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Faulting module name: MsSense.exe, version: 10.2930.15063.0, time stamp: 0x39f7edf6 Exception code: 0xc0000409 Fault offset: 0x0000000000035e68 Faulting process id: 0x1108 Faulting application start time: 0x01d2fb42561e5cb6 Faulting application path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Faulting module path: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe Report Id: 052029b7-fe7c-43ec-a2b3-e1e9dd7c570a Faulting package full name: Faulting package-relative application ID: Error: (07/12/2017 03:11:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/12/2017 03:11:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (07/12/2017 03:39:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 3 time(s). Error: (07/12/2017 03:38:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/12/2017 03:38:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The requested resource is in use. Error: (07/12/2017 03:37:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Defender Advanced Threat Protection Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/12/2017 03:35:53 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The WiaRpc service terminated with the following service-specific error: The RPC server is unavailable. Error: (07/12/2017 03:35:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AppVClient service terminated with the following service-specific error: There is no MTS object context Error: (07/12/2017 03:35:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HvHost service terminated with the following error: A device attached to the system is not functioning. Error: (07/12/2017 03:35:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WEPHOSTSVC service terminated with the following error: An exception occurred in the service when handling the control request. Error: (07/12/2017 03:35:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The shpamsvc service terminated with the following error: Catastrophic failure Error: (07/12/2017 03:35:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. CodeIntegrity: =================================== Date: 2017-07-12 15:39:40.073 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:39:39.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:38:35.099 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:38:34.794 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:37:22.052 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:37:21.570 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:21:04.974 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements. Date: 2017-07-12 15:14:22.163 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:14:21.789 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-07-12 15:13:19.469 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD FX(tm)-6300 Six-Core Processor Percentage of memory in use: 26% Total physical RAM: 16329.83 MB Available physical RAM: 12080.43 MB Total Virtual: 18761.83 MB Available Virtual: 14075.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:165.07 GB) NTFS Drive e: () (Fixed) (Total:1863.01 GB) (Free:1643.39 GB) NTFS Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive h: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.41 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 16B783A8) Partition: GPT. ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: DE93F9C6) Partition: GPT. ======================================================== Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================