Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-08-2017 Ran by asus (11-08-2017 18:08:53) Running from C:\Users\asus\Desktop Windows 10 Pro Version 1607 (X64) (2016-12-05 13:06:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3077491925-2672696224-801911577-500 - Administrator - Disabled) asus (S-1-5-21-3077491925-2672696224-801911577-1001 - Administrator - Enabled) => C:\Users\asus DefaultAccount (S-1-5-21-3077491925-2672696224-801911577-503 - Limited - Disabled) Guest (S-1-5-21-3077491925-2672696224-801911577-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.1.2070 - Open Media LLC) ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.3 - Adobe Systems Incorporated) Adobe Reader 9.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A92000000001}) (Version: 9.2.0 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs) Airytec Switch Off (HKLM\...\Airytec Switch Off) (Version: 3.5.1 - Airytec) Amnesia: The Dark Descent (HKLM\...\Steam App 57300) (Version: - Frictional Games) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS) AutoCAD 2016 - Français (French) (HKLM\...\{5783F2D7-F001-040C-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - Français (French) (HKLM\...\{5783F2D7-F001-040C-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk) Autodesk AutoCAD 2016 - Français (French) (HKLM\...\AutoCAD 2016 - Français (French)) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk) Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Battle.net (HKLM-x32\...\Battle.net) (Version: - ) BitTorrent (HKU\S-1-5-21-3077491925-2672696224-801911577-1001\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve) Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6) (Version: 1.0 - Bcs16 Romania) Diablo (HKLM-x32\...\Diablo) (Version: - ) ESET Internet Security (HKLM\...\{9F68FC91-8E40-44D0-BD9B-BB89711DC3E7}) (Version: 10.0.369.0 - ESET, spol. s r.o.) Google Chrome (HKU\S-1-5-21-3077491925-2672696224-801911577-1001\...\Google Chrome) (Version: 29.0.1530.2 - Google Inc.) Half-Life (HKLM\...\Steam App 70) (Version: - Valve) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation) IsoBuster 4.0 (HKLM-x32\...\IsoBuster_is1) (Version: 4.0 - Smart Projects) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3077491925-2672696224-801911577-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 55.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0 (x86 en-US)) (Version: 55.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.0.6424 - Mozilla) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Penumbra: Black Plague (HKLM\...\Steam App 22120) (Version: - Frictional Games) Quake III Arena Point Release 1.32 (HKLM-x32\...\Quake III Arena Point Release 1.32) (Version: - ) Quake Live (HKLM\...\Steam App 282440) (Version: - id Software) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7654 - Realtek Semiconductor Corp.) RomStation (HKLM-x32\...\{223B62A8-F6FF-4BEB-BC17-230D12723CD0}_is1) (Version: - RomStation) Serious Sam HD The First Encounter (HKLM-x32\...\Serious Sam HD The First Encounter_is1) (Version: - Devolver Digital) Serious Sam HD The Second Encounter, âåðñèÿ 1.126138 (HKLM-x32\...\Serious Sam HD The Second Encounter_is1) (Version: 1.126138 - ) Servarena 2.08 (HKLM-x32\...\ST6UNST #1) (Version: - ) SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk) Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.) South Park™: The Stick of Truth™ (HKLM\...\Steam App 213670) (Version: - Obsidian Entertainment) StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) TrackMania² Valley (HKLM\...\Steam App 243360) (Version: - Nadeo) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.35 - Tweaking.com) UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH) Worms Armageddon (HKLM-x32\...\Worms Armageddon) (Version: 3.7.2.1 - Jimbo) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3077491925-2672696224-801911577-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3077491925-2672696224-801911577-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3077491925-2672696224-801911577-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3077491925-2672696224-801911577-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3077491925-2672696224-801911577-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\fr-FR\acadficn.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk) ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2017-07-02] (ESET) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-08] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-07-08] (Alexander Roshal) ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2017-07-02] (ESET) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-07-09] (Intel Corporation) ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Internet Security\shellExt.dll [2017-07-02] (ESET) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-07-08] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-07-08] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0522561D-206A-42B6-B80D-C5B9BDA0131A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2017-03-09] (AsusTek) Task: {07235EDD-6C7B-4CF4-BFD7-DC54BC13B32A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-02] (Microsoft Corporation) Task: {08E85696-CC96-4526-857F-A099E0678F67} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-09] (Realtek Semiconductor) Task: {196C1AD4-5786-44C3-AF82-755064EF1774} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-02] (Microsoft Corporation) Task: {3B129822-B60E-498E-BBB8-D0CF0FF89C7D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-07-09] (Realtek Semiconductor) Task: {894652B8-8866-493E-A695-B469ABFE99CE} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-07-09] (Realtek Semiconductor) Task: {96BB2EBE-02E9-4ABF-9B11-A7983C2CE653} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A8026DEF-9199-4401-9A62-DB1F32914D7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd) Task: {A93A8F7A-9CB0-40F2-9175-7BC1696FA0AA} - System32\Tasks\{F6E37580-5CE6-45D1-AB2F-7F98A5C35584} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002 Task: {B225D9B8-A461-4068-A328-9C24FA11E5D8} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-12] (Tweaking.com) Task: {C28D153A-63C7-42B9-8687-5611E83CD9A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-02] (Microsoft Corporation) Task: {CD073C02-7EEB-4667-8A06-32E2C744820C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-02] (Microsoft Corporation) Task: {E5D3278C-30A2-4CF2-B64F-E275F145E6CC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\asus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKBKjdhx0cXu%2FWPIQ3ejrqxdqdUE1pR8xkuJd%2Fb0XpWbd%2FokHw3ceQWPlm4HlNB964 ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 23:42 - 2016-07-16 23:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-15 22:33 - 2017-06-21 19:48 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2010-01-10 15:17 - 2010-01-10 15:17 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 20:40 - 2010-01-21 20:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2017-07-02 17:10 - 2016-09-07 16:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-07-02 17:01 - 2017-03-04 18:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-07-02 17:07 - 2017-03-04 18:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-07-02 17:07 - 2017-03-04 18:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-07-02 17:04 - 2017-03-04 18:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-08-11 10:26 - 2017-08-02 06:26 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-08-11 10:26 - 2017-08-02 06:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-08-10 21:07 - 2017-08-10 21:07 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-10 21:07 - 2017-08-10 21:07 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-10 21:07 - 2017-08-10 21:07 - 043573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-08-10 21:07 - 2017-08-10 21:07 - 002435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-3077491925-2672696224-801911577-1001\Software\Classes\.scr: scrfile => <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 23:04 - 2017-07-11 19:26 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3077491925-2672696224-801911577-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\asus\Pictures\B1.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7D4EDA5A-AA4C-4667-A079-ADC255F50E16}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{57811920-B553-43F3-84B8-0B2D14A9DAB1}] => (Allow) LPort=50248 FirewallRules: [{6D280BBA-E254-4503-80DA-AA96D8AF56C7}] => (Allow) C:\Users\asus\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{20F815CE-1D0F-41E1-9694-C3DB4F335EC0}] => (Allow) C:\Users\asus\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{D428188B-2C09-4FF8-AC12-BEAAFB239851}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2B74473A-7E41-4134-90EC-FDFA6EEC328C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C636908A-E425-4CF8-B525-5EAFA8BDCB3E}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{7C18199A-8021-415D-B728-3C9A74DE883C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{493E9C31-BFCC-421F-AD4D-87343045768A}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{5294D1DF-394E-44F3-9F9B-27E46F298016}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{BB098EF2-C36D-4C4A-990A-4F6BFAB77192}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{5142AAB6-7288-4182-977F-C7EB50D08E41}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{34D9167F-1716-4FD8-BBB3-5E93862166B9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [{5DE63EC6-2D03-4BD6-BA69-4A9D3D343BCD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe FirewallRules: [TCP Query User{C3F2AD8B-C7E3-42E3-906D-750163AE8D3B}D:\program files (x86)\steam\steamapps\common\age2hd\aok hd.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\age2hd\aok hd.exe FirewallRules: [UDP Query User{FEADF6D4-67A0-40AE-82E8-3527B1D9F5A8}D:\program files (x86)\steam\steamapps\common\age2hd\aok hd.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\age2hd\aok hd.exe FirewallRules: [{B502BD52-D9A4-498A-9619-399D91F6825E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe FirewallRules: [{B1C18044-8326-4C61-B4B3-F36807365EDA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Penumbra.exe FirewallRules: [{E77AA197-78E3-4B14-8AE0-9F00FC7C463D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe FirewallRules: [{3F3E729A-A38D-452C-97A1-9194BF061827}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe FirewallRules: [{F3772C15-8FAE-421C-A6BB-B26AD36ADE8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe FirewallRules: [{F22A1D41-D491-42A4-89A0-05CB0E17874D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe FirewallRules: [TCP Query User{186289B2-B754-45D2-A969-E90CEBB3E3F2}D:\q3a\quake3.exe] => (Allow) D:\q3a\quake3.exe FirewallRules: [UDP Query User{8417F5F4-8FA6-4B0F-91C3-F60362FA3D34}D:\q3a\quake3.exe] => (Allow) D:\q3a\quake3.exe FirewallRules: [TCP Query User{5FB341CC-C15E-4F81-ABFF-7E6560A56D53}D:\wariii\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\wariii\warcraft iii 1.26 -iceblitz\war3.exe FirewallRules: [UDP Query User{9E1F8246-6C9E-4248-A26D-7DFD2E642768}D:\wariii\warcraft iii 1.26 -iceblitz\war3.exe] => (Allow) D:\wariii\warcraft iii 1.26 -iceblitz\war3.exe FirewallRules: [TCP Query User{A50C0126-D9F9-4AFC-B2AC-8F831D243087}D:\program files (x86)\bcs16 romania\counter-strike 1.6\hl.exe] => (Allow) D:\program files (x86)\bcs16 romania\counter-strike 1.6\hl.exe FirewallRules: [UDP Query User{5AB304A7-48A1-4C78-A15D-DC86B68E224B}D:\program files (x86)\bcs16 romania\counter-strike 1.6\hl.exe] => (Allow) D:\program files (x86)\bcs16 romania\counter-strike 1.6\hl.exe FirewallRules: [{DA93C041-5E1F-414D-8BF2-D9806BE97FA3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{9D5BA9CD-FFBA-4041-B06F-5E164A4086AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [TCP Query User{C51D82EE-5453-4F20-A980-354460641B36}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{21466084-76B8-44F2-A4D4-458069A0C905}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{822D4381-4F29-4D9B-9505-50CE616B07C3}D:\program files (x86)\devolver digital\serious sam hd first encounter\bin\samhd.exe] => (Allow) D:\program files (x86)\devolver digital\serious sam hd first encounter\bin\samhd.exe FirewallRules: [UDP Query User{85361689-013D-457B-A91E-E0C4F4088AFB}D:\program files (x86)\devolver digital\serious sam hd first encounter\bin\samhd.exe] => (Allow) D:\program files (x86)\devolver digital\serious sam hd first encounter\bin\samhd.exe FirewallRules: [{CA010750-33D6-4AB2-A79E-91103C6102F1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe FirewallRules: [{80E53FAD-CDEC-46BA-ACC5-D98A8B53B6F6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Quake Live\quakelive_steam.exe FirewallRules: [{F9242244-DD7F-457A-9B5E-AF189D9DE9A6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{2D208154-EBBF-403E-A5A6-843F874948FF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{CF380285-72FB-4988-A73E-F128F35467FB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{E45CFE0D-DF7B-46CD-BEA3-9A3D5C3A59B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{E1A7BC36-AF64-4F5F-9E1F-3A99DB4DD1B9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe FirewallRules: [{A7D0B292-5F53-42AD-81A4-C293FF79AFA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMValley\ManiaPlanetLauncher.exe FirewallRules: [{92484FC8-95AF-4915-B358-28ECD30E7802}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMValley\ManiaPlanet.exe FirewallRules: [{423D7ABF-61A1-4F89-A6B7-E5D00B9E7FBE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMValley\ManiaPlanet.exe FirewallRules: [{0F121DF3-4279-43BF-BC7E-5B2B218948A2}] => (Allow) LPort=1688 ==================== Restore Points ========================= 09-08-2017 20:38:17 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/11/2017 06:12:00 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:12:00 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:12:00 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:55 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:50 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:50 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:50 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (08/11/2017 06:11:45 PM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating status to SECURITY_PRODUCT_STATE_ON (error %3). System errors: ============= Error: (08/11/2017 05:56:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A633BKC) Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout. Error: (08/11/2017 05:56:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A633BKC) Description: The server App.AppXydmptpzm8pts0mhzrytvzy52ye9x3ttq.mca did not register with DCOM within the required timeout. Error: (08/11/2017 04:57:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/11/2017 04:57:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect. Error: (08/11/2017 04:47:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout. Error: (08/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/11/2017 04:44:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect. Error: (08/11/2017 04:44:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The WMPNetworkSvc service terminated with the following error: An attempt was made to reference a token that does not exist. Error: (08/11/2017 04:43:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HvHost service terminated with the following error: A device attached to the system is not functioning. Error: (08/11/2017 04:43:56 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. CodeIntegrity: =================================== Date: 2017-08-08 11:37:15.754 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-06 12:00:10.908 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-08-04 17:50:34.106 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-27 21:50:34.150 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-25 21:34:00.091 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-25 16:37:40.221 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-23 20:56:35.799 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-23 13:49:07.383 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-22 17:07:27.255 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-19 21:04:43.480 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz Percentage of memory in use: 83% Total physical RAM: 1934.7 MB Available physical RAM: 322.35 MB Total Virtual: 3982.7 MB Available Virtual: 1744.38 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.1 GB) (Free:39.66 GB) NTFS Drive d: (New Volume) (Fixed) (Total:368.1 GB) (Free:187.76 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: B05CD80C) Partition: GPT. ==================== End of Addition.txt ============================