Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2017 Ran by Ifare_000 (28-07-2017 12:33:56) Running from C:\Users\Ifare_000\Downloads Windows 10 Home Version 1703 (X64) (2017-07-13 06:55:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2022683308-1078434095-671657706-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2022683308-1078434095-671657706-503 - Limited - Disabled) Guest (S-1-5-21-2022683308-1078434095-671657706-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2022683308-1078434095-671657706-1003 - Limited - Enabled) Ifare_000 (S-1-5-21-2022683308-1078434095-671657706-1001 - Administrator - Enabled) => C:\Users\Ifare_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) "Mass Effect 3" (HKLM-x32\...\{46E776B9-37DE-4B71-8DF2-F4C75112CA27}_is1) (Version: - ) «Portal 2» 2.0.0.1 (HKLM-x32\...\Portal 2_is1) (Version: 2.0.0.1 - VALVE) µTorrent (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.) Adobe After Effects CC 2017 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F2}) (Version: 14.1.0 - Adobe Systems Incorporated) Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_1_0) (Version: 14.1.0 - Adobe Systems Incorporated) Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (32 Bit) (HKLM-x32\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Assassin’s Creed Syndicate version 1.0.0 (HKLM-x32\...\Assassin’s Creed Syndicate_is1) (Version: 1.0.0 - Ubisoft) Assassins Creed Chronicles China (HKLM-x32\...\Assassins Creed Chronicles China_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Awesomium.NET Redistribution Module (HKLM-x32\...\{C34CAF35-6198-4EEB-970F-C61FC51D23BD}) (Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.) bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.) BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1402.2601 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2026.0 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.) CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dragon Gaming Center (HKLM-x32\...\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1402.1001 - Application) Hidden Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1402.1001 - Application) Driver Booster 3.5 (HKLM-x32\...\Driver Booster_is1) (Version: 3.5 - IObit) ELAN Touchpad 15.13.5.2_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.5.2 - ELAN Microelectronic Corp.) f.lux (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\Flux) (Version: - ) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio 12.1.2 (HKLM\...\FL Studio 12.1.2_is1) (Version: - ) FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GD Hardware Scan (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\GD Hardware Scan) (Version: 00.00.00.01 - Social Web Tech LTD) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Gramblr (HKLM\...\Gramblr) (Version: 2.9.50 - Gramblr Team) Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Homeworld Deserts of Kharak (HKLM-x32\...\Homeworld Deserts of Kharak_is1) (Version: - ) Homeworld Remastered Collection ver. 1.30 (HKLM-x32\...\{24416000-66ZX-22VB-37Y0-46KL5M686AC}_is1) (Version: 1.30 - Gearbox Software) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit) Istrolid (HKLM\...\Steam App 449140) (Version: - treeform) iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Life Is Strange (HKLM-x32\...\Life Is Strange_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91) MAGIX MX Suite (HKLM\...\{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG) Hidden MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG) Metro 2033 Redux (HKLM\...\Steam App 286690) (Version: - 4A Games) Metro 2033 Redux, âåðñèÿ 1.0.0.3 (HKLM-x32\...\Metro 2033 Redux_is1) (Version: 1.0.0.3 - ) Metro: Last Light Redux (HKLM\...\Steam App 287390) (Version: - 4A Games) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{6f962b9e-bb55-4be9-aff3-c4749c546fb9}) (Version: 4.6.81 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Publisher 2003 (HKLM-x32\...\{91190409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Movie Maker (HKLM-x32\...\{0A32B8F3-011F-4E2C-A87D-55791BA1470D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{159EA4A9-1F8A-4B12-95B7-47581F5B0F89}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{97E3AE69-8FB1-496A-8CA0-AE491902DCD7}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{A888DBA2-C45E-4301-9C25-571FC73DCB69}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DEA34BD6-47C4-4505-895D-139327473329}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{F7954B53-8522-450D-B262-B362B440FEC0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla) MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD) MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.) MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall) My.com Game Center (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\MyComGames) (Version: 3.201 - My.com B.V.) Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.6.2.1863 - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.2.1549 - Native Instruments) NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.5 - NewBlue) NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue) NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue) NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue) No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.8.0.10 - GOG.com) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) oCam version 406.0 (HKLM-x32\...\oCam_is1) (Version: 406.0 - hxxp://ohsoft.net/) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenIV (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\OpenIV) (Version: 2.9.906 - .black/OpenIV Team) OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation) PAYDAY 2 (HKLM-x32\...\PAYDAY 2_is1) (Version: - 505 Games) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment) Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment) PlanetSide 2 (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\DG0-PlanetSide 2) (Version: - Sony Online Entertainment) PlanetSide 2 (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment) Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.12 - Vaclav Slavik) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd) proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{6734576C-DC0C-4CFB-9C22-92DAAA73F6D5}) (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (HKLM\...\{579C5E7D-904F-447B-94F8-9413005C162C}) (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros) Qualcomm Atheros Network Manager (HKLM\...\{4E08CC97-912D-458B-8705-9A14C325532F}) (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21296 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7891 - Realtek Semiconductor Corp.) Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.9.8 - Red Giant, LLC) RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games) SCM (HKLM\...\{6692DCAF-A445-4C6B-AF31-3DD85FC06FBA}) (Version: 13.014.01026 - Application) Serato DJ (HKLM-x32\...\{81E0D908-F57B-424B-B66A-6731765E4046}) (Version: 1.9.0.2353 - Serato) Hidden Serato DJ (HKLM-x32\...\{aab0492e-ad59-454a-8bbd-62a9524306b2}) (Version: 1.9.0.2353 - ) Serato DJ (HKLM-x32\...\Serato DJ) (Version: 1.9.0 - Serato DJ) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.4.5.44 - NVIDIA Corporation) Hidden Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit) Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.3 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI) System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC) System Requirements Lab Detection (HKLM-x32\...\{D0DA7F5E-605C-4E6A-A787-88331F8546A1}) (Version: 6.1.5.0 - Husdawg, LLC) The Way of Life Free Edition (HKLM\...\Steam App 310370) (Version: - Fabio Ferrara) Trapcode Suite v13.1.1 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 13.1.1 - Red Giant, LLC) TunnelBear (HKLM-x32\...\{cccb8171-b60b-4da8-8a0a-00e21ff41860}) (Version: 3.0.36.9 - TunnelBear) TunnelBear (HKLM-x32\...\{DDEA404F-1524-4CA1-B740-A3A0AD6DAFB0}) (Version: 3.0.36.9 - TunnelBear) Hidden UE4 Prerequisites (x86) (HKLM-x32\...\{70620222-35DB-4402-A9DC-2D482224DEDC}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x86) (HKLM-x32\...\{f096ac2b-6d7e-4dce-9e3f-4f30aa5ecb1e}) (Version: 1.0.10.0 - Epic Games, Inc.) Unity Web Player (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) Valiant Hearts. The Great War (HKLM-x32\...\Valiant Hearts. The Great War_is1) (Version: 1.0.14 - Decepticon) Valiant Hearts: The Great War (HKLM-x32\...\VmFsaWFudEhlYXJ0c1RoZUdyZWF0V2Fy_is1) (Version: 1 - ) VirtualDJ 8 (HKLM-x32\...\{9FB0C789-72AB-4AE2-B04C-34ED8B94AC4B}) (Version: 8.2.3523.0 - Atomix Productions) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Warface (HKLM\...\Steam App 291480) (Version: - Crytek) Warface My.Com (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\Warface My.Com) (Version: 1.34 - My.com B.V.) WinDirStat 1.1.2 (HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\WinDirStat) (Version: - ) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinGuard Pro 2014 (HKLM-x32\...\{5DE0D22D-E196-4617-8190-2AF2C15ABEC2}) (Version: 8.9 - WinGuardPro Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) フォト ギャラリー (HKLM-x32\...\{D6D69EE4-00F6-4DCE-B7AF-E90042BDE39B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden بريد Windows Live (HKLM-x32\...\{CDFECFAC-D979-48BA-BBF3-7B2F74A2252A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden معرض الصور (HKLM-x32\...\{CF15F988-98D4-479F-9750-85A495BF8233}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 사진 갤러리 (HKLM-x32\...\{72CA45B4-0A70-45F5-B447-F6FC0795918D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 影像中心 (HKLM-x32\...\{D3F0882C-4948-4BAA-9720-47CC4D9AEF54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden 照片库 (HKLM-x32\...\{E9BAA7A4-4397-4DE7-8C01-5A39B24F17F2}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2022683308-1078434095-671657706-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] () ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-10-08] (Power Software Ltd) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\system32\IObitSmartDefragExtension.dll [2015-01-10] (IObit) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit) ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-10-08] (Power Software Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation) ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-01] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2014-10-08] (Power Software Ltd) ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\system32\IObitSmartDefragExtension.dll [2015-01-10] (IObit) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-16] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-02-16] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00F96C83-B14E-41E6-B402-7A35EF81FD68} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ifarez.ala@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {08DFA6AF-568A-430C-9D68-7BDBDE4DD08F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] () Task: {12D3AD4F-3BDD-4404-8A49-50D2A3ED0198} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {178F5A1D-09D1-45C7-9AEB-F8DA268B2585} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-01] () Task: {194BAC5F-6A35-4218-BBB6-ABE82E25FF00} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-25] (Microsoft Corporation) Task: {1BAA167D-A88B-4BCD-9B83-9C4F039B3546} - \{047A7D47-790C-7A09-0E11-790F7E04117F} -> No File <==== ATTENTION Task: {21AD96A3-0C1F-44E1-A0D4-2559A12BAF0C} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {2266D2F0-49E6-466A-B526-0B988055EA2E} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove] Task: {239A0C75-2C3C-4BED-99A4-92933BAA9ADD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {25A24FDD-D211-4C11-A372-948AB3AA7C26} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {2F14EF8E-2873-4FDB-8B75-8A4CACEB0AB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3F516082-02F7-409E-B338-80CDC7375788} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated) Task: {53954FF7-522C-48FB-B9DA-F05ACD8988C4} - System32\Tasks\Wake from sleep => C:\Users\Ifare_000\Downloads\gramblr.exe [2016-08-03] () Task: {57E463FA-89A7-4AE3-AC2D-F07DBC9AF44D} - System32\Tasks\Steam_x64-S-2-106-91 => "C:\Users\Ifare_000\AppData\Roaming\OpenOffice\CODEXi\Steam" [Argument = overbtc1234.] <==== ATTENTION Task: {59286D52-5118-49D5-81E2-5111BA070275} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {5B41AE62-550A-4A63-AEB9-61F607FAD06F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {65656D44-B0F2-421C-AF08-BE6A850E583E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {67588A2F-D243-4AE7-98DA-03AADCFA3996} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {75A9F441-AC25-465B-B5A9-9C3E20BEA79E} - System32\Tasks\sleep => C:\Users\Ifare_000\Downloads\gramblr.exe [2016-08-03] () Task: {7BE96DBE-3B49-4292-A6BF-0AE35723CBB6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {836D72E7-BF7C-43D1-960E-0701F8DA1365} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {89CA27ED-61B6-4B07-B2EE-F1317B4FE839} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {90A003E9-199C-4CA4-ACF3-F4B984C10BAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {9EB284C3-7BD2-4682-AAC6-C8E9DE35C062} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A1B7AF5E-A16F-4ED7-9E12-A15713CF40E1} - \WPD\SqmUpload_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION Task: {A274F7FC-9B83-4C4E-BB2B-06DBA17EDEAD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender) Task: {AA566F78-2172-49B9-AC53-090BDC7CFB48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation) Task: {B47C1039-69A1-4F9E-BC7A-0D6E2CE8088F} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe Task: {B9A2899B-F79D-418F-A416-37E27981D0BD} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2022683308-1078434095-671657706-1001 -> No File <==== ATTENTION Task: {C29B074D-920F-4F70-A3C7-8E537250F5CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd) Task: {D197E70C-1660-4627-A6D9-8B32A13741A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation) Task: {D5682A94-C2EE-48A5-812C-3C05664EA0C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {D627AE9C-9A10-406C-9F11-06F0FAEA3F3A} - \Wse_taplika -> No File <==== ATTENTION Task: {DC118293-4E56-47CB-A2E3-599C84FD0541} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>) Task: {EB41A15B-FD17-499D-BB17-B54E47630A92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Ifare_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki Shortcut: C:\Users\Ifare_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com ==================== Loaded Modules (Whitelisted) ============== 2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-21 17:00 - 2017-07-21 17:00 - 11426384 _____ () C:\Program Files\Gramblr\gramblr.exe 2015-04-21 21:53 - 2016-03-13 16:35 - 00107832 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe 2014-08-31 22:10 - 2016-03-13 16:35 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2017-07-01 20:48 - 2017-07-01 20:48 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-03-18 16:58 - 2017-03-18 16:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 16:59 - 2017-03-18 22:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2014-01-22 13:44 - 2014-01-22 13:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll 2017-07-01 20:37 - 2017-06-22 23:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll 2017-07-01 20:37 - 2017-06-22 23:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll 2016-12-18 17:24 - 2016-06-21 20:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl 2016-12-18 17:24 - 2016-06-21 20:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl 2016-12-18 17:24 - 2016-06-21 20:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl 2014-08-21 16:40 - 2013-08-08 14:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-06-04 20:40 - 2015-06-03 17:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-18 17:24 - 2015-12-28 14:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll 2016-12-18 17:24 - 2016-09-26 14:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\sony.com -> sony.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\100sexlinks.com -> 100sexlinks.com There are 4790 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2016-09-26 20:49 - 00001022 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 activate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2022683308-1078434095-671657706-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ifare_000\Pictures\Untitled-1.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "Radio Manager" HKLM\...\StartupApproved\Run: => "SCM" HKLM\...\StartupApproved\Run: => "MBCfg64" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "InstallerLauncher" HKLM\...\StartupApproved\Run32: => "Sound Blaster Cinema" HKLM\...\StartupApproved\Run32: => "UpdReg" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "SUPER CHARGER" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "WGP" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "Sound Blaster Cinema 2" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "Advanced SystemCare 8" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "PeerBlock" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "msnmsgr" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DD0A6C24D88D69FDF76F23CFA5415D2E" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "gflauncher" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "f.lux" HKU\S-1-5-21-2022683308-1078434095-671657706-1001\...\StartupApproved\Run: => "TunnelBear" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5C723F0-232A-48FB-BDD3-4B882B52A8E8}] => (Allow) D:\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe FirewallRules: [{09265002-B605-4772-9CEB-4EC3999A015F}] => (Allow) D:\SteamLibrary\steamapps\common\Metro 2033 Redux\metro.exe FirewallRules: [{E7C4BCAD-E296-4826-9AF5-73412E447BCB}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe FirewallRules: [{905A6EF1-7E41-4EF8-959E-EE4F54DD4D89}] => (Allow) D:\SteamLibrary\steamapps\common\Metro Last Light Redux\metro.exe FirewallRules: [UDP Query User{05F780D4-FA87-41F1-A2C7-CBA2197639CD}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{440D476D-3A99-494C-B28B-B729352807FB}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{EBE39D27-6EB3-451C-BBAA-9C03479BC6ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9839F24C-2350-4DD6-8FC8-99388D5DCBE3}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{CC81EFC4-67FE-4A61-952B-E1F97B5AC555}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{176F41CB-ACB5-4F98-9CE1-66C92E7D4FB0}] => (Block) LPort=445 FirewallRules: [{DA6DF774-7EC6-463A-BB60-9A47AFD1B512}] => (Block) LPort=445 FirewallRules: [UDP Query User{15C9CE0A-9AE3-44A5-9BAE-B45F9BB7ADE9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{D46F7BD0-9469-4895-AA99-63C33A6A8CFD}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{84AB1449-B1D1-414C-8965-E04AF6940723}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe FirewallRules: [{6EB1B588-08E0-4216-A65F-8B3BC8225F7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\server.exe FirewallRules: [{4EDEBAF8-430E-4AD3-A882-780CE319B092}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{F7C6F784-8233-4CB3-9A67-04D1FF2193D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{5BC4C3E1-981A-41FB-A801-2B7BF82E49A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe FirewallRules: [{8B535B3B-9656-4019-8EB2-9584A67B2E94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe FirewallRules: [{288FF1BA-1D28-4400-B30F-073E35CD8717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{81588B92-58B8-4F3C-A0DD-76381473B743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{AA41C107-7EB6-48B7-B466-656FF31D0BD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe FirewallRules: [{AD39F581-025D-4B37-B7C0-8729C798D7D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe FirewallRules: [{76B36957-96E1-4DEF-93D1-7BE0A4837FBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe FirewallRules: [{31341061-86D6-4CE9-AE1B-095488AD8830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x86\PA.exe FirewallRules: [{A33006F9-28C3-49DB-BF8B-33F599D00EEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe FirewallRules: [{5C19E0BB-834D-4B4A-A112-DB04E3506A1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation Titans\bin_x64\PA.exe FirewallRules: [UDP Query User{1CA8165E-E4B4-461F-8C8F-EA2FCCB354B9}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [TCP Query User{F62B1371-701F-443C-AAA4-590B3CDD3DD0}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe FirewallRules: [UDP Query User{55AEE71C-33FF-468C-A445-4C42AE5C4E27}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe FirewallRules: [TCP Query User{E284F5E3-0E67-46D7-8457-B94242B107FB}C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe] => (Allow) C:\program files\adobe\adobe after effects cc 2017\support files\afterfx.exe FirewallRules: [{811EDF0E-BD1D-4423-97D6-06BF6C7894F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6C1F9408-D14A-4AB9-937B-97FF6A5C7BFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{ED1DA679-46AB-4695-BA5A-A70C1218A825}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{09054DB1-230E-4D0E-8456-49D292030FA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{C06DFC55-19B4-4F62-BA5B-53FA4EC0993B}C:\users\ifare_000\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ifare_000\appdata\local\mycomgames\mycomgames.exe FirewallRules: [TCP Query User{5D94CC10-AF9D-4B58-8A31-05647C56A1B9}C:\users\ifare_000\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\ifare_000\appdata\local\mycomgames\mycomgames.exe FirewallRules: [{6CF4B15B-C617-4C5B-B662-4ABF6FA09D36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{97CFF999-CD95-4A49-B43C-5231B966262F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\WarfaceMycomSteamLoader.exe FirewallRules: [{DB709832-B744-469B-B646-C911BC8E2260}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{90CE3160-DF28-4325-94EA-A9B2AB2FD809}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warface\live\gflauncher.exe FirewallRules: [{9767590B-75F2-4B72-B3A7-23149D126282}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{8E7B0755-70B3-4B8D-811A-F9A3E33427CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7B01DE33-F007-4ED2-A4C6-BC4304CC2E10}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{02830B0E-6C4E-417A-A1AF-7039B78F285A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{92496A34-BB9A-46A5-ACFF-F86528962DCB}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{6EB779E0-49A4-4042-9F20-9C24AF2F64E7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{D44475AB-A73E-4C10-A751-DEAB8F7C2F8F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{A38B3F26-AFAE-41CC-A6EB-B0107E7ECB0C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{B6E2D3BD-BE12-4E7E-8DED-940C6A9C27E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{227A8743-7CED-4F64-95E6-E213E33A56C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\server.exe FirewallRules: [{4356E72A-4BC6-47DB-86CA-2EA8234F1CE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{3B123FAA-8DA7-45DC-AFB0-739682AB9172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\host\CoherentUI_Host.exe FirewallRules: [{AA2C0ECF-F3C3-4DBE-8E51-0E7640E9C5B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{CB808253-0729-40F9-AA69-0FC837827030}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\crashupload.exe FirewallRules: [{27DD1722-2400-49C4-A5E7-3A7D87D5D35D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{A45D70ED-22A6-4EA8-96C2-55CAC8BFED53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\host\CoherentUI_Host.exe FirewallRules: [{AE95AB89-28A6-4BC2-820F-984A710A87AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{232A2159-4EBC-46F7-B9DC-4FD809A51937}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\crashupload.exe FirewallRules: [{3BF2AA26-B5AB-4B10-AD79-89831B2336A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{80BFBBB8-B467-49CF-BCC1-4969EE37C126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x86\PA.exe FirewallRules: [{65F06038-AAAA-42C8-96DB-CDD0D5546289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [{5D6EF0D6-F648-483C-8940-7E9BC500CDF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetary Annihilation\bin_x64\PA.exe FirewallRules: [{1B3144C9-D784-4F91-9841-26CE1F17A988}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A18C110B-A0BF-4B18-9A02-B8479B07E787}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E257276E-DFEE-45D3-B8CE-1334793801B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2A775C74-48E7-4F5F-A082-7D86C1F96DCE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{6A774564-B065-496A-8977-1EE6C064F3D9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B3CBC32C-5FF8-4D19-921F-81F58A5AB35C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{71257E8A-E24E-4AEF-A5E4-20F006231CC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{26A18657-3B5E-4682-992A-E289E11DB2FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{A2498D5E-FF9E-44C0-9A3E-EA31B72BE545}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8DA85294-57BB-43DC-80D0-6C632EE4C0BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A4C80CA4-917C-4B73-9A79-9C1D6A203AA3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{9BB5B851-54C4-4065-A301-C971F31708E6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{B4D85F40-7ADF-4DC5-B7EB-15DC709240AA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D582A462-990D-4809-9DD1-D2A994A2D9D2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{204BDBAC-1338-451C-A584-2CF151764939}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{FCB1F599-13A9-42DC-A1E8-02FFDEA2BF18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D6B91BD8-BA46-420B-88EC-AD45ED604F48}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{290E8FF3-3923-4929-8E34-6CFC64D6534A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{1B2CB3E2-9D31-4332-9AC5-808CACF2C269}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{7A7ABEEF-4A51-4B62-878A-CF0FF087B100}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe FirewallRules: [{DE56F1D3-0373-4D61-85C9-B6FC37AD7166}] => (Allow) C:\Users\Ifare_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0AEF59AB-CD7B-4CA0-91AE-CD58238CEBEE}] => (Allow) C:\Users\Ifare_000\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D8CEB257-C3E7-49CE-B495-41AEE2167415}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{6D017A8D-4D41-4DF0-B43C-1A43C595D2B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{CB6575C9-C282-443D-819B-8A34D99A96FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{863AA96C-E00C-4810-9845-1BB55060AFDE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{D1602AE9-72A7-4459-B733-BECF4A836019}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{EB672608-7477-451B-A09C-FE3FA702E1AE}] => (Allow) LPort=2869 FirewallRules: [{CCB2C5E3-E900-489A-ABCD-FCC2651CB216}] => (Allow) LPort=1900 FirewallRules: [{E6F42F43-02D0-4830-AACE-CCB58BD807A0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CAB57850-34CF-45C0-A80F-0DB946BF4E14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7F8A2162-A3B7-43FF-828C-15FD087AA899}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{35B8793D-1B47-42BB-AC30-0F2741CD6892}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{98EE9EA9-1FB2-43CE-A10B-B76AFDECF498}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CCBA7C83-C111-4738-8EA1-6BBDC0B45899}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A5AC5421-B019-48CD-A191-D40DFB5F89FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CFE62185-365C-4026-B74C-80BA7E05A521}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{EFD184ED-772A-438B-9173-69611C9471F4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{3CEEA922-B2D5-449B-B8BD-48CC4FF28C94}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{BC3AC2B4-6E9D-4D98-8493-9BB8FDFF5FF8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{5F48F72E-9987-46FD-BE83-ACBC418E2142}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe FirewallRules: [{AEA8174A-7FF0-4852-852F-F21634A22851}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Way of Life\TheWayOfLifeDemoWindows.exe FirewallRules: [{EC9A7F3A-EB8E-4707-BDDE-36FAF932607C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Istrolid\istrolid.exe FirewallRules: [{8899272D-67F9-42DB-997E-597482D52F74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Istrolid\istrolid.exe FirewallRules: [{D5873032-27E2-483E-A3F1-6EB21CF3B5C5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜汮癩牥敩晳浹潭屮湕楬敶楲獥祦浭湯攮數 FirewallRules: [{33651C9F-1B92-406C-90D8-A96D1305B6F3}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶啜汮癩牥敩晳浹潭屮湕楬敶楲獥祦浭湯⹟硥e FirewallRules: [TCP Query User{450E8BE5-1285-4719-9EEC-FC4ED15FA24E}C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe FirewallRules: [UDP Query User{12C10C1A-B1DC-499A-9525-7BCC96C0FE82}C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe] => (Allow) C:\program files\adobe\adobe premiere pro cc 2017\adobe premiere pro.exe FirewallRules: [{9968C39A-AB5D-4277-ADEA-582B8F4AAF71}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{A32DF16C-E1F8-4C78-B525-54E032B98D14}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{A442D6E6-E3B2-41FA-B0D2-124C23EDE7DC}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{573C5A0A-FBF7-4CB2-8297-04E23E75BF8F}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe ==================== Restore Points ========================= 16-07-2017 07:45:26 Scheduled Checkpoint 24-07-2017 09:16:21 Scheduled Checkpoint 25-07-2017 14:40:47 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2017 11:41:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (Can't create NSS process. [0]). Error: (07/28/2017 11:41:22 AM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (Failed to create process. [2]). Error: (07/28/2017 11:39:51 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64 (1).exe version 26.7.2017.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1a44 Start Time: 01d306804dd92c87 Termination Time: 4294967295 Application Path: C:\Users\Ifare_000\Downloads\FRST64 (1).exe Report Id: 2c8352ca-6e6f-4065-8968-4a5ebff9d09c Faulting package full name: Faulting package-relative application ID: Error: (07/28/2017 09:43:46 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program gramblr.exe because of this error. Program: gramblr.exe File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: D56BAD94 Disk type: 0 Error: (07/28/2017 09:43:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5970f55d Faulting module name: gramblr.exe, version: 0.0.0.0, time stamp: 0x5970f55d Exception code: 0xc0000096 Fault offset: 0x000000000065c064 Faulting process id: 0x1cb0 Faulting application start time: 0x01d3074e55568d7a Faulting application path: C:\Program Files\Gramblr\gramblr.exe Faulting module path: C:\Program Files\Gramblr\gramblr.exe Report Id: 1940c4f7-cd22-48fe-b7ae-539ab655ab18 Faulting package full name: Faulting package-relative application ID: Error: (07/28/2017 08:56:15 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/27/2017 10:25:11 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (07/26/2017 10:45:17 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (07/26/2017 10:44:22 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {862f4cf7-09cb-4190-8c58-6b81978c30c1} Error: (07/26/2017 10:36:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: XPHANTOMX) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/28/2017 12:19:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (07/28/2017 12:16:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/28/2017 12:16:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/28/2017 11:52:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (07/28/2017 11:41:19 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error: (07/28/2017 11:41:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CldFlt service failed to start due to the following error: The request is not supported. Error: (07/28/2017 09:43:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Connectivity Manager for Gramblr service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service. Error: (07/28/2017 09:43:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Connectivity Manager for Gramblr service terminated with the following error: Incorrect function. Error: (07/28/2017 08:40:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070002: HP Smart. Error: (07/27/2017 11:05:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Connectivity Manager for Gramblr service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-07-28 12:32:20.392 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:32:20.389 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:32:05.495 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:32:05.492 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:32:04.433 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:32:04.430 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:23:06.999 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 12:23:06.997 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-28 08:39:27.584 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-07-27 22:41:43.309 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4200H CPU @ 2.80GHz Percentage of memory in use: 43% Total physical RAM: 8109.44 MB Available physical RAM: 4614.39 MB Total Virtual: 13485.44 MB Available Virtual: 9892.86 MB ==================== Drives ================================ Drive c: (OS_Install) (Fixed) (Total:423.37 GB) (Free:201.21 GB) NTFS Drive d: (Data) (Fixed) (Total:258.56 GB) (Free:157.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: CC2AE69A) Partition: GPT. ==================== End of Addition.txt ============================