Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2020 Ran by LakiCoece (08-01-2020 17:17:37) Running from C:\Users\LakiCoece\Downloads Windows 10 Pro Version 1909 18363.535 (X64) (2020-01-07 19:48:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1713871318-829081173-426852396-500 - Administrator - Disabled) ASPNET (S-1-5-21-1713871318-829081173-426852396-1002 - Limited - Enabled) DefaultAccount (S-1-5-21-1713871318-829081173-426852396-503 - Limited - Disabled) Guest (S-1-5-21-1713871318-829081173-426852396-501 - Limited - Disabled) LakiCoece (S-1-5-21-1713871318-829081173-426852396-1001 - Administrator - Enabled) => C:\Users\LakiCoece WDAGUtilityAccount (S-1-5-21-1713871318-829081173-426852396-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.23 - Adobe Systems) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated) Adobe Illustrator CC 2019 (HKLM-x32\...\ILST_23_0_1) (Version: 23.0.1 - Adobe Systems Incorporated) Adobe InDesign CC 2019 (HKLM-x32\...\IDSN_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated) Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated) Age of Empires II Definitive Ed. Build 34055 (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\Age of Empires II Definitive Ed. Build 34055) (Version: - HOODLUM) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.7.17 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 4.4.3.1557 - Bandicam.com) Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BFME2 PatchSwitcher Setup version 1.0 (HKLM-x32\...\{C206A02A-CD20-4AC2-9A17-B5D2653881F2}_is1) (Version: 1.0 - Paramartha Saha) BitTorrent (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\BitTorrent) (Version: 7.10.5.45416 - BitTorrent Inc.) Blender (HKLM\...\{F343C69A-4ABA-434C-9C73-12A519D269CD}) (Version: 2.80.0 - Blender Foundation) Borderlands 3 (HKLM-x32\...\Borderlands 3_is1) (Version: - ) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.74.1085 - AB Team, d.o.o.) CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform) Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU) Cossacks 3 Experience (HKLM-x32\...\Cossacks 3 Experience_is1) (Version: - ) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd) Discord (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Edain Mod (HKLM-x32\...\{64EC673E-0B9F-4D2E-9B98-0027ABBA0B27}_is1) (Version: 4.3 - Edain Mod Team) Epic Games Launcher (HKLM-x32\...\{53041896-BE90-4A26-9954-9E9FDC7D4495}) (Version: 1.1.229.0 - Epic Games, Inc.) Fraps (HKLM-x32\...\Fraps) (Version: - ) Gameloop (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com) Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.1868.0 - Rockstar Games) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}) (Version: 1.2.0238 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 71.0 (x64 en-US) (HKLM\...\Mozilla Firefox 71.0 (x64 en-US)) (Version: 71.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) NVIDIA Graphics Driver 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) Revo Uninstaller 2.1.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.0 - VS Revo Group, Ltd.) Rise of the Witch-King 2.02 (HKLM-x32\...\GameReplaysRotWK) (Version: - RotWK 2.02 Team) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.17.199 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.3 - Rockstar Games) Star Wars Jedi Fallen Order (HKLM-x32\...\Star Wars Jedi Fallen Order_is1) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stronghold Crusader 2 - Delivering Justice (HKLM-x32\...\Stronghold Crusader 2: Delivering Justice_is1) (Version: 2.2.0.7 - GOG.com) Stronghold Crusader 2 - The Emperor and The Hermit (HKLM-x32\...\Stronghold Crusader 2: The Emperor and The Hermit_is1) (Version: 2.0.0.5 - GOG.com) Stronghold Crusader 2 - The Jackall and The Khan (HKLM-x32\...\Stronghold Crusader 2: The Jackall and The Khan_is1) (Version: 2.0.0.5 - GOG.com) Stronghold Crusader 2 - The Princess and The Pig (HKLM-x32\...\Stronghold Crusader 2: The Princess and The Pig_is1) (Version: 2.0.0.5 - GOG.com) Stronghold Crusader 2 - The Templar and The Duke (HKLM-x32\...\Stronghold Crusader 2: The Templar and The Duke_is1) (Version: 2.0.0.5 - GOG.com) Stronghold Crusader 2 (HKLM-x32\...\1433852499_is1) (Version: 2.2.0.7 - GOG.com) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.1.3937 - TeamViewer) The Age of the Ring Mod for The Rise of the Witch-king version 4.0 (HKLM-x32\...\AOTR4.0_is1) (Version: 4.0 - AotR staff) The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - ) The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - ) Total War WARHAMMER II Curse of the Vampire Coast (HKLM-x32\...\Total War WARHAMMER II Curse of the Vampire Coast_is1) (Version: - ) Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version: - ) UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) Wargaming.net Game Center (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\Wargaming.net Game Center) (Version: 19.8.0.7920 - Wargaming.net) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation) World of Tanks EU (HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net) Packages: ========= Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.3566.0_x64__rz1tebttyb220 [2019-10-02] (Dolby Laboratories) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.9262.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Studios) [MS Ad] MSN Vrijeme -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-11] (Microsoft Corporation) [MS Ad] Photo Editor | Polarr -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.9.5.0_x64__jb41c8remg0x2 [2019-09-25] (Polarr) Pošta i kalendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad] Sketchable -> C:\Program Files\WindowsApps\SiliconBendersLLC.Sketchable_4.9.12.0_x64__r2kxzpx527qgj [2019-09-10] (Silicon Benders LLC) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1713871318-829081173-426852396-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-07] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Adobe Acrobat IX\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-07] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} => D:\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-05] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-07] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-05] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Adobe Acrobat IX\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-07] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => D:\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed] ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\WINDOWS\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\WINDOWS\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\WINDOWS\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed] HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> ) HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> ) ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2019-09-10 22:02 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2017-02-12 01:28 - 2015-09-28 19:08 - 000255488 _____ (Sysprogs OU) [File not signed] D:\WinCDEmu\x64\WinCDEmuContextMenu.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-09-11 01:30 - 2019-09-11 01:29 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1713871318-829081173-426852396-1001\Control Panel\Desktop\\Wallpaper -> E:\Posao\Dizajn_Radovi\SomethingOfMine\Castles and Fortresses\Neuschwanstein Castle\Neuschwanstein Castle-3.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Discord" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "Wargaming.net Game Center" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "f.lux" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-1713871318-829081173-426852396-1001\...\StartupApproved\Run: => "launchOnStartup" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B4ADE2A8-47AA-4953-B5D3-22993D28066E}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of Legions\RiseOfLegions.exe () [File not signed] FirewallRules: [{FC560624-8A39-4B30-A40D-645219799761}] => (Allow) D:\SteamLibrary\steamapps\common\Rise of Legions\RiseOfLegions.exe () [File not signed] FirewallRules: [UDP Query User{6D46EBC2-5CDA-4645-B502-6FC66DB25550}D:\download\tom clancy's ghost recon wildlands\grw.exe] => (Block) D:\download\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> ) FirewallRules: [TCP Query User{EF7CB065-BE56-47EC-9372-3DF982E4AD71}D:\download\tom clancy's ghost recon wildlands\grw.exe] => (Block) D:\download\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> ) FirewallRules: [UDP Query User{23C7C4C5-928C-4827-AAF7-EBE40B6058D6}D:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive) FirewallRules: [TCP Query User{8E1B6F46-BFEE-40AF-9D63-D7D0A5A225B3}D:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\sandstorm\insurgency\binaries\win64\insurgencyclient-win64-shipping.exe (New World Interactive LLC -> New World Interactive) FirewallRules: [{3E8AA312-AF7E-46DA-98B3-A05F21EE4AFD}] => (Allow) D:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.) FirewallRules: [{622D4A9C-4D59-4B8A-8E72-390BCCE4B03D}] => (Allow) D:\SteamLibrary\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.) FirewallRules: [{199729EB-769F-409A-9F60-6C5520F9072C}] => (Allow) D:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{2C0AA7A6-4C83-4333-A1AC-F83E8C6A35F4}] => (Allow) D:\SteamLibrary\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [UDP Query User{5CF73FC7-DDAE-426F-A6DC-7250DA172B0A}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{33BB67FC-B340-4892-85BD-C717F80E989D}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{FE356AB0-2C2C-412E-8A41-54B75081CF0E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{FCDD22C3-AD8A-4CA5-A3CD-56EC71000206}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F4E9484E-0B68-4608-B840-A4ACDE23F70F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{565A6698-54D9-4358-8EF6-D6CA32AA5316}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BCEB14A7-A9A8-42A0-93EC-C9F275167A36}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [{E25910BB-5A9A-4B93-8808-136DA9A59A8A}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe (Valve -> ) FirewallRules: [{4E02ACF6-169D-41D6-ACDC-1F901CD6E6C2}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed] FirewallRules: [{CA5DBF99-4753-4A02-9FE6-FEA9587FF318}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Soulstorm\Soulstorm.exe (Relic Entertainment, Inc. -> Sega Corporation) [File not signed] FirewallRules: [{210FC256-7815-49C4-BF5C-48CDAACB660B}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Gold\W40kWA.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{9A8B59CD-B62F-47E9-8E0B-9AD1027F6820}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Gold\W40kWA.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{0E6FBEDB-8CCE-4E77-9A0D-D612C83B74D7}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{DAF6E4D6-023F-459B-AC99-670268BD0C84}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Dark Crusade\darkcrusade.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{0811E850-4167-432E-ADC1-7E484E4463F1}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Gold\W40k.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{0D5E8EE6-E288-4129-A41A-3B8B3C69D7E8}] => (Allow) D:\SteamLibrary\steamapps\common\Dawn of War Gold\W40k.exe (Relic Entertainment, Inc. -> Sega Corporation) FirewallRules: [{F859A66A-4C88-4AC6-A859-163371130802}] => (Allow) D:\Games\Age of Empires II\age2_x1\age2_x1.0c.exe (Microsoft Corporation) [File not signed] FirewallRules: [{6308F138-C545-4364-A7F7-242F36AF85CA}] => (Allow) D:\Games\Age of Empires II\age2_x1\age2_x1.0c.exe (Microsoft Corporation) [File not signed] FirewallRules: [UDP Query User{0760266E-068C-4EB7-9A07-D99012E198D6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{7EDE9C3D-BA31-41FE-AC4C-EAD3A99DC0D9}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{96A56A19-2143-4D41-9E02-A1D6D4B85DFE}] => (Allow) D:\Games\Age of Empires II\age2_x1\age2_x1.5.exe (Microsoft Corporation) [File not signed] FirewallRules: [{36538CCA-54D1-423B-A2A6-F378184379D3}] => (Allow) D:\Games\Age of Empires II\age2_x1\age2_x1.5.exe (Microsoft Corporation) [File not signed] FirewallRules: [UDP Query User{60313E32-A9DE-43CE-8D8C-9784F6591322}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [File not signed] FirewallRules: [TCP Query User{49467532-3AD8-490D-9D7A-206CAD4ABC74}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Block) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe (Respawn Entertainment) [File not signed] FirewallRules: [UDP Query User{E37DFEE6-045A-4505-8C80-BC373D162668}D:\games\world_of_tanks_eu\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{A82EB321-49FD-4518-B850-0EB02301693A}D:\games\world_of_tanks_eu\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{C2B20E15-9D38-418F-B51F-BFEB51D83388}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{1C4F1B53-200B-4571-9306-217A18FD94B5}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [UDP Query User{9768D256-CF50-45BF-B32F-6EBA76B987A1}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software) [File not signed] FirewallRules: [TCP Query User{7C91E3AC-C867-4F47-AA88-DFBF8D4BC043}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe (Gearbox Software) [File not signed] FirewallRules: [{E6564CCE-6DDC-4F44-B141-CE2F4FD4F0F4}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{F39D6B55-A710-404C-9AB2-B7DA8C1B716C}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{F57BE923-0097-404E-BDE2-7FB53074D523}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{B110581D-256B-4F62-B607-D23E1AA61D64}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [UDP Query User{9D283F53-AB0A-49A1-8710-2C943FFF0D22}D:\games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Block) D:\games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe (Firefly Studios Limited -> ) FirewallRules: [TCP Query User{EFE6145A-F4C0-4E2F-A75C-29D123601EA0}D:\games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Block) D:\games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe (Firefly Studios Limited -> ) FirewallRules: [{64D91496-A62B-4379-A36A-D5F3F6430CE1}] => (Allow) d:\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{E7393EFF-9D9C-4648-BDF1-1761ECB746D4}] => (Allow) d:\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{171492B7-64C7-433F-A8D0-777B82606372}] => (Allow) d:\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{2C86C07B-E3B8-4331-959B-245136CF646B}] => (Allow) d:\txgameassistant\ui\adb.exe () [File not signed] FirewallRules: [{CC65E9D2-BDCE-4A64-B29A-7F078598DFF5}] => (Allow) d:\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{C777848E-269B-455F-B68B-166160CCCEEA}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{3E3F5738-051D-47F2-ACDE-6678C2F352EA}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{EF3EE2AC-CAC9-4836-987A-3CD9D8E8A6D6}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{AAF076E7-7BA5-402B-A9FE-E585B96F20CD}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\Tencent\TxGameAssistant\GameDownload\TenioDL.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{BB3399B3-B9DC-44F8-9C01-5030A34AE319}] => (Allow) d:\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{5BE60F77-D5EA-4690-B831-BD9B19C83369}] => (Allow) d:\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [{C7E585FF-D902-4713-99B7-67CD742D6EA3}] => (Allow) d:\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{CD19362F-B92F-44D5-B98E-22F844C3E45F}] => (Allow) d:\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司) FirewallRules: [{0F532392-33F3-4401-86BD-A20847DA6CAB}] => (Allow) d:\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{CEFC3D97-159A-48C3-ABC1-E6C17FC3B923}] => (Allow) d:\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent) FirewallRules: [UDP Query User{01B583A0-5FB0-449C-A048-FAF9A3E6643F}D:\games\rotwk\game.dat] => (Allow) D:\games\rotwk\game.dat (Electronic Arts Inc.) [File not signed] FirewallRules: [TCP Query User{F5B3CE04-A006-45A7-9083-7F584D610AD7}D:\games\rotwk\game.dat] => (Allow) D:\games\rotwk\game.dat (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{CC4AC16F-AC59-4F19-911D-DD593207A24D}C:\users\lakicoece\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\lakicoece\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd) FirewallRules: [TCP Query User{8F235DD4-DC8F-4089-8FC3-82451C2DC41C}C:\users\lakicoece\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\lakicoece\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd) FirewallRules: [{1508B22F-4296-4E00-972C-F7B4D7A201C9}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{6D955F4A-54F2-41AB-92D4-EC20780038CA}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd) FirewallRules: [{B3BB98FE-CBFF-47E0-A4ED-5393C6FFC9B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C343E8F6-4A12-4366-9090-D83C8148CCB3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{60DB5E6C-3C11-470D-907F-2C6131A0BCE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BFA1772B-87E9-4FEB-A7B0-387F86196428}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{448D386C-90E6-45B3-BCCE-1B571839462F}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{DC872B05-6A20-4A1B-A0F0-2028F97B3663}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{7A6525FF-3D66-46B2-83B6-3718CC387687}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{227DF5D7-5ADA-471A-AEEA-492A78C6274C}] => (Allow) D:\SteamLibrary\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{F2D37153-7DA0-4241-91C3-793588808EC4}] => (Allow) D:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.) FirewallRules: [{B10D35F3-23D1-4861-9821-F945864555D3}] => (Allow) D:\SteamLibrary\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.) FirewallRules: [TCP Query User{F691332E-EDD2-44AE-B22E-0C140981DED5}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{B693FFBF-FD56-4325-AB1D-C6CD672126DB}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{7AC1ABB1-1C17-4684-841E-B55E2DB99169}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{6E35E11E-986F-4A11-9403-37C63E761DE3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [{00A78AED-0356-4CAF-8600-F510B2FDA496}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{559AF54A-9D20-4F23-887B-EC8C3F420421}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{2288596F-CAE7-48BB-8976-2A037051BE7E}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{7BE971AB-8E9D-4285-8D43-29C0DCBDF2A4}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software) FirewallRules: [{C1D09E98-4542-4CAD-85AF-AB198C3BE65E}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [{552CE56F-72C8-4818-915D-2FF708ACDE0A}] => (Allow) D:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.) FirewallRules: [TCP Query User{6A2E4755-A8E2-40E7-9ADE-454FC7692AD7}D:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [UDP Query User{E14A7045-EEAC-480A-BD65-29404BABECC4}D:\games\world_of_tanks_eu\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net) FirewallRules: [TCP Query User{1DB1E86F-E034-492E-AF40-CB8DB33FAD60}D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [UDP Query User{DA5BC0C4-0B72-45CC-A665-3549B4532BC0}D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [TCP Query User{AA6F226C-9AA1-4E15-ACC7-36076FFEBD64}D:\games\total war warhammer ii curse of the vampire coast\warhammer2.exe] => (Block) D:\games\total war warhammer ii curse of the vampire coast\warhammer2.exe (Valve -> The Creative Assembly Ltd) [File not signed] FirewallRules: [UDP Query User{457D3CD9-1B88-4456-AA8F-A1D59B28BD6E}D:\games\total war warhammer ii curse of the vampire coast\warhammer2.exe] => (Block) D:\games\total war warhammer ii curse of the vampire coast\warhammer2.exe (Valve -> The Creative Assembly Ltd) [File not signed] FirewallRules: [{EADEF043-D4D9-4FDB-B083-4FAE2C9A85C3}] => (Allow) D:\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4328CF00-DBA6-448E-924B-360EDB74CAB8}] => (Allow) D:\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6BA5EC37-C65B-4158-80C3-5B0698BE3EC5}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{86FACD85-7C11-47F3-8742-B7E97B8BE9AB}] => (Allow) D:\Microsoft Office\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9F5FEF56-0B57-4A18-842A-D94967D1E44A}] => (Allow) D:\Microsoft Office\Office14\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{28DBF252-7AF9-4D90-B518-474F4AC0DF09}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> ) FirewallRules: [UDP Query User{0DCCBFAB-FA56-4532-A7B6-5DA29EC33ECB}D:\games\hearthstone\hearthstone.exe] => (Allow) D:\games\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> ) FirewallRules: [TCP Query User{16CA2FC9-A1DD-41E6-A138-B980E7BBD185}D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [UDP Query User{0E04DA1E-5E0B-4E04-8C36-338758C5E7E0}D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Allow) D:\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) FirewallRules: [{C9B210EA-551D-4E1D-B87F-B419457FD4E0}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F6AFFB63-3053-47A3-8C8D-DA1E1D1E6E9B}] => (Allow) C:\Users\LakiCoece\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B7FDCADA-C1BD-4238-BF27-34B78E6BC067}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed] FirewallRules: [{062B9205-999C-4B4C-850D-DB3FF5DD325E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe (Popcorn Time) [File not signed] ==================== Restore Points ========================= 07-01-2020 21:13:58 Windows Update ==================== Faulty Device Manager Devices ============ Name: Wireless Gamepad F710 Description: Wireless Gamepad F710 Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (01/07/2020 09:16:05 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY) Description: Disabled performance counter data collection from the "Outlook" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service. Error: (01/07/2020 09:16:05 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1021) (User: NT AUTHORITY) Description: Windows cannot open the 32-bit extensible counter DLL "D:\Microsoft Office\Office14\OLMAPI32.DLL" in a 64-bit environment (Win32 error code 193). Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe. Error: (01/07/2020 09:16:01 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY) Description: Disabled performance counter data collection from the "ASP.NET_1.1.4322" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service. Error: (01/07/2020 09:16:01 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1021) (User: NT AUTHORITY) Description: Windows cannot open the 32-bit extensible counter DLL "C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll" in a 64-bit environment (Win32 error code 193). Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe. Error: (01/07/2020 08:43:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: The Cryptographic Services service failed to initialise the Catalogue Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure . Error: (01/07/2020 08:42:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: The Cryptographic Services service failed to initialise the Catalogue Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure . Error: (01/07/2020 08:42:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: The Cryptographic Services service failed to initialise the Catalogue Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure . Error: (01/07/2020 08:42:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 256) (User: ) Description: The Cryptographic Services service failed to initialise the Catalogue Database. The error was: -2147418113 (0x8000ffff) : Catastrophic failure . System errors: ============= Error: (01/08/2020 04:44:14 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY) Description: The BITS service failed to start. Error 2147500053. Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/07/2020 09:21:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Windows Defender: =================================== Date: 2020-01-07 21:18:47.323 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Bluteal!rfn&threatid=2147724737&enterprise=0 Name: Trojan:Win32/Bluteal!rfn ID: 2147724737 Severity: Ozbiljno Category: Trojanski softver Path: file:_C:\Windows\System32\winscomrssrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\rundll32.exe Security intelligence Version: AV: 1.307.1911.0, AS: 1.307.1911.0, NIS: 1.307.1911.0 Engine Version: AM: 1.1.16600.7, NIS: 1.1.16600.7 Date: 2020-01-07 20:49:14.146 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\StartupCheckLibrary.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe Security intelligence Version: AV: 1.303.701.0, AS: 1.303.701.0, NIS: 1.303.701.0 Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2 Date: 2020-01-07 20:49:13.952 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\StartupCheckLibrary.dll; process:_pid:2156,ProcessStart:132229001195472372 Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.303.701.0, AS: 1.303.701.0, NIS: 1.303.701.0 Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2 Date: 2020-01-07 20:48:56.733 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\StartupCheckLibrary.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe Security intelligence Version: AV: 1.303.701.0, AS: 1.303.701.0, NIS: 1.303.701.0 Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2 Date: 2020-01-07 20:48:44.856 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\StartupCheckLibrary.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.303.701.0, AS: 1.303.701.0, NIS: 1.303.701.0 Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2 CodeIntegrity: =================================== Date: 2020-01-08 17:00:54.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.532 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.519 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.506 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.491 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.478 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.465 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-08 17:00:54.447 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1802 05/20/2016 Motherboard: ASUSTeK COMPUTER INC. H110M-K Processor: Intel(R) Core(TM) i5-6600 CPU @ 3.30GHz Percentage of memory in use: 49% Total physical RAM: 8128.67 MB Available physical RAM: 4140.04 MB Total Virtual: 14784.67 MB Available Virtual: 9632.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.09 GB) (Free:147.28 GB) NTFS Drive d: (Buksa) (Fixed) (Total:931.39 GB) (Free:206.12 GB) NTFS Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:201.58 GB) NTFS \\?\Volume{3bedaa92-2c8c-4a8a-845a-f57ae7b5ceed}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS \\?\Volume{b8254eb5-3dc3-4ce5-91ad-01b7c8cc4e6c}\ () (Fixed) (Total:0.83 GB) (Free:0.36 GB) NTFS \\?\Volume{16ef4ea7-ecc1-4248-82e3-e8fad9bf6d11}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: C4713AD4) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt =======================