Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by iSu (28-06-2018 01:54:47) Running from C:\Users\iSu\Desktop Windows 10 Pro Version 1803 17134.112 (X64) (2018-06-26 22:30:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1780440095-4180245696-420238287-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1780440095-4180245696-420238287-503 - Limited - Disabled) Guest (S-1-5-21-1780440095-4180245696-420238287-501 - Limited - Disabled) iSu (S-1-5-21-1780440095-4180245696-420238287-1001 - Administrator - Enabled) => C:\Users\iSu WDAGUtilityAccount (S-1-5-21-1780440095-4180245696-420238287-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.55.31997 - Electronic Arts) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-1780440095-4180245696-420238287-1001\...\OneDriveSetup.exe) (Version: 18.116.0610.0002 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) NiceHash Miner 2 0.2.4 (only current user) (HKU\S-1-5-21-1780440095-4180245696-420238287-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.4 - NiceHash d.o.o) NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.21.179 - Electronic Arts, Inc.) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0612.060119 - Razer Inc.) VietPN 1.3 (HKLM-x32\...\VietPN) (Version: 1.3 - ) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {45136E8D-C7D1-4A9B-B3F2-7F7FAC38B140} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {7F05D82D-20E0-484A-87DD-A17927426F02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {949470A5-53AF-4C9F-8986-0E61DB424928} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {E21F1F57-DE4C-42DF-9C76-8B111D8E1702} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\iSu\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\iSu\Desktop\Person 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2018-06-26 16:19 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-06-26 16:19 - 2018-05-30 09:22 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-06-01 17:46 - 2018-06-01 17:46 - 000283888 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe 2018-06-26 16:17 - 2018-06-08 15:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-06-01 17:46 - 2018-06-01 17:46 - 000292080 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service Process.exe 2018-06-01 18:36 - 2018-06-01 18:36 - 000428272 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe 2018-06-27 03:40 - 2018-06-27 03:40 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe 2018-06-27 04:04 - 2018-06-27 05:01 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-06-27 04:04 - 2018-06-27 05:01 - 067230720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 014850560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 003265536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-06-27 04:04 - 2018-06-27 05:01 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15914.0_x64__8wekyb3d8bbwe\SKU.dll 2018-06-27 03:39 - 2018-06-23 02:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll 2018-06-27 03:39 - 2018-06-23 02:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll 2018-06-27 22:59 - 2018-06-01 17:43 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll 2018-06-27 22:59 - 2018-06-01 17:44 - 000179440 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll 2018-06-27 22:59 - 2018-06-01 17:44 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll 2018-06-27 22:59 - 2018-06-01 18:14 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll 2018-06-27 22:59 - 2018-06-01 17:44 - 000129776 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll 2018-06-27 22:59 - 2018-06-01 18:14 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll 2018-06-27 22:59 - 2018-06-01 18:14 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll 2018-06-27 22:59 - 2018-06-01 18:14 - 000257264 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll 2018-06-27 22:59 - 2018-06-01 17:43 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Battery.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DeviceStatus.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DriverMode.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Mapping.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_MappingBaseM.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_OnboardMem.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PollingRate.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PowerManagement.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Sensitivity.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalBaseM.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalPixart.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SwapMouseButtons.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Battery.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000581872 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DeviceStatus.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000288496 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DriverMode.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000150256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Mapping.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000572144 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_MappingBaseM.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000537840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_OnboardMem.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000313584 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PollingRate.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000327408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PowerManagement.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000334576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Sensitivity.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000408304 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalBaseM.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalPixart.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000291056 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SwapMouseButtons.dll 2018-06-27 22:59 - 2018-05-18 17:54 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_KeyboardKeys.dll 2018-06-27 03:40 - 2018-06-27 03:40 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL 2018-06-27 03:40 - 2018-06-27 03:40 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2018-05-31 04:02 - 2018-05-31 04:04 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll 2018-05-31 04:02 - 2018-05-31 04:04 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll 2018-06-01 18:34 - 2018-06-01 18:34 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll 2018-05-31 04:02 - 2018-05-31 04:04 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll 2018-05-31 04:02 - 2018-05-31 04:04 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll 2018-05-31 04:02 - 2018-05-31 04:04 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-03-19 00:33 - 2018-06-27 22:21 - 000000852 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1780440095-4180245696-420238287-1001\Control Panel\Desktop\\Wallpaper -> D:\PM\Wall OS X\above-ho-chi-minh-city-vietnam-_-do-_-wallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{D48E5B16-11A5-4C19-B6A3-F3F43DCE3101}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe FirewallRules: [UDP Query User{BD03CECD-FD0E-4D6F-811A-C45441A2D1E4}C:\program files (x86)\origin games\battlefield 1\bf1.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1\bf1.exe FirewallRules: [TCP Query User{13E888E5-4F16-4184-8BCA-C35C24F8159C}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe FirewallRules: [UDP Query User{5A144D87-814F-42A0-B30D-6014710FB714}C:\program files (x86)\vietpn\vietpnd.exe] => (Allow) C:\program files (x86)\vietpn\vietpnd.exe ==================== Restore Points ========================= 27-06-2018 23:02:05 moi ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/28/2018 01:40:25 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program ZHPDiag3.exe version 2018.6.22.140 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1530 Start Time: 01d40e463a34e7b5 Termination Time: 4294967295 Application Path: C:\Users\iSu\AppData\Roaming\ZHP\ZHPDiag3.exe Report Id: 78f9d797-fecc-4675-9963-aecf97806ebb Faulting package full name: Faulting package-relative application ID: Error: (06/26/2018 11:56:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program mbam.exe version 3.0.0.1496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 2ee4 Start Time: 01d40d6e516eacf5 Termination Time: 7 Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Report Id: 2d856fd8-6038-424d-9470-698127bf010d Faulting package full name: Faulting package-relative application ID: Error: (06/27/2018 05:30:27 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A Error: (06/27/2018 05:29:20 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A Error: (06/27/2018 05:29:20 AM) (Source: MSDTC 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A Error: (06/27/2018 05:29:20 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: ) Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A System errors: ============= Error: (06/28/2018 01:01:56 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NKJG6GH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-NKJG6GH\iSu SID (S-1-5-21-1780440095-4180245696-420238287-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 11:18:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NKJG6GH) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-NKJG6GH\iSu SID (S-1-5-21-1780440095-4180245696-420238287-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 11:01:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 11:01:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 10:59:49 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-NKJG6GH) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user DESKTOP-NKJG6GH\iSu SID (S-1-5-21-1780440095-4180245696-420238287-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 10:59:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 10:59:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/27/2018 10:59:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NKJG6GH) Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2018-06-26 19:51:30.255 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {A5E32ED2-9422-438D-AE10-22CD5946B915} Scan Type: Antimalware Scan Parameters: Full Scan CodeIntegrity: =================================== Date: 2018-06-27 19:41:55.448 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:33:15.265 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:34.854 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:26.999 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:15.156 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:10.582 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:02.861 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-27 19:32:02.071 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 16322.45 MB Available physical RAM: 12336.02 MB Total Virtual: 19266.45 MB Available Virtual: 12881.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.34 GB) (Free:310.95 GB) NTFS Drive d: (Data) (Fixed) (Total:3726.02 GB) (Free:1987.71 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.29 GB) FAT32 Drive f: (Recovery) (Fixed) (Total:2.93 GB) (Free:2.84 GB) NTFS Drive g: (Windows 7) (Fixed) (Total:928.29 GB) (Free:673.14 GB) NTFS \\?\Volume{fa1bd71f-bcef-4dc5-80ce-53ace8e1a70c}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{88eeeaf5-e19b-44a9-98d7-c4973aaac19f}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: ECD22CDF) Partition 1: (Not Active) - (Size=2.9 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=300 MB) - (Type=0B) Partition 3: (Not Active) - (Size=928.3 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 476.9 GB) (Disk ID: 9CE9E907) Partition: GPT. ==================== End of Addition.txt ============================