Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018 Ran by Charlie (16-08-2018 14:32:51) Running from C:\Users\Charlie\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-11-25 00:52:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4068796385-2865565576-2177801047-500 - Administrator - Disabled) Charlie (S-1-5-21-4068796385-2865565576-2177801047-1000 - Administrator - Enabled) => C:\Users\Charlie Guest (S-1-5-21-4068796385-2865565576-2177801047-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4068796385-2865565576-2177801047-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.154 - Adobe Systems Incorporated) Antares Autotune VST RTAS TDM v5.08 (HKLM-x32\...\Antares Autotune VST RTAS TDM_is1) (Version: - Team AiR 2007) Apple Mobile Device Support (HKLM\...\{A05FDFEC-4377-49E0-82CB-B6D1386E89DA}) (Version: 11.3.0.9 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach) ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.1.7 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS) Authorizer 2.9.2d15 (HKLM\...\{F6762963-9AE5-4bc6-A70F-2D749F6AC02F}_is1) (Version: 2.9.2d15 - Propellerhead Software AB) Avid Mbox Driver 1.1.10 (x64) (HKLM\...\{35BAD2B7-E2EF-4A06-80A2-C6C2F23B8F3E}) (Version: 1.1.10 - Avid) bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0455 - Disc Soft Ltd) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.93 - NVIDIA Corporation) Hidden FabFilter Pro-Q 2.12 (64-bit) (HKLM-x32\...\FabFilter Pro-Q 2.12 (64-bit)) (Version: - ) FabFilter Pro-Q VST RTAS v1.0.1.6 (HKLM-x32\...\FabFilter Pro-Q VST RTAS_is1) (Version: - TEAM AiR) InputMapper (HKLM-x32\...\{026D2025-A7FA-4F5C-AF8C-A6F7A9B917FC}) (Version: 1.6.10.19991 - DSDCS) inst (HKLM-x32\...\{364CF035-2A88-46A8-8F3E-23AF88B1C3AA}) (Version: 1.0.0.0 - Creative Software Solutions GmbH) Intel(R) Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC) iTunes (HKLM\...\{8D28AA8E-D71D-4BC1-BAA0-4AB239553D3F}) (Version: 12.7.4.76 - Apple Inc.) JBridge (HKLM-x32\...\JBridge) (Version: - JBridge) K-Lite Codec Pack 13.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.0.0 - KLCP) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) M-Audio Fast Track Ultra 8R Driver 6.1.9 (x64) (HKLM\...\{B2292C0A-574E-4F10-B6D4-74EA004167AB}) (Version: 6.1.9 - M-Audio) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DD60A01E-B0C8-475D-A6A4-0D8AFE3FA29E}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6011.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Mozilla Firefox 61.0.2 (x64 pt-PT) (HKLM\...\Mozilla Firefox 61.0.2 (x64 pt-PT)) (Version: 61.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments) Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.2.880 - Native Instruments) Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: - Native Instruments) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments) Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.0.0.276 - Native Instruments) Native Instruments Solid Dynamics FX (HKLM-x32\...\Native Instruments Solid Dynamics FX) (Version: 1.0.0.276 - Native Instruments) Native Instruments Solid EQ FX (HKLM-x32\...\Native Instruments Solid EQ FX) (Version: 1.0.0.276 - Native Instruments) Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: - Native Instruments) Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version: - Native Instruments) Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version: - Native Instruments) Native Instruments Vari Comp (HKLM-x32\...\Native Instruments Vari Comp) (Version: - Native Instruments) Native Instruments VC 160 FX (HKLM-x32\...\Native Instruments VC 160 FX) (Version: - Native Instruments) Native Instruments VC 2A FX (HKLM-x32\...\Native Instruments VC 2A FX) (Version: - Native Instruments) Native Instruments VC 76 FX (HKLM-x32\...\Native Instruments VC 76 FX) (Version: - Native Instruments) NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2 (HKLM-x32\...\NomadFactory Blue Tubes Dynamics Pack VST RTAS_is1) (Version: - ) NVIDIA Graphics Driver 397.93 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.93 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden Pianissimo (HKLM-x32\...\Pianissimo) (Version: - Acoustica) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.) Reason 9 9.5.1d19 (HKLM\...\Reason9.0Stable_64_is1) (Version: 9.5.1d19 - Propellerhead Software AB) ReCycle 2.2.3 (HKLM\...\ReCycle2.2_64_is1) (Version: 2.2.3 - Propellerhead Software AB) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) SolidWorks 2013 x64 Edition SP03 (HKLM\...\{B6B5EA7E-B91F-443D-A958-B0062FB53804}) (Version: 21.130.60 - SolidWorks) Hidden SolidWorks eDrawings 2013 x64 Edition SP03 (HKLM\...\{AC2165BD-762D-420B-AD33-20FACAA7112B}) (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden SolidWorks Explorer 2013 SP03 x64 Edition (HKLM\...\{168EB20E-FC09-4D2E-83A9-49483710304C}) (Version: 21.30.60 - SolidWorks Corporation) Hidden SolidWorks Plastics 2013 SP03 x64 Edition (HKLM\...\{BA812540-2D88-4A6A-A527-E7728D577D7D}) (Version: 21.30.60 - SolidWorks Corporation) Hidden SONiVOX Big Bang Cinematic Percussion 2 (HKLM-x32\...\SONiVOX Big Bang Cinematic Percussion 2) (Version: 2.5 - SONiVOX) Sonnox Oxford Inflator Native VST v1.5.1 (HKLM-x32\...\Sonnox Oxford Inflator Native VST_is1) (Version: - Team AiR 2007) Sonnox Oxford Limiter Native VST v1.1.1 (HKLM-x32\...\Sonnox Oxford Limiter Native VST_is1) (Version: - Team AiR 2007) Sonnox Oxford R3 Dynamics Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford R3 Dynamics Native VST_is1) (Version: - Team AiR 2007) Sonnox Oxford R3 EQ Native VST v1.6.1 (HKLM-x32\...\Sonnox Oxford R3 EQ Native VST_is1) (Version: - Team AiR 2007) Sonnox Oxford Reverb Native VST v1.0 (HKLM-x32\...\Sonnox Oxford Reverb Native VST_is1) (Version: - Team AiR 2007) Sonnox Oxford TransMod Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford TransMod Native VST_is1) (Version: - Team AiR 2007) Sonoris DDP Creator 64bit (HKLM\...\Sonoris DDP Creator 64bit) (Version: - Sonoris Audio Engineering) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.2 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH) Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH) Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.) Suporte para Aplicações Apple (64-bits) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.) UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden Waves Complete V9r1 (HKLM-x32\...\{90000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.0.1 - Waves) Windows Driver Package - ASUS (ATP) Mouse (01/07/2014 1.0.0.197) (HKLM\...\2BEE838DC3D664A0CAB23AEA0332BB3877ED0685) (Version: 01/07/2014 1.0.0.197 - ASUS) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4068796385-2865565576-2177801047-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [ !!!smico] -> {C6E713CA-A7FD-4C73-9E34-AD7676CB957F} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers1: [SMShellExts] -> {3871F95B-BF7A-4c17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-05-30] (Disc Soft Ltd) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers2: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-05-30] (Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Windows\system32\Incinerator64.dll [2013-12-03] (iolo technologies, LLC) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [SmartMountShlExt] -> {3871F95B-BF7A-4C17-950B-3ECBCA765A45} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-09-04] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-22] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-12-02] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01EFBEDE-EFCE-4D2D-94DD-064BC0570FD3} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation) Task: {11C13B98-09D7-495D-A5E6-F73AB6DFD792} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-03-13] () Task: {12069F69-C1BA-4D52-B718-4E394EB411E5} - \AutoKMSDaily -> No File <==== ATTENTION Task: {15E56A48-1431-454E-A49C-FE4171649927} - System32\Tasks\Enhanceuta => C:\Windows\system32\rundll32.exe "C:\Program Files\Enhanceuta\Enhanceuta.dll",JlfRolE <==== ATTENTION Task: {196486F0-4F20-4D64-996A-D0D3E5CE3563} - \{96B91A37-F7D6-4CEA-8F60-F04D50FA5526} -> No File <==== ATTENTION Task: {24095DF7-84DC-488E-AE0E-A76ED4ADC49C} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC) Task: {249BF02A-EB08-494E-8D7B-B628A5B22FA0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-22] (NVIDIA Corporation) Task: {287F5B64-9772-40B2-910F-B3DE7F0EE739} - \AutoKMS -> No File <==== ATTENTION Task: {35711888-BC9A-4A58-A9C0-0C6F502B91D7} - System32\Tasks\{69F99887-BD0F-4B33-BE07-DA648DC182EB} => C:\Windows\system32\pcalua.exe -a C:\Users\Charlie\Desktop\data\Setup.exe -d C:\Users\Charlie\Desktop\data Task: {421E0798-8AC0-4F48-842A-AB0329F174D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe Task: {4336436B-B321-4124-A88C-85878243EBD4} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [2016-10-04] (InputMapper) Task: {4F1D6E1B-77AB-4950-995B-DEF7EBDF325C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {580982B2-A17E-4F76-8336-6801C03B31F0} - System32\Tasks\{4F9796D0-722D-4BC4-964A-B2325245174E} => C:\Windows\system32\pcalua.exe -a C:\Users\Charlie\Desktop\6305_Vista_PG537\setup.exe -d C:\Users\Charlie\Desktop\6305_Vista_PG537 Task: {5C36E6B1-6E10-47D3-AB65-875D51F4819E} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation) Task: {616D71BD-DB85-4966-9980-A13D22B24669} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_154_Plugin.exe [2018-08-15] (Adobe Systems Incorporated) Task: {627E5838-73A0-410C-9C92-98AD7095565B} - System32\Tasks\{4E2E0A88-4ED5-43EE-A70D-7B580C681535} => C:\Windows\system32\pcalua.exe -a C:\Users\Charlie\Desktop\AUD_ALLOS_5.10.0.5129_PV_UAA1.0.EXE -d C:\Users\Charlie\Desktop Task: {63B5255C-2CC6-4DBB-AACE-6CC2F9F78627} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-08-15] (Adobe Systems Incorporated) Task: {66C7D7CD-75E1-481F-BB6A-CFE20530AC92} - System32\Tasks\{35CEA2A1-3C0C-4CBE-A927-90757DCB499F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/pp/abandoninstall?page=tsProgressBar Task: {6FC1230D-FCFD-4566-BFB5-E875C55BA5BC} - System32\Tasks\{D1B82C5A-BBB8-4E31-AD67-0DB86FC0F736} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL Task: {78F86C06-F312-4758-BC39-B712B39C6A0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated) Task: {7C4F8D27-2B5F-4C1B-B176-672BF2511AE6} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation) Task: {83BF0ACD-1878-4A73-A735-1A8A97D9F76E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-22] (NVIDIA Corporation) Task: {85A283B2-3186-4622-B77E-E7B23C39F98F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2014-05-15] (ASUSTek Computer Inc.) Task: {85A4DC79-52B7-4CAF-98CE-B179F0DD10A5} - System32\Tasks\{CE1CE9FA-2528-4838-9AA1-239D1EBBEB3E} => C:\Windows\system32\pcalua.exe -a "C:\Users\Charlie\Desktop\New folder\ASIO\Install.exe" -d "C:\Users\Charlie\Desktop\New folder\ASIO" Task: {9D1F531B-19EB-4C30-9EFE-3ADF4CC602F8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-02-13] (AsusTek) Task: {B68ED0E3-488B-451F-9740-ABA2ACF40B93} - System32\Tasks\{3FC10684-57B7-42E7-A2FE-925E863CF1F5} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\uninstall_bundle.exe" -d "C:\Program Files (x86)\Audinate\Dante Virtual Soundcard" Task: {C59B3AA5-5935-4B4D-82BB-0EDD42E17BFA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-22] (NVIDIA Corporation) Task: {C9BD94E2-9F54-4E6A-9119-680FDE4F0266} - System32\Tasks\{22DEBF27-B677-42E0-AB48-A54365062E15} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler" Task: {CC4C0D94-C1E0-4DF3-8979-1A2D9664B10F} - System32\Tasks\{01275D00-B1D5-4763-ADDF-6DEFB47A2457} => C:\Windows\system32\pcalua.exe -a G:\SOFTWARE\VSTIS\Pianissimo-Installer-b12.exe -d G:\SOFTWARE\VSTIS Task: {D094EA36-2512-442E-AD0B-4C673831244B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-22] (NVIDIA Corporation) Task: {F29F544A-6A9D-4E1D-9309-5B4400E59C0A} - System32\Tasks\{2FA10EBE-68D1-4506-9E22-E6A1B2CEB906} => C:\Windows\system32\pcalua.exe -a C:\Users\Charlie\Desktop\32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Charlie\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-06-01 01:45 - 2018-05-23 19:23 - 000029216 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-03-16 15:19 - 2018-03-16 15:19 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2010-10-20 13:30 - 2010-10-20 13:30 - 004297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2018-03-28 17:05 - 2018-03-28 17:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-03-28 17:05 - 2018-03-28 17:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-06-01 03:06 - 2018-06-01 03:06 - 004555264 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\7b1b2ada3b32a6e91e0cb28637e789b1\DiscSoft.NET.Common.ni.dll 2018-06-01 03:06 - 2018-06-01 03:06 - 003071488 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DotNetCommon\1075d63eb3c16a2d9115bb9c22da3392\DotNetCommon.ni.dll 2015-01-06 18:37 - 2014-09-04 16:31 - 000455784 _____ () C:\Windows\system32\igfxTray.exe 2018-06-01 01:45 - 2018-05-23 19:23 - 000028928 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-01-06 16:08 - 2013-05-13 23:17 - 001199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-11-26 17:49 - 2008-06-19 18:35 - 000333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll 2014-11-26 17:49 - 2008-03-04 15:52 - 000790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll 2014-11-26 17:49 - 2008-03-05 10:34 - 000795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll 2014-11-26 17:49 - 2008-02-26 12:04 - 000717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll 2014-11-26 17:49 - 2007-12-24 02:05 - 000121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63] AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\ProgramData\Microsoft:3kh9wokP3GQZF2kZ [2314] AlternateDataStreams: C:\ProgramData\Microsoft:qINNuCbt3t9AfRgvTI8OSqy94Q [2482] AlternateDataStreams: C:\ProgramData\Microsoft:rgG5BaPfOFPpTm460Hd11 [2366] AlternateDataStreams: C:\ProgramData\Microsoft:sjQ16uSonYRzYMg1eirMKY6 [2046] AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [119] AlternateDataStreams: C:\Users\Charlie\Local Settings:VmHkBBFBatUNPInBPUlc8R [2264] AlternateDataStreams: C:\Users\Charlie\AppData\Local:VmHkBBFBatUNPInBPUlc8R [2264] AlternateDataStreams: C:\Users\Charlie\AppData\Local\Application Data:VmHkBBFBatUNPInBPUlc8R [2264] AlternateDataStreams: C:\Users\Charlie\AppData\Local\Temporary Internet Files:V7yJCY57pS4ojFFZH3ZDT [2136] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-4068796385-2865565576-2177801047-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2018-08-16 14:25 - 000169937 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com 127.0.0.1 asedownloadgate.com 127.0.0.1 ladomainadeserver.com 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.wizzuniquify.com 127.0.0.1 www.wizzmonetize.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4068796385-2865565576-2177801047-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 172.20.10.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: DAEMON Tools Lite => ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{4264A269-B488-43D2-BE84-B466794A3ED3}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{604C9813-A65E-466B-BE22-9FA147EFE5DC}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{A59D492F-0EF2-42BF-B55F-1F86AC06A99F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{94449B72-BF93-4A49-9B75-03597EB6137C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{7396B380-4B74-4CCF-824A-0E1EE3368C31}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{4207AA1C-4C81-4632-8AAE-EE1358DE809F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{F859F5E2-F67F-4554-884D-03C2CF7F9706}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe FirewallRules: [{1F8D9623-E964-4197-859D-8B9E3293045C}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe FirewallRules: [{304FEE5E-68CF-4998-9E26-CEE14369F118}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe FirewallRules: [{B7F7B5EB-AE5B-4DC5-9F59-5977E1CC85E5}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe FirewallRules: [{7E95D589-ED11-4427-82A5-B1D6BFB5C82E}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe FirewallRules: [{E94690B3-0A57-4AFC-9956-938C3D996113}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe FirewallRules: [{DD827C53-BE14-44A3-9AD9-B7DF9ACBF46A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{958F3769-DB2C-4457-984B-33DE6A149153}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{216BE918-966F-48D5-B259-18B80D2652FD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{46A693B2-68D1-4063-93FD-407C406DA260}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B975BBB9-EF61-429E-8D0C-EB8247A8542D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7C5E5FF3-B488-40A8-87B3-89BF59ADC449}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{57B30C32-2106-4E66-B118-2FADE613E2A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4C06D6A7-807D-4908-9F66-75CC05E47AE8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{C2410706-3AB4-4939-B513-44B80CCC43FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5827C138-A06A-40A7-B70B-D5C5E7277771}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{60E70A4C-C588-4582-ABA7-27ACFDF01A87}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{C107E7CE-1684-4391-B4FD-4768C740AD25}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{C7ED50F2-FFA5-4D05-AFA5-472AEFFEF391}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe FirewallRules: [{08331475-7FDC-4059-8BE8-4A7EC4E78A52}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{FA724DDD-B93B-4659-9B35-EC1EC3FA6F0E}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{975201F9-2A73-49A9-A800-6BDFA5099DF2}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{460BC262-609D-481D-B211-16C8942A1A7B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{9E0D7A08-B5D8-4E07-88D0-1C5303C762C7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{5CFC6FF0-78BC-49F8-831F-CC371B29A535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe FirewallRules: [{9D60B18E-B777-4639-B7BA-2DADB3FABDA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe ==================== Restore Points ========================= 16-08-2018 10:08:12 Removed Virtua Tennis 3 16-08-2018 10:09:44 Removed Skype™ 7.40 16-08-2018 12:18:57 UnHackMe Malware Removal 16-08-2018 12:54:30 Ponto de verificação por HitmanPro 16-08-2018 12:56:03 Ponto de verificação por HitmanPro 16-08-2018 14:23:54 Removed ePSXe ==================== Faulty Device Manager Devices ============= Name: Lexmark X422 Description: Lexmark X422 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2018 01:25:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2018 01:23:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: DTAgent.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.COMException at DiscSoftBusServiceLib.IDSFileTransferManager.get_IsBusy() at DTAgent.App.TrayBaseApp.Application_SessionEnding(System.Object, System.Windows.SessionEndingCancelEventArgs) at System.Windows.Application.OnSessionEnding(System.Windows.SessionEndingCancelEventArgs) at System.Windows.Application.WmQueryEndSession(IntPtr, IntPtr ByRef) at System.Windows.Application.AppFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) Error: (08/16/2018 12:59:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/16/2018 12:56:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000188,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000271EF90.72). hr = 0x80070005, Access is denied. . Error: (08/16/2018 12:56:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000914,(null),0,REG_BINARY,000000000AC1E4E0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {9dade88c-b72f-4b4e-9199-42e2451d49dc} Error: (08/16/2018 12:56:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000644,(null),0,REG_BINARY,000000000282E2C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {b092c0b6-2067-4ba0-bde8-f0216bae9a7f} Error: (08/16/2018 12:56:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000030c,(null),0,REG_BINARY,0000000000F0DEB0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {0698bac5-8ebd-4fc1-8560-07dea0a71ec0} Error: (08/16/2018 12:56:25 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,0,REG_BINARY,00000000027DEB30.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {888e3861-0b94-4ef5-b549-2b9a4c892fc8} System errors: ============= Error: (08/16/2018 02:22:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/16/2018 01:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dante Virtual Soundcard Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (08/16/2018 01:24:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dante Virtual Soundcard Manager service to connect. Error: (08/16/2018 01:23:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/16/2018 01:23:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/16/2018 01:23:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/16/2018 01:23:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/16/2018 01:23:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: =================================== Date: 2017-11-13 06:28:04.682 Description: Windows Defender scan has been stopped before completion. Scan ID:{805B706B-EF78-4831-A2CF-797495C5E234} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2016-04-19 03:10:45.014 Description: Windows Defender scan has been stopped before completion. Scan ID:{36792038-2590-4A70-AC68-60F3C3C27368} Scan Type:AntiSpyware Scan Parameters:Quick Scan Date: 2015-11-30 11:55:23.822 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SBInstaller&threatid=223443 Name:SoftwareBundler:Win32/SBInstaller ID:223443 Severity:High Category:Software Bundler Path Found:file:C:\Users\Charlie\AppData\Local\Installer\InstallpostInst_19151\DCytaiesmt_smtyc_setup.exe;file:C:\Windows\System32\Tasks\Installer_postInst;process:pid:4940;process:pid:4940,ProcessStart:130933578765774693;taskscheduler:C:\Windows\System32\Tasks\Installer_postInst Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2015-11-30 11:52:59.334 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SBInstaller&threatid=223443 Name:SoftwareBundler:Win32/SBInstaller ID:223443 Severity:High Category:Software Bundler Path Found:file:C:\Users\Charlie\AppData\Local\Installer\InstallpostInst_19151\DCytaiesmt_smtyc_setup.exe;file:C:\Windows\System32\Tasks\Installer_postInst;process:pid:4940;taskscheduler:C:\Windows\System32\Tasks\Installer_postInst Detection Type:Concrete Detection Source:System Status:Unknown Process Name: Date: 2015-11-30 11:50:10.199 Description: Windows Defender has detected spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/SBInstaller&threatid=223443 Name:SoftwareBundler:Win32/SBInstaller ID:223443 Severity:High Category:Software Bundler Path Found:file:C:\Users\Charlie\AppData\Local\Installer\InstallpostInst_19151\DCytaiesmt_smtyc_setup.exe;file:C:\Windows\System32\Tasks\Installer_postInst;taskscheduler:C:\Windows\System32\Tasks\Installer_postInst Detection Type:Concrete Detection Source:System Status:Unknown Process Name: ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz Percentage of memory in use: 36% Total physical RAM: 8075.39 MB Available physical RAM: 5115.27 MB Total Virtual: 16148.96 MB Available Virtual: 12802.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:76.3 GB) NTFS \\?\Volume{36dd6415-743c-11e4-850b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 6366CA4E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================