Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by Su (18-09-2018 13:58:50) Running from C:\Users\Su\Desktop\virus Windows 10 Pro Version 1803 17134.286 (X64) (2018-08-04 22:26:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3916214333-3310981510-3962207731-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3916214333-3310981510-3962207731-503 - Limited - Disabled) Guest (S-1-5-21-3916214333-3310981510-3962207731-501 - Limited - Enabled) sshd (S-1-5-21-3916214333-3310981510-3962207731-1004 - Limited - Enabled) Su (S-1-5-21-3916214333-3310981510-3962207731-1001 - Administrator - Enabled) => C:\Users\Su WDAGUtilityAccount (S-1-5-21-3916214333-3310981510-3962207731-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 0patch Agent (HKLM-x32\...\{A2798643-A794-4CE4-848B-1DEC6224347D}) (Version: 0.1 - 0patch) 1Password (HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 7.2.576 - AgileBits Inc.) AdAwareInstaller (HKLM\...\{D71AA032-DA32-45E0-BF33-B0C1D0B36D63}) (Version: 12.4.930.11587 - adaware) Hidden AdGuard (HKLM-x32\...\{1d7ee810-0b6a-4cf5-8e22-8905eb4734e1}) (Version: 6.3.1399.4073 - Adguard Software Ltd) AdGuard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.3.1399.4073 - Adguard Software Ltd) Hidden AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus NahimicSettingsConfigurator (HKLM\...\{B850C58A-ACF3-4FD3-B72D-8D668D6FEED2}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus ProfileSwitcherCleanup (HKLM\...\{CBBACC80-97A1-421D-8D18-DC4E1CD6C950}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus Sonic Radar 3 (HKLM-x32\...\{03578a87-5019-45bd-995a-0f27d579a180}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Asus Sonic Studio 3 (HKLM-x32\...\{31ef8b8e-8686-4b42-a8f9-71206319efdf}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Asus SonicMapperConfigurator (HKLM\...\{A37684FD-2AA6-4B0F-BAC3-97E7DFFC6C2E}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus SonicRadar3Setup (HKLM\...\{E71A86BF-6EA5-42D2-A735-F41C603FB180}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus SonicStudio3Setup (HKLM\...\{D027E5BB-DDAE-4CD9-A030-B3C0EF5FB602}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.56.37170 - Electronic Arts) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Discord (HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\Discord) (Version: 0.0.301 - Discord Inc.) GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.8 - The GnuPG Project) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Gpg4win (3.1.2) (HKLM-x32\...\Gpg4win) (Version: 3.1.2 - The Gpg4win Project) Hỗ trợ Ứng dụng Apple (32 bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.) Hỗ trợ Ứng dụng Apple (64 bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.) iTunes (HKLM\...\{B3D0D1BD-A6AA-4079-B218-B31036D474F4}) (Version: 12.9.0.167 - Apple Inc.) LastPass (chỉ gỡ bỏ) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.15665 - McAfee, Inc.) McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R12 - McAfee, Inc.) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) NiceHash Miner 2 0.2.6 (only current user) (HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\08059810-bc78-5c10-942c-2092eebb5ec8) (Version: 0.2.6 - NiceHash d.o.o) NVIDIA 3D Vision Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation) NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 10.5.27.11381 - Electronic Arts, Inc.) qBittorrent 4.1.2 (HKLM-x32\...\qBittorrent) (Version: 4.1.2 - The qBittorrent project) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.0816.090718 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8273 - Realtek Semiconductor Corp.) SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SRWare Iron version 68.0.3550.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: 68.0.3550.0 - SRWare) VietPN 1.3 (HKLM-x32\...\VietPN) (Version: 1.3 - ) VMware Workstation (HKLM\...\{C59B3A41-789E-42A0-9902-688CFA7F47E3}) (Version: 14.1.0 - VMware, Inc.) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-05-08] (McAfee, Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2017-12-15] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2017-12-15] (VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-06-17] (g10 Code GmbH) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-05-08] (McAfee, Inc.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {15E06AB8-0A5A-4322-A9EF-DBC06862D9E3} - \S-1-5-21-3916214333-3310981510-3962207731-1001\DataSenseLiveTileTask -> No File <==== ATTENTION Task: {337BA0FA-71CE-4A98-867D-3C2014660322} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.) Task: {3960164D-0404-4735-953F-F12A66A42C1E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {3BA6F6AF-C3F5-461D-93C5-0C88566F491A} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {3C6A321C-E460-4720-BB8B-A3C6987BF687} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {3C905F18-ECF3-4528-9C50-A66368E82806} - System32\Tasks\McInstruTrack => C:\ProgramData\McAfee\McInstruTrack\McInstruTrack.exe [2018-06-19] (McAfee, Inc.) Task: {62E94FCA-1223-4802-B89D-C9F28D686B43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] () Task: {7947185D-D761-4131-8344-5F89814C630D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-04] (McAfee, Inc.) Task: {8330FC45-CDDE-4E55-A9AC-FB588B79D9B0} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {A65F02FD-E734-487A-897A-F616A8201CF3} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe Task: {B257C8B4-A437-4E27-920C-AD14875BA8EF} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {C8054577-FC39-449E-8558-F0CA1631DCCC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {E361CAE1-6F3D-423E-A7EE-EC43F9356D59} - \SS3svc32Run -> No File <==== ATTENTION Task: {E62F8D7D-F259-4810-9224-8B23773E0DA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {F2A158B2-13A0-4C5F-BB02-DF8F1115B724} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-08-05] (Microsoft Corporation) Task: {F4C7D3D1-5711-4D95-B08E-ADBD2B36C651} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.1.178\DADUpdater.exe [2018-09-18] (McAfee, Inc.) Task: {FD29F71C-D009-493F-96D0-B3C23AFDD342} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {FE99F354-C807-4B8A-A462-4D0D1C9063AF} - \SS3svc64Run -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Su\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3373c9ebc3a5e445\SRWare Iron.lnk -> C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============== 2018-08-16 22:59 - 2015-05-08 14:26 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2018-08-22 22:18 - 2018-08-22 22:18 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-09-13 15:26 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-06-22 21:56 - 2018-06-22 21:56 - 000587832 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareService.exe 2018-06-22 22:00 - 2018-06-22 22:00 - 000125400 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_thread-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000032728 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_system-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000067544 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_date_time-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000147416 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_filesystem-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000790488 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_log-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000526296 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_locale-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000039896 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_chrono-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 011660248 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\rpc_server.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 003717592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\RCF.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001024472 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_regex-vc140-mt-1_65_1.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001228760 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareActivation.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 002846680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareApplicationUpdater.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000861656 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareGamingMode.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000123352 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareReset.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000145368 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareTime.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001049048 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareDefinitionsUpdater.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 000926680 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareDefinitionsUpdaterScheduler.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001466328 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareIgnoreList.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000312792 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareQuarantine.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001732568 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareAntiMalwareEngine.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001229272 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareScannerHistory.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001574872 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareScanner.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000039384 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_timer-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001052632 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareScannerScheduler.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001195992 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareRealTimeProtection.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 003638744 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareIncompatibles.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001598424 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareAntiSpam.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001531864 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareAntiPhishing.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 003574232 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareParentalControl.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 003656152 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareWebProtection.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001683416 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareEmailProtection.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000072664 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\boost_iostreams-vc140-mt-1_65_1.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001789912 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareNetworkProtection.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001220568 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwarePromo.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000479192 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareFeedback.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 003230168 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareThreatWorkAlliance.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000720344 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwarePinCode.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001221592 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareNotice.dll 2018-06-22 21:59 - 2018-06-22 21:59 - 001674200 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareAvcEngine.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 001494488 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareRealTimeProtectionHistory.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 000845272 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareStatistics.dll 2018-08-16 22:59 - 2014-04-24 14:29 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2017-12-15 00:49 - 2017-12-15 00:49 - 014346216 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2018-09-07 17:38 - 2018-09-07 17:38 - 000284400 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe 2018-04-06 18:05 - 2018-04-06 18:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll 2018-09-07 17:49 - 2018-09-07 17:49 - 000302832 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe 2018-09-07 05:49 - 2018-09-07 05:49 - 000450288 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe 2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-10-18 11:01 - 2017-10-18 11:01 - 000485560 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-12 06:34 - 2018-04-12 06:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-08-16 22:59 - 2017-10-19 02:56 - 000105304 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll 2017-10-18 11:17 - 2017-10-18 11:17 - 000175288 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\x64\SonicStudio3SystrayDaemon.dll 2017-10-18 11:11 - 2017-10-18 11:11 - 001697976 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\x64\SonicRadar3SystrayDaemon.dll 2017-10-18 11:01 - 2017-10-18 11:01 - 000285880 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3OSD.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-08-28 10:46 - 2018-08-28 10:46 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2018-06-22 22:00 - 2018-06-22 22:00 - 004749784 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\AdAwareTray.exe 2018-06-22 22:00 - 2018-06-22 22:00 - 011753944 _____ () C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.4.930.11587\rpc_client.dll 2018-08-13 02:16 - 2018-08-13 02:16 - 025278976 _____ () C:\Program Files\qBittorrent\qbittorrent.exe 2018-08-05 13:52 - 2018-09-18 12:05 - 000021824 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe 2018-08-16 22:59 - 2018-09-18 13:53 - 000043816 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2018-08-16 22:59 - 2015-05-08 14:26 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2017-12-15 00:39 - 2017-12-15 00:39 - 000087016 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll 2018-06-21 14:17 - 2018-06-21 14:17 - 002093928 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL 2018-06-21 14:17 - 2018-06-21 14:17 - 000164200 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL 2017-03-15 18:08 - 2017-03-15 18:08 - 000732672 _____ () C:\Program Files (x86)\Adguard\brolib32.dll 2017-12-15 00:49 - 2017-12-15 00:49 - 000126952 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll 2018-09-13 16:18 - 2018-09-07 17:35 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll 2018-09-13 16:18 - 2018-09-07 17:36 - 000179952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll 2018-09-13 16:19 - 2018-08-01 17:01 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll 2018-09-13 16:18 - 2018-09-07 17:36 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll 2018-09-13 16:19 - 2018-09-07 05:13 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll 2018-09-13 16:18 - 2018-09-07 17:30 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll 2018-09-13 16:18 - 2018-09-07 17:30 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll 2018-09-13 16:19 - 2018-09-07 05:13 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll 2018-09-13 16:18 - 2018-09-07 05:13 - 000342256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll 2018-09-13 16:19 - 2018-09-07 05:13 - 000258800 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll 2018-09-13 16:18 - 2018-09-07 17:35 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000300272 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Battery.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DeviceStatus.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_DriverMode.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Mapping.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000585968 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_MappingBaseM.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000548592 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_OnboardMem.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000324848 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PollingRate.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000340208 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PowerManagement.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000301808 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_PowerSwitch.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000345840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_Sensitivity.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000420592 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalBaseM.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SurfaceCalPixart.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000301808 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_SwapMouseButtons.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000300272 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Battery.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DeviceStatus.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_DriverMode.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Mapping.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000585968 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_MappingBaseM.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000548592 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_OnboardMem.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000324848 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PollingRate.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000340208 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PowerManagement.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000301808 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_PowerSwitch.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000345840 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_Sensitivity.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000420592 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalBaseM.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000086768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SurfaceCalPixart.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000301808 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\AtherisBLE\Bin\RSy3_SwapMouseButtons.dll 2018-09-13 16:19 - 2018-07-31 16:04 - 000595184 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll 2018-09-13 16:19 - 2018-07-31 16:04 - 000299760 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll 2018-09-13 16:19 - 2018-08-06 23:01 - 000056048 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Atheris\Bin\RSy3_KeyboardKeys.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000407224 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3DevProps.dll 2018-09-07 17:49 - 2018-09-07 17:49 - 000359664 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll 2018-08-10 17:37 - 2018-08-10 17:37 - 000098544 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_AudioMicPeakMeter.dll 2018-09-07 05:46 - 2018-09-07 05:46 - 000135408 _____ () C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Common.Dependencies\RSy3_KeyboardKeysWrapper.dll 2018-07-28 07:29 - 2018-07-28 07:31 - 001005408 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.dll 2018-07-28 07:29 - 2018-07-28 07:31 - 053444984 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libcef.dll 2018-07-28 07:29 - 2018-07-28 07:31 - 000691056 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.Core.dll 2018-07-28 07:29 - 2018-07-28 07:31 - 001984392 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libglesv2.dll 2018-07-28 07:29 - 2018-07-28 07:31 - 000082824 _____ () C:\Program Files (x86)\Razer\Razer Services\Razer Central\libegl.dll 2017-10-18 10:55 - 2017-10-18 10:55 - 000171704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\CheckAPODaemon.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000367616 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll 2017-10-18 11:13 - 2017-10-18 11:13 - 000329912 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\DeviceRoutingDaemon.dll 2017-10-18 11:14 - 2017-10-18 11:14 - 000230400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll 2017-10-18 11:14 - 2017-10-18 11:14 - 000321720 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\SonicStudio3SystrayDaemon.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001152696 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicCursor3DDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001198776 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001303736 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicRadarDaemonModule.dll 2017-10-18 11:05 - 2017-10-18 11:05 - 000489656 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerAutomationDaemon.dll 2017-10-18 11:05 - 2017-10-18 11:05 - 000647352 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMProfileDaemonModule.dll 2017-10-18 11:06 - 2017-10-18 11:06 - 000619704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMShortcutsDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001856184 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\SonicRadar3SystrayDaemon.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000246456 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3OSD.dll 2018-08-05 13:52 - 2018-09-18 12:05 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL 2018-08-05 13:52 - 2018-09-18 12:05 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll 2018-08-14 17:19 - 2018-08-07 11:11 - 005608848 ____N () C:\Users\Su\AppData\Local\1password\app\7\1password.dll 2018-09-12 19:28 - 2018-04-30 23:01 - 001891672 _____ () C:\Users\Su\AppData\Local\Discord\app-0.0.301\ffmpeg.dll 2018-09-12 19:28 - 2018-04-30 23:01 - 001937752 _____ () C:\Users\Su\AppData\Local\Discord\app-0.0.301\libglesv2.dll 2018-09-12 19:28 - 2018-04-30 23:01 - 000095576 _____ () C:\Users\Su\AppData\Local\Discord\app-0.0.301\libegl.dll 2018-09-02 13:54 - 2018-08-11 17:17 - 002252288 _____ () C:\Program Files (x86)\SRWare Iron\swiftshader\libglesv2.dll 2018-09-02 13:54 - 2018-08-11 17:16 - 000117248 _____ () C:\Program Files (x86)\SRWare Iron\swiftshader\libegl.dll 2018-09-12 19:29 - 2018-09-12 19:29 - 011321176 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node 2018-09-12 19:29 - 2018-09-13 16:17 - 001615704 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node 2018-09-12 19:29 - 2018-09-12 19:29 - 001910104 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node 2018-09-12 19:29 - 2018-09-12 19:29 - 000422744 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node 2018-09-12 19:29 - 2018-09-12 19:29 - 000145240 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node 2018-09-12 19:29 - 2018-09-12 19:29 - 000512856 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node 2018-09-12 19:29 - 2018-09-12 19:29 - 001641304 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node 2018-09-12 19:29 - 2018-09-12 19:29 - 001743704 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node 2018-09-12 19:29 - 2018-09-12 19:29 - 002722648 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node 2018-09-12 19:39 - 2018-09-13 08:16 - 001257816 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node 2018-09-12 19:39 - 2018-09-18 12:04 - 021754712 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node 2018-09-12 19:39 - 2018-09-12 19:39 - 002760536 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node 2018-09-12 19:39 - 2018-09-12 19:39 - 001249112 _____ () \\?\C:\Users\Su\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12815280.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20375942.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\12815280.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20375942.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-09-13 17:54 - 2018-09-18 13:12 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3916214333-3310981510-3962207731-1001\Control Panel\Desktop\\Wallpaper -> d:\pm\wall os x\19170_en_1.jpg DNS Servers: 176.103.130.130 - 176.103.130.131 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "errorlog.txt" HKLM\...\StartupApproved\Run: => "vksts" HKLM\...\StartupApproved\Run: => "HarmonyUserStartup" HKLM\...\StartupApproved\Run: => "CsrHCRPServer" HKLM\...\StartupApproved\Run: => "CsrAudioguiCtrl" HKLM\...\StartupApproved\Run: => "CsrSyncMLServer" HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKLM\...\StartupApproved\Run32: => "USB-Set" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe FirewallRules: [TCP Query User{14B0F5C7-E454-45D5-8194-D4533AB2E33F}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe FirewallRules: [UDP Query User{EE8BFDEF-700B-48A0-B3E4-CC495147405A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe ==================== Restore Points ========================= 16-09-2018 00:18:12 Windows Modules Installer 16-09-2018 16:07:50 Checkpoint by HitmanPro 17-09-2018 01:55:35 Windows Modules Installer 17-09-2018 17:37:41 AA11 17-09-2018 17:51:42 McAfee Vulnerability Scanner 18-09-2018 13:22:27 Removed AdAwareUpdater. 18-09-2018 13:22:56 Removed AdAwareInstaller. ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Windows Adapter V9 #2 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth Device (RFCOMM Protocol TDI) #2 Description: Bluetooth Device (RFCOMM Protocol TDI) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RFCOMM Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/18/2018 01:29:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program msiexec.exe version 5.0.17134.228 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 544 Start Time: 01d44f18091a68a4 Termination Time: 4294967295 Application Path: C:\Windows\System32\msiexec.exe Report Id: 0118904c-f917-4dd9-b22f-a4ccbc9ab235 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2018 01:29:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.17134.165 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 304 Start Time: 01d44f18cbf2761b Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: c09a9f2d-2542-48d7-8959-3f3064f7cdf7 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2018 01:28:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program explorer.exe version 10.0.17134.165 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 4cf4 Start Time: 01d44f1830bd04aa Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 841d8a3c-6fc0-4f55-b520-09a961aa7d6f Faulting package full name: Faulting package-relative application ID: Error: (09/18/2018 01:28:25 PM) (Source: MsiInstaller) (EventID: 11922) (User: DESKTOP-RHM3AKI) Description: Product: AdAwareInstaller -- Error 1922. Service adaware antivirus service (adawareantivirusservice) could not be deleted. Verify that you have sufficient privileges to remove system services. Error: (09/18/2018 01:24:07 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-RHM3AKI) Description: Application or service 'Windows Explorer' could not be shut down. Error: (09/18/2018 01:23:32 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-RHM3AKI) Description: Application or service 'adaware antivirus service' could not be shut down. Error: (09/18/2018 01:12:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (09/18/2018 01:12:10 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e3b10041-b560-4278-ae99-0f4c63b9b4cb} System errors: ============= Error: (09/18/2018 01:55:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/18/2018 01:54:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-RHM3AKI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-RHM3AKI\Su SID (S-1-5-21-3916214333-3310981510-3962207731-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/18/2018 01:53:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (09/18/2018 01:53:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (09/18/2018 01:53:37 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (09/18/2018 01:53:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (09/18/2018 01:53:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Error: (09/18/2018 01:53:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RHM3AKI) Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2018-09-17 02:16:47.421 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {1E2ED711-4DC3-43F5-B8D3-11A9A3453725} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2018-09-16 17:23:52.821 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {517C0D27-4945-4D51-A0FF-5993A3B9D2AF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-16 14:51:13.617 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {BA3924CA-15F4-4E0F-A68B-46465077E6D1} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-14 22:57:45.429 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7ACB870C-3EFA-40BB-83C0-96F48DEA3896} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-09-12 20:20:21.723 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.B!cl&threatid=2147718514&enterprise=0 Name: Trojan:Win32/Fuery.B!cl ID: 2147718514 Severity: Severe Category: Trojan Path: file:_C:\Users\Su\AppData\Local\Temp\33A9.tmp Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Users\Su\AppData\Roaming\ZHP\ZHPFix2.exe Signature Version: AV: 1.275.1108.0, AS: 1.275.1108.0, NIS: 1.275.1108.0 Engine Version: AM: 1.1.15200.1, NIS: 1.1.15200.1 Date: 2018-09-17 02:26:17.011 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. Date: 2018-09-16 00:28:49.851 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.1276.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80070643 Error description: Fatal error during installation. Date: 2018-09-07 17:17:40.007 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.852.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2018-08-25 22:30:24.874 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.275.155.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.15200.1 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode Date: 2018-08-25 22:20:23.544 Description: Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =================================== Date: 2018-09-18 13:56:03.703 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-09-18 13:56:03.700 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-09-18 13:55:26.494 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-09-18 13:55:26.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-09-18 13:53:48.728 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoader.dll that did not meet the Microsoft signing level requirements. Date: 2018-09-18 13:53:48.421 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoader.dll that did not meet the Microsoft signing level requirements. Date: 2018-09-18 13:53:48.198 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoader.dll that did not meet the Microsoft signing level requirements. Date: 2018-09-18 13:53:47.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\0patch\Agent\0patchLoader.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz Percentage of memory in use: 42% Total physical RAM: 16322.45 MB Available physical RAM: 9369.87 MB Total Virtual: 26562.45 MB Available Virtual: 17430.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.34 GB) (Free:123 GB) NTFS Drive d: (Data) (Fixed) (Total:3726.02 GB) (Free:1686.8 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:930.91 GB) (Free:129.22 GB) NTFS Drive f: (AIO_UEFI) (Removable) (Total:29.42 GB) (Free:17.84 GB) FAT32 \\?\Volume{b3023c52-9b54-46d0-ab62-a884f62576c6}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS \\?\Volume{60d1b2c3-e230-4f46-b624-8ad7de3aca7e}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS \\?\Volume{f4b178aa-e594-4c27-9193-a1d6bd1bbab5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 078C078C) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 88A2E294) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 9CE9E907) Partition: GPT. ======================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 29.4 GB) (Disk ID: 78CCE934) Partition 1: (Active) - (Size=29.4 GB) - (Type=0C) ==================== End of Addition.txt ============================