Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.04.2018 Ran by William (16-04-2018 17:38:38) Running from C:\Users\Helen\Desktop Windows 8.1 (Update) (X64) (2015-02-24 20:34:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1890713058-2806932541-3226652281-500 - Administrator - Disabled) => C:\Users\Administrator ASPNET (S-1-5-21-1890713058-2806932541-3226652281-1005 - Limited - Enabled) Guest (S-1-5-21-1890713058-2806932541-3226652281-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1890713058-2806932541-3226652281-1004 - Limited - Enabled) William (S-1-5-21-1890713058-2806932541-3226652281-1002 - Administrator - Enabled) => C:\Users\Helen ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Akamai) (Version: - Akamai Technologies, Inc) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) ASUS FaceKey (HKLM-x32\...\{ACE24C70-743B-43B0-8045-817FF050800B}) (Version: 4.1.0.0 - ) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS) ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.025 - ASUS) ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0014 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS) ASUS Video DSP (HKLM-x32\...\{B80DB514-46E5-43AA-B68C-1EBBF5CF7D34}) (Version: 1.0.000 - ) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation) ASUSDVD (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) Hidden ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Hidden Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.99 - Broadcom Corporation) CrystalDiskInfo 7.5.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.1 - Crystal Dew World) CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5415 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.3625 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAZ Install Manager (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\DAZ Install Manager 1.1.0.74) (Version: 1.1.0.74 - DAZ 3D) Diablo (HKLM-x32\...\Diablo) (Version: - ) Diablo (HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\Diablo) (Version: - ) Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dungeons & Dragons Online v2600.0045.4801.4249 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.4801.4249 - Atari, Inc.) Dungeons & Dragons Online™: Stormreach™ v04.01.33.0131 (HKLM-x32\...\15b35190-c6f9-11d9-9669-0800200c9a66_is1) (Version: 04.01.33.0131 - Atari, Inc.) ETDWare PS/2-X64 11.5.9.1_WHQL (HKLM\...\Elantech) (Version: 11.5.9.1 - ELAN Microelectronic Corp.) FirestormOS-Releasex64 (HKLM\...\FirestormOS-Releasex64) (Version: 5.0.7.52912 - The Phoenix Firestorm Project, Inc.) G4E (HKLM-x32\...\{876A0B91-9E2F-562E-D1F6-C9D8F3C85894}) (Version: 1.7 - UNKNOWN) Hidden G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN) Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.23.9 - Google Inc.) Hidden GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org) Gyazo 3.3.5 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) Hero Editor V0.96 (HKLM-x32\...\ST6UNST #1) (Version: - ) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team) Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming) NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation) NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6.1 - Project64) PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts) Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.) Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.8.329115 - Linden Research, Inc.) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype version 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts) The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts) The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts) The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts) The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.12.118.1020 - Electronic Arts Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6955 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2325} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2015-07-22] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-11-18] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {32A10A56-E9D1-4FED-8903-6F68403B72B4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated) Task: {39E8267E-3E9C-4B8B-A5F5-22890626EF54} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {3A33E21B-EC11-4A67-9969-6C56938DA72D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {4133EF87-9EA0-43F3-B159-104C11D129E0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {46957674-5A56-4C06-B031-0D18D77E3A11} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.) Task: {52F0E938-9493-4C50-9CD9-4D48F1DDCE7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {53260357-5DEE-44A0-BAE5-413AB62A09B0} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-12-21] (Nota Inc.) Task: {5E0106D2-1337-493B-8AEB-2EF94A1A7BBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {82449A1C-308D-4C26-9639-0E560FBAB155} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {8F481014-2626-43C6-AA03-60C5D60C65DC} - System32\Tasks\{8FDAF6B1-D4FE-425E-B887-9607E74D5089} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Diablo II\Diablo II.exe" -d "C:\Program Files (x86)\Diablo II\" Task: {A4154356-8974-408B-BC20-5A0AB760631D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-04] (ASUS) Task: {B0A92E6E-F561-415E-9595-CB6ECFA0BFA6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation) Task: {B1A8A353-590E-4BE0-A79E-3254A555583B} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] () Task: {B721765F-2585-4785-B5C7-2BD7FA78C5C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {C401E0D2-FBE4-4581-AECE-C618E1F0FE85} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-07-31] (ASUSTeK Computer Inc.) Task: {D20C4A0E-56E7-41BC-8E2E-0D5D983305FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {D81E9C26-D40F-4429-8A05-F1BC0625731F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS) Task: {DC693585-5FFB-41E1-AA4E-281BB09CF32B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.) Task: {DE34117A-775A-4D95-9442-61FA71892578} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated) Task: {FDC39426-0BA7-47C0-8934-25AE9C0BC0F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Helen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481 ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\billm.actionpro@gmail.com - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Helen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Thomas - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-02-24 06:42 - 2015-07-22 21:31 - 000116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-12-19 02:10 - 2012-12-19 02:10 - 000072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe 2013-05-20 15:52 - 2013-05-20 15:52 - 000049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2013-07-23 12:54 - 2013-07-23 12:54 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2018-03-20 21:20 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll 2018-03-20 21:20 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll 2018-02-15 13:03 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2016-03-17 21:26 - 2014-04-09 10:08 - 000943128 _____ () C:\Program Files (x86)\GSAutoClicker3\GSAutoClicker.exe 2013-04-29 17:17 - 2013-04-29 17:17 - 000587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2015-05-25 16:14 - 2016-05-02 02:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-04-10 19:07 - 2018-01-10 22:05 - 000784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-04-10 19:07 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-04-10 19:07 - 2018-04-02 19:34 - 002631968 _____ () C:\Program Files (x86)\Steam\video.dll 2017-04-10 19:07 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-04-10 19:07 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-12-19 00:29 - 2017-12-19 21:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll 2017-12-19 00:29 - 2017-12-19 21:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll 2017-12-19 00:29 - 2017-12-19 21:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll 2017-12-19 00:29 - 2017-12-19 21:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll 2017-12-19 00:29 - 2017-12-19 21:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll 2017-04-10 19:07 - 2018-04-02 19:34 - 000977184 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-04-10 19:07 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2017-06-12 00:32 - 2017-09-06 22:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll 2017-04-10 19:09 - 2017-12-13 17:16 - 071471392 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2017-04-10 19:07 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll 2013-09-22 17:26 - 2013-06-23 23:05 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-04-27 13:24 - 2013-04-27 13:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2018-01-11 03:35 - 000000834 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Helen\Desktop\Venom Background.BMP DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "UMonit64" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "ASUSPRP" HKLM\...\StartupApproved\Run32: => "ASUSWebStorage" HKLM\...\StartupApproved\Run32: => "ROGNB" HKLM\...\StartupApproved\Run32: => "CLMLServer" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Power2GoExpress" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-1890713058-2806932541-3226652281-1002\...\StartupApproved\Run: => "Gyazo" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E06AF586-5A39-4BAE-BD9D-170780FF2476}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{16BF11DE-4CD2-4878-B6EC-3E6636D906F3}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{70547C1E-6E46-472A-B8A9-E6FF0D1AF32F}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{EAE7BE05-3561-48BB-8C09-8BCF92543DCD}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{900FCC64-4C7A-4012-8B76-F02384117041}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe FirewallRules: [{BC970E24-9DF6-49DF-992A-BCFA173F2CFF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{2A029294-8A02-402F-99D0-08C5F99B2E39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B6B83F47-7446-4E7C-97E5-27596803780E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{45A07B78-43C3-4FF9-99BE-450159D534EC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{B64A60EC-7ABF-4AC3-8723-E2E4A268663E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{BA823A81-F9F9-4509-AD11-50871818A3D4}] => (Allow) LPort=1900 FirewallRules: [{C020560D-B2F6-4AFB-9602-E7FE4F36FA22}] => (Allow) LPort=2869 FirewallRules: [{DA559833-D4A8-4FA4-85BC-6140C8595D3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D009B1B0-29CD-4A15-8676-1D7E51C327F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{273DE542-82F9-4F37-AA2A-E4FEF3581A62}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{02063DAF-2652-4473-9CCB-E8F8281625E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{0B35E932-D77A-4EE4-9C17-CC82FE2A52AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{33A64F54-BEF4-421D-886F-378B3A17CF8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{DFA72DB3-5311-4BC9-9040-08B07B6A7994}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{E545F16F-D1EA-4E39-A961-809193599A1B}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [TCP Query User{3F227998-3EE2-4BA7-BE5C-E22BC601F399}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{3E1A4184-7019-4903-842E-1A95DE35B3DF}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{BC603971-9108-4098-A0E0-C9488FD98CE0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{3D3A1646-F63A-4A76-801A-006800FDDA77}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{7EA0D9AE-7B09-4912-AE41-8AED76904CD3}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe FirewallRules: [UDP Query User{1354F315-32BF-4099-A958-5884A0151594}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe FirewallRules: [TCP Query User{903F86CD-ADDB-4F75-B103-2BEB39FE7DD5}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{6DFDF29A-D47C-4AC2-94E0-4E3B7FAEBABB}C:\users\helen\desktop\secondlifeviewer\slvoice.exe] => (Block) C:\users\helen\desktop\secondlifeviewer\slvoice.exe FirewallRules: [TCP Query User{3ED77A88-1280-4352-B58E-3D1E9C4FF63A}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{371644E6-C095-494A-81C1-8D1301C9E5FC}C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base41810\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{4134396A-D730-4D85-A986-3236C3185EF6}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe FirewallRules: [UDP Query User{59268E5D-E919-4846-A650-562ED28BF864}C:\users\helen\downloads\downloader_diablo2_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_enus.exe FirewallRules: [TCP Query User{73441189-5584-48DD-9D95-E8DA317A8019}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe FirewallRules: [UDP Query User{98391BFA-74F3-4803-B779-2548EA9365E5}C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe] => (Allow) C:\users\helen\downloads\downloader_diablo2_lord_of_destruction_enus.exe FirewallRules: [TCP Query User{DB9C7446-F7B6-4C0C-ABC6-5B94A34E19A6}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe FirewallRules: [UDP Query User{E17191F1-2FCF-4D83-90B9-71C82746D6A2}C:\program files (x86)\diablo ii\game.exe] => (Allow) C:\program files (x86)\diablo ii\game.exe FirewallRules: [TCP Query User{18E55351-0374-4588-9209-E4FC46C59EB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{B77409A1-E5DE-4C44-87C8-08B01E4F3569}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe FirewallRules: [UDP Query User{FB3F4304-CC6C-4FD9-827D-777AE09EC318}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe FirewallRules: [TCP Query User{64B9F69E-F620-4677-8F62-245C72B3536D}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{72A1BA4D-B869-48A1-AA84-BDF11A5E175B}C:\users\helen\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\helen\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{8DABF5CE-6420-44DB-B69C-2CE9F08F7C3A}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe FirewallRules: [UDP Query User{5022CFCB-2CC2-4478-A704-AC5412B901B2}C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe] => (Allow) C:\users\public\daybreak game company\installed games\dc universe online\unreal3\binaries\win32\dcgame.exe FirewallRules: [TCP Query User{2737C6A1-FCCC-4ED8-8EFA-CA41C9460CB0}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe FirewallRules: [UDP Query User{988188E5-99CE-471B-8EB6-C8B720FFB75F}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe FirewallRules: [TCP Query User{A77B543C-5208-4D88-866F-E3B6BEEB1B51}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe FirewallRules: [UDP Query User{16517458-4D0B-4F0A-8B6A-A30B82A7AACF}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe FirewallRules: [TCP Query User{162D6D26-4627-45DD-BD02-F7A82FE33277}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{732EEC98-7708-4F29-83C7-43EAACBFD3B7}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{87759DFE-79B6-451F-A7DB-D197B838A80D}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{76641115-152A-4F0B-986C-395064A0F3E4}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe FirewallRules: [TCP Query User{80DE36A5-0CC0-4A21-BB00-BAD294741B88}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe FirewallRules: [UDP Query User{6E5AB2B6-DB68-4855-B800-36F7D0C65A50}C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe] => (Allow) C:\program files (x86)\origin games\plants vs zombies garden warfare\pvz.main_win64_retail.exe FirewallRules: [{B4036589-123F-4815-87C3-4ECFB011314A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{94A2DE39-73DA-4B69-AEEF-79DF8D2BDF86}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe FirewallRules: [{D9D1918B-6FBF-4C79-A73F-384AB4CC7CC3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8F4F5C91-D9D5-4A51-AEDE-C7CD82A9588C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D4344B23-ED80-4116-BFE5-BEBC1AF88263}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{60CB10A3-B46B-4BDF-AF07-C3926CC8F539}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{CF17B1B5-5281-47CA-88E3-3902C18BB1AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe FirewallRules: [{688A68DF-65FA-43BA-A1A1-DCD0764A4201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe FirewallRules: [TCP Query User{A11CD566-AEB9-4EA9-B3E6-95E206151088}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [UDP Query User{3333A87B-832A-4244-A794-56B7766E7E49}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [{F5DF5364-4F28-4BA4-B611-2923CCE8BCC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe FirewallRules: [{38802C04-79FE-4DA4-9884-450E87DE3C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\CreationKit.exe FirewallRules: [{9D1F6657-47AC-4787-9511-D3E47053CDA2}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{7A084805-D6B3-41BB-9FAF-AAD8BBCD514D}] => (Allow) C:\Users\Helen\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{1FDB9832-0A33-4463-90B0-63F6DEDFFD47}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe FirewallRules: [UDP Query User{47351884-AC08-4B38-B871-C1F5893BAEBE}C:\program files (x86)\arc\arcchat.exe] => (Allow) C:\program files (x86)\arc\arcchat.exe FirewallRules: [TCP Query User{D2B69A72-6D87-4D70-8354-99A7CC9A6ABD}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe FirewallRules: [UDP Query User{03C98CBF-79DB-40DD-A1A5-C640A0D55268}C:\program files (x86)\slv\slvoice.exe] => (Block) C:\program files (x86)\slv\slvoice.exe FirewallRules: [TCP Query User{DBCD3B63-9350-4D26-882B-9ABAB0870B06}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe FirewallRules: [UDP Query User{B6A8B5FB-6EA1-4196-B893-8144A2EA3410}C:\program files\firestormos-releasex64\slvoice.exe] => (Allow) C:\program files\firestormos-releasex64\slvoice.exe FirewallRules: [{C7934333-29D5-466F-B175-B032D846D7D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{2523FA86-419D-466B-A953-3FC8324C7867}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{4E7E95F9-23F4-429C-B158-5DE43180A2C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe FirewallRules: [{4B8908DC-00DD-4971-90A2-896A12410E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe FirewallRules: [{BCFAC982-EBD4-42E1-B7D7-7B00F6EF89E7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [{A63579C7-527F-4081-A264-65A63CA63066}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe FirewallRules: [TCP Query User{F92AC4E7-DE65-4F7D-AFC5-77C21F29790A}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe FirewallRules: [UDP Query User{081EDCDB-5BA3-45DF-8B7C-C18C453BEAB1}C:\users\helen\appdata\local\vghd\bin\vghd.exe] => (Allow) C:\users\helen\appdata\local\vghd\bin\vghd.exe FirewallRules: [TCP Query User{8B5766F4-8680-4E6F-8D71-2A05C1E0FD3A}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe FirewallRules: [UDP Query User{0AF078FA-5B3F-4747-A8C6-CC189398AFF2}C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\x86\gameclient.exe FirewallRules: [TCP Query User{481B1F8A-B360-4E9C-B34C-883BA5E309A0}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe FirewallRules: [UDP Query User{E63D5A46-8440-4C7D-B2CF-83A1729BAD52}C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe] => (Allow) C:\users\helen\desktop\pics\monsters\af\botn\radiant\binaries\win64\radiant-win64-shipping.exe FirewallRules: [{4DD53874-1607-425B-AE25-440D1B94127D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-03-2018 18:50:51 Scheduled Checkpoint 10-04-2018 16:52:50 restore point uno ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/12/2018 09:24:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8 Faulting module name: USER32.dll, version: 6.3.9600.18946, time stamp: 0x5a9a3a38 Exception code: 0xc0000142 Fault offset: 0x00000000000ecf30 Faulting process id: 0xb9c Faulting application start time: 0x01d3d2c62621cbef Faulting application path: C:\WINDOWS\System32\rundll32.exe Faulting module path: USER32.dll Report Id: 64fabd86-3eb9-11e8-bec8-240a646e54e5 Faulting package full name: Faulting package-relative application ID: Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer Shadow Copy Optimization Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer COM+ REGDB Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer Registry Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer WMI Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer MSSearch Service Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/10/2018 04:52:43 PM) (Source: SPP) (EventID: 16389) (User: ) Description: Writer System Writer experienced retryable error during shadow copy creation. Retrying... More info: . Error: (04/09/2018 08:51:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY) Description: Windows cannot load classes registry file. DETAIL - The process cannot access the file because it is being used by another process. System errors: ============= Error: (04/12/2018 08:23:33 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (04/12/2018 08:23:02 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (04/12/2018 04:12:54 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (04/09/2018 09:03:49 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH) Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout. Error: (04/09/2018 09:03:19 PM) (Source: DCOM) (EventID: 10010) (User: MARTOVICH) Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout. Error: (04/09/2018 08:53:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (04/09/2018 08:53:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/09/2018 08:49:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. Windows Defender: =================================== Date: 2018-04-12 20:23:05.651 Description: Windows Defender scan has been stopped before completion. Scan ID: {1F360583-CFDD-431B-B856-F6D2B7FA49DD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-09 21:03:51.541 Description: Windows Defender scan has been stopped before completion. Scan ID: {5ECD261E-59C8-4C02-ADBF-7BA01F8FAC1A} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-09 19:12:19.162 Description: Windows Defender scan has been stopped before completion. Scan ID: {9F8B7ADC-8771-43F0-8BF6-E1D176ED25C8} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-08 19:11:47.970 Description: Windows Defender scan has been stopped before completion. Scan ID: {0AE19DD6-658C-4914-8D95-1897EFC5CEF5} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-06 16:20:54.119 Description: Windows Defender scan has been stopped before completion. Scan ID: {B34E58D8-33CD-4F0E-9938-08847D4A9E49} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-04-16 16:39:29.806 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.265.524.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14700.5 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-16 16:39:29.806 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.265.524.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14700.5 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-16 16:39:28.735 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-16 16:39:28.735 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Signature Type: Update Type: Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Date: 2018-04-16 16:39:16.902 Description: Windows Defender has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.265.524.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.14700.5 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz Percentage of memory in use: 76% Total physical RAM: 8109.48 MB Available physical RAM: 1935.05 MB Total Virtual: 15277.48 MB Available Virtual: 5905.09 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.96 GB) (Free:622.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (DIABLO) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS \\?\Volume{b9e7f4ef-af0e-4833-8d18-8734083c2c23}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.56 GB) NTFS \\?\Volume{7715cf4e-3bdc-4576-a1f3-3515654215ac}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS \\?\Volume{58e02f92-09df-465c-b69a-1bd36bd53726}\ (Restore) (Fixed) (Total:20.01 GB) (Free:9.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 5B98F280) Partition: GPT. ==================== End of Addition.txt ============================