Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome_Elf Dll Is Missing Error


  • Please log in to reply

#91
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,778 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    Advertisements


    #92
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here is the logs from AdwCleaner, getting to junkware now. 

     

    # AdwCleaner v6.045 - Logfile created 21/04/2017 at 09:12:48
    # Updated on 28/03/2017 by Malwarebytes
    # Database : 2017-04-21.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : R - R-PC
    # Running from : C:\Users\R\Downloads\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
     
     
    ***** [ Folders ] *****
     
     
     
    ***** [ Files ] *****
     
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
    [-] Key deleted: HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\APN PIP
    [#] Key deleted on reboot: HKCU\Software\APN PIP
    [#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
     
     
    ***** [ Web browsers ] *****
     
    [-] [C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [2841 Bytes] - [02/03/2017 11:13:34]
    C:\AdwCleaner\AdwCleaner[C2].txt - [1123 Bytes] - [21/04/2017 09:12:48]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2965 Bytes] - [02/03/2017 11:12:15]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1460 Bytes] - [21/04/2017 09:12:06]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1342 Bytes] ##########

    • 0

    #93
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here is the logs from JRT, getting to FRST now.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 7 Home Premium x64 
    Ran by R (Administrator) on 21/04/2017 at  9:18:13.40
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 8 
     
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGU22J1R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAUJNNY5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP4K2LR4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG4X2OV5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGU22J1R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAUJNNY5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP4K2LR4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG4X2OV5 (Temporary Internet Files Folder) 
     
     
     
    Registry: 2 
     
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 21/04/2017 at  9:19:29.33
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #94
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here's the logs from FRST, pasting Addition logs after this - 
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-04-2017
    Ran by R (administrator) on R-PC (21-04-2017 09:23:00)
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [World of Tanks] => C:\Games\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [World of Tanks (2)] => C:\Games\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-18\...\Run: [ooVoo.exe] => C:\program files (x86)\oovoo\oovoo.exe [35910688 2016-03-08] (ooVoo LLC)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-07-13] (Microsoft Corporation)
    Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-12]
    ShortcutTarget: Twitch.lnk -> C:\Users\R\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
    GroupPolicy: Restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{394F5267-8939-41D4-BC12-0033DBBC006C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{F835098A-5C5B-4E94-872E-A0914277B5D4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
     
    FireFox:
    ========
    FF DefaultProfile: ol1w0beo.default
    FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default [2017-04-21]
    FF NewTab: Mozilla\Firefox\Profiles\ol1w0beo.default -> about:newtab
    FF Keyword.URL: Mozilla\Firefox\Profiles\ol1w0beo.default -> user_pref("keyword.URL", true);
    FF Extension: (Adblock Plus) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
    FF Extension: (Bitdefender QuickScan) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-03-02]
    FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-04-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
    FF Extension: ( Password Bank Extension ) - C:\Program Files (x86)\Acer Bio Protection\FFExt [2014-07-02] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher -> C:\Users\R\AppData\Local\Roblox\Versions\version-292abc120cb44384\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\R\AppData\Local\Roblox\Versions\version-292abc120cb44384\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\R\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default [2017-04-21]
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-21]
    CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-14]
    CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-14]
    CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-14]
    CHR Extension: (Adblock Plus) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
    CHR Extension: (FBDown Video Downloader) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-04-03]
    CHR Extension: (Google Docs Offline) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-14]
    CHR Extension: (ROBLOX+) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-04-11]
    CHR Extension: (Morpheon Dark) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
    CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2017-04-21]
    CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-14]
    CHR Extension: (Chrome Media Router) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-21]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
    S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
    R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [315248 2010-11-05] (Egis Technology Inc. )
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
    S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2010-04-26] (Windows ® Win 7 DDK provider) [File not signed]
    S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) [File not signed]
    S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2010-04-26] (Nuvoton Technology Corporation) [File not signed]
    R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
    S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
    R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-04-21 09:23 - 2017-04-21 09:24 - 00015494 _____ C:\Users\R\Downloads\FRST.txt
    2017-04-21 09:22 - 2017-04-21 09:22 - 02424832 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
    2017-04-21 09:19 - 2017-04-21 09:19 - 00002122 _____ C:\Users\R\Desktop\JRT.txt
    2017-04-21 09:16 - 2017-04-21 09:16 - 01663672 _____ (Malwarebytes) C:\Users\R\Downloads\JRT.exe
    2017-04-21 09:13 - 2017-04-21 09:14 - 00281824 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-04-21 09:10 - 2017-04-21 09:10 - 04089296 _____ C:\Users\R\Downloads\AdwCleaner.exe
    2017-04-21 01:46 - 2017-04-21 01:47 - 00000000 ____D C:\Users\R\Downloads\xvm-6.6.0
    2017-04-21 01:45 - 2017-04-21 01:45 - 07983966 _____ C:\Users\R\Downloads\xvm-6.6.0.zip
    2017-04-21 01:43 - 2017-04-21 01:43 - 08274144 _____ (XVM team ) C:\Users\R\Downloads\xvm-6.6.0.exe
    2017-04-20 14:55 - 2017-04-20 14:56 - 113034688 _____ (obsproject.com) C:\Users\R\Downloads\OBS-Studio-18.0.1-Full-Installer.exe
    2017-04-18 21:15 - 2017-04-18 21:16 - 00514085 _____ C:\Users\R\Downloads\fz_pasajero.zip
    2017-04-16 22:30 - 2017-04-16 22:30 - 00072771 _____ C:\Users\R\Downloads\orbitron.zip
    2017-04-16 17:38 - 2017-04-16 18:04 - 00001086 _____ C:\Users\R\Desktop\nativelog.txt
    2017-04-15 12:33 - 2017-04-15 12:34 - 54303648 _____ (Amazon.com) C:\Users\R\Downloads\KindleForPC-installer-1.20.47037.exe
    2017-04-14 18:08 - 2017-04-14 18:08 - 00000502 _____ C:\Users\Public\Desktop\Minecraft.lnk
    2017-04-14 18:08 - 2017-04-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
    2017-04-14 18:07 - 2017-04-14 18:07 - 02314240 _____ C:\Users\R\Downloads\MinecraftInstaller.msi
    2017-04-12 10:04 - 2017-04-12 10:04 - 00000894 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
    2017-04-12 10:04 - 2017-04-12 10:04 - 00000000 ____D C:\Users\R\Documents\Nexus Mod Manager
    2017-04-12 10:04 - 2017-04-12 10:04 - 00000000 ____D C:\Users\R\AppData\Local\Black_Tree_Gaming
    2017-04-12 10:04 - 2017-04-12 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2017-04-12 10:04 - 2017-04-12 10:04 - 00000000 ____D C:\Program Files\Nexus Mod Manager
    2017-04-12 10:03 - 2017-04-12 10:03 - 06441096 _____ (Black Tree Gaming ) C:\Users\R\Downloads\Nexus Mod Manager-0.63.14.exe
    2017-04-12 09:35 - 2017-04-12 09:35 - 00001012 _____ C:\Users\R\Desktop\Twitch.lnk
    2017-04-12 09:35 - 2017-04-12 09:35 - 00000998 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
    2017-04-12 09:35 - 2017-04-12 09:35 - 00000000 ____D C:\Users\R\AppData\Roaming\Twitch
    2017-04-12 09:35 - 2017-04-12 09:35 - 00000000 ____D C:\ProgramData\Twitch
    2017-04-12 00:31 - 2017-04-12 00:32 - 08722409 _____ C:\Users\R\Downloads\wordpress-4.7.3.zip
    2017-04-11 21:39 - 2017-04-11 21:44 - 11406421 _____ C:\Users\R\Downloads\brdqqsqwuk8w-Low-Poly-Spider.zip
    2017-04-11 21:22 - 2017-04-11 21:22 - 00000202 _____ C:\Users\R\Desktop\The Elder Scrolls Online Tamriel Unlimited.url
    2017-04-11 19:25 - 2017-04-11 19:25 - 00003224 ____N C:\bootsqm.dat
    2017-04-11 16:37 - 2017-04-11 16:38 - 14881211 _____ C:\Users\R\Downloads\73edlwf6cw74-KSR-29-sniper.zip
    2017-04-10 19:44 - 2017-04-10 19:44 - 00017241 _____ C:\Users\R\Downloads\onlineStatement (2).pdf
    2017-04-10 19:37 - 2017-04-10 19:37 - 00015589 _____ C:\Users\R\Downloads\onlineStatement (1).pdf
    2017-04-10 19:13 - 2017-04-10 19:13 - 00017258 _____ C:\Users\R\Downloads\onlineStatement.pdf
    2017-04-05 23:53 - 2017-04-05 23:53 - 00000000 ___RD C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2017-04-04 21:32 - 2017-04-05 08:06 - 00000000 ____D C:\Users\R\Documents\NSI Secret Folder
    2017-04-04 20:00 - 2017-04-04 20:00 - 00000000 __SHD C:\found.003
    2017-03-28 19:15 - 2017-03-28 19:16 - 00000000 ____D C:\Users\R\AppData\Roaming\BetterDiscord
    2017-03-24 21:26 - 2017-03-24 21:26 - 00000709 _____ C:\Users\Public\Desktop\Battlestar Galactica Online.lnk
    2017-03-24 21:26 - 2017-03-24 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSGO
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-04-21 09:23 - 2017-03-02 11:34 - 00000000 ____D C:\FRST
    2017-04-21 09:22 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-04-21 09:22 - 2009-07-13 22:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-04-21 09:19 - 2009-07-13 23:13 - 00782352 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-04-21 09:19 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
    2017-04-21 09:14 - 2017-03-01 21:14 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-04-21 09:14 - 2017-02-25 19:11 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
    2017-04-21 09:13 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-04-21 09:12 - 2017-03-02 11:09 - 00000000 ____D C:\AdwCleaner
    2017-04-21 09:07 - 2016-05-26 17:54 - 00000000 ____D C:\Games
    2017-04-21 01:41 - 2017-03-01 21:14 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-04-21 00:53 - 2016-10-05 00:32 - 00000000 ____D C:\Users\R\AppData\Roaming\obs-studio
    2017-04-21 00:14 - 2017-03-13 17:38 - 00001344 _____ C:\Users\R\Desktop\ROBLOX Player.lnk
    2017-04-21 00:14 - 2017-03-13 17:38 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2017-04-21 00:13 - 2017-03-13 17:38 - 00001163 _____ C:\Users\R\Desktop\ROBLOX Studio.lnk
    2017-04-20 15:49 - 2016-05-26 16:30 - 00000000 ____D C:\Users\R\AppData\Local\Roblox
    2017-04-20 14:57 - 2016-10-05 00:31 - 00001162 _____ C:\Users\Public\Desktop\OBS Studio.lnk
    2017-04-20 14:57 - 2016-10-05 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
    2017-04-19 10:05 - 2016-12-17 01:18 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
    2017-04-18 23:07 - 2016-07-14 01:51 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2017-04-18 23:07 - 2016-07-14 01:51 - 00001180 _____ C:\Users\Public\Desktop\paint.net.lnk
    2017-04-18 23:07 - 2016-07-14 01:50 - 00000000 ____D C:\Program Files\paint.net
    2017-04-16 18:03 - 2016-11-19 04:57 - 00000000 ____D C:\Users\R\AppData\Roaming\.minecraft
    2017-04-15 12:49 - 2016-07-31 15:54 - 00000000 ____D C:\Users\R\Documents\My Kindle Content
    2017-04-15 12:37 - 2016-07-31 15:54 - 00002191 _____ C:\Users\R\Desktop\Kindle.lnk
    2017-04-12 10:15 - 2017-02-25 20:22 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
    2017-04-12 10:15 - 2014-07-02 13:46 - 00000000 ____D C:\Users\R
    2017-04-11 21:50 - 2017-01-02 19:09 - 00000000 ____D C:\tmp
    2017-04-11 21:22 - 2016-05-26 19:47 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2017-04-11 19:50 - 2016-11-20 22:11 - 00000000 ____D C:\Users\R\AppData\Roaming\discord
    2017-04-11 19:26 - 2009-07-13 23:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-04-11 19:25 - 2016-05-26 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-04-11 16:05 - 2017-03-01 21:39 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-04-11 16:05 - 2017-03-01 21:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-04-09 00:07 - 2017-02-28 00:51 - 00000000 ____D C:\Users\R\Documents\RobloxPlaces
    2017-04-07 14:25 - 2016-12-15 00:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-04-05 23:54 - 2014-07-02 14:01 - 00000000 ____D C:\Users\R\Documents\Bluetooth Folder
    2017-04-05 23:53 - 2014-07-02 11:25 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
    2017-04-05 08:06 - 2016-12-31 14:19 - 00000000 ____D C:\Users\R\Documents\Noble Special Investigation Site 29
    2017-04-04 18:42 - 2016-07-09 15:36 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
    2017-03-29 13:46 - 2017-03-01 22:17 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-29 13:46 - 2017-03-01 22:17 - 00002147 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-03-25 16:32 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
    2017-03-23 18:41 - 2016-06-01 18:44 - 00000000 ____D C:\Users\R\AppData\Local\CrashDumps
    2017-03-23 11:34 - 2016-10-05 19:04 - 00000000 ____D C:\Users\R\Documents\OBJ FILE
     
    ==================== Files in the root of some directories =======
     
    2014-07-03 05:21 - 2016-10-08 22:16 - 0007626 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
    2016-08-05 15:57 - 2016-08-05 15:57 - 0000003 _____ () C:\Users\R\AppData\Local\updater.log
    2016-08-05 15:57 - 2017-02-24 18:19 - 0000059 _____ () C:\Users\R\AppData\Local\UserProducts.xml
    2014-07-02 11:34 - 2014-07-02 11:36 - 0017744 _____ () C:\ProgramData\ArcadeDeluxe4.log
    2017-01-04 02:15 - 2017-01-04 02:15 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-04-13 12:41
     
    ==================== End of FRST.txt ============================

    • 0

    #95
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    And here is the Addition logs. 

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
    Ran by R (21-04-2017 09:25:03)
    Running from C:\Users\R\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2014-07-02 19:46:18)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1351455686-1081943194-175279126-500 - Administrator - Disabled)
    Guest (S-1-5-21-1351455686-1081943194-175279126-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1351455686-1081943194-175279126-1002 - Limited - Enabled)
    R (S-1-5-21-1351455686-1081943194-175279126-1000 - Administrator - Enabled) => C:\Users\R
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.8316 - CyberLink Corp.)
    Acer Arcade Deluxe (x32 Version: 4.1.8316 - CyberLink Corp.) Hidden
    Acer Arcade Movie (x32 Version: 9.0.7029 - CyberLink Corp.) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
    Acer Bio Protection (HKLM-x32\...\InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}) (Version: 7.0.60.0 - Egis Technology Inc.)
    Acer Crystal Eye webcam Ver:1.1.193.827 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.193.827 - Chicony Electronics Co.,Ltd.)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
    Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
    Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
    Battlestar Galactica Online (HKLM-x32\...\Battlestar Galactica Online_is1) (Version: 1.0 - Bigpoint GmbH)
    BioExcess (Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
    ccc-core-static (x32 Version: 2010.1028.1114.18274 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Discord (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Fingerprint Solution (x32 Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
    Gyazo 3.2.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.51.6 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
    Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
    Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
    ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
    paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
    ROBLOX Player for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Studio for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.5.0.0 - Zenimax Online Studios)
    The Elder Scrolls Online: Tamriel Unlimited (HKLM\...\Steam App 306130) (Version:  - Zenimax Online Studios)
    Tweaks.com Logon Changer (HKLM-x32\...\{D2223C9B-0AB9-4546-A4C0-A1ED27C42039}) (Version: 3.1.0 - Advanced PC Media LLC)
    Unity Web Player (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    World of Tanks (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
    XVM version 6.5.6 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.5.6 - XVM team)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{593bc936-d803-49b7-9084-251d7f6425e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\R\AppData\Local\Roblox\Versions\version-292abc120cb44384\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0968AACF-E55C-4B22-A007-7C2354D2E36A} - System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: {253E1326-F65A-45BC-82F1-D987625F7481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-23] (Adobe Systems Incorporated)
    Task: {275E4617-1E30-46F1-9D17-34A2DEC87778} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {88C5C7FC-B9B8-4ECF-899F-FC6E02F363E3} - System32\Tasks\{7FF02BFD-E1DF-4AA3-9FB5-4A5E32646FF1} => pcalua.exe -a C:\Users\R\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\RobloxPlayerLauncher.exe -c -uninstall
    Task: {89BBA2DA-75CC-4E87-9AC2-A5E16A990791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {965304F7-3472-4DB8-B83D-F1E7C20A447C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {B2DBC4E6-3AE8-414A-93CF-0E5AF370941F} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
    Task: {C5E39D1D-3BBE-446E-91B7-855D78040226} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2009-01-21 14:45 - 2009-01-21 14:45 - 01401856 _____ () C:\Program Files (x86)\Acer Bio Protection\x64\LIBEAY32.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2017-03-29 13:46 - 2017-03-29 02:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
    2017-03-29 13:46 - 2017-03-29 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
    2017-01-11 15:24 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\R\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
    2017-01-11 15:24 - 2017-01-11 15:24 - 01082880 _____ () \\?\C:\Users\R\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
    2017-01-11 15:24 - 2017-01-11 15:24 - 03750400 _____ () \\?\C:\Users\R\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
    2017-01-11 15:24 - 2017-01-11 15:24 - 00914432 _____ () \\?\C:\Users\R\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
    2017-03-28 19:15 - 2017-03-28 19:15 - 00148992 _____ () \\?\C:\Users\R\AppData\Local\Discord\app-0.0.297\resources\app\node_modules\erlpack\build\Release\erlpack.node
    2017-01-11 15:24 - 2017-01-11 15:24 - 02658304 _____ () \\?\C:\Users\R\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
    2017-01-11 15:25 - 2017-03-22 13:43 - 02665976 _____ () \\?\C:\Users\R\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 20:34 - 2017-01-04 12:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^R^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                          
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k                                                                                                                                                                             
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                              
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Steam => "D:\Steam\steam.exe" -silent
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run
    MSCONFIG\startupreg: World of Tanks => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
    MSCONFIG\startupreg: World of Tanks (1) => "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{473262E6-F944-4F9F-B934-0107442E0970}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    FirewallRules: [{27DCB9A0-25FE-43FC-AD68-434068364948}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
    FirewallRules: [{187F5E7B-FF38-4834-80DA-441B80F0EB45}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{314D40DA-8D86-4D8E-A6CE-0BEA7A325400}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{A323BEA2-C8CE-4559-A48B-7A130E96F8A0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
    FirewallRules: [{D3C45009-2DEE-4975-8B59-992498F5AD37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1BDFE467-30E4-46BE-A790-B1D1F7DCE773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3907FE25-51F0-4472-B9DA-C227C3F86D81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{CC4184EE-AF26-43E0-8126-ECA524F3ADCF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{009663B2-4640-4852-AAD0-CC90589B3F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{DF8C5E33-2720-413B-A85C-57A378F76296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{5C2E51FB-F13A-46EE-BCF6-D58F1B8FD250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [{48E2DD5F-736E-4D19-9D7D-09786C319A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [TCP Query User{C1B3BC92-2043-49E0-A79B-A1C387432B4C}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [UDP Query User{4867A320-31B5-4240-BC47-94D11D67B2D9}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [{3A86A9C8-8250-4E66-8529-245016B6133D}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{8F859C3F-90E4-4470-AD0A-107D0B45E177}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{646DEC8E-4CD6-4EB2-AF7F-43ACB95B4832}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{074C53D1-0247-458F-A7D7-083070330EF9}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{D195E6A9-2440-4813-AB31-F29BB3C0BB07}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{87C5C97E-B1D4-47CD-A0EA-C4C3D90A4C7C}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [TCP Query User{876C8CDE-22F1-4096-AC6A-4E0394F13C69}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [UDP Query User{67103985-FF94-4C86-B53F-60E418CF94A0}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [{AA3CD8E2-EB7A-4D97-BFF0-35195929BF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{6E62E594-EF7A-40F8-87CC-AC7A574269EA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{9A29E102-55B2-49F4-8C64-F3D3EAE8B5B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{EB758D1B-82B9-4BC0-9D63-D70AAA7BF95B}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{A2EFBC2D-91DF-4277-BDEA-BEDDD892F503}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{01D54FC1-95DF-435D-BC73-F10C4893D731}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{4BFFF960-8367-4B4E-B5DC-D47C6428DBB2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{E6AA0A86-34AE-4AF0-939A-22B0494719D5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{E2FC24AA-F1D3-411F-881B-F4166F207F04}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{66F1FA3B-1019-4A78-B39D-8A345FC4C0FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{4889BE61-1E65-4A55-A56D-95E26F6E1F0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6D3A8AE6-B1BF-40B4-B379-726AB35FA2E8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{6C42EBEB-88D4-43A1-BD10-669876C6B8C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{00A731EE-3E30-4477-82C1-D5F6D056BC98}] => (Allow) svchost.exe
    FirewallRules: [{7310DE9C-F494-4850-BC44-24516CAC70F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{5904D895-0BBF-43CD-9618-18C06774A57E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{9C1D0267-ECF5-460A-8596-F97103CE18A6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{B9C5A73F-7CA6-49A8-8F9A-E1A2014E853A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{0EBD6171-A0E6-43FD-9C2D-8E4DE21DE5DD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
    FirewallRules: [{7B24AC15-438A-4321-B95E-127C80246A25}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{36498857-4A5D-4A7B-9B75-F80D4CE5EA8E}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{8EFFC487-6FDF-42AF-AB2E-36F84F2969D8}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{0922CB52-977F-4DAD-8E81-DF56C363175F}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{07B550D6-758D-45A5-AF90-4BA76C3B521F}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{337D1162-D1B5-45E5-881B-3069A1B71379}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{7929503A-6131-406C-89E6-8B66F64137E0}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{62349F81-838C-4778-898E-665476966AB3}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{4D0AD345-AC13-4A89-8634-E587D28803BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{7B5EDF2B-27BA-44EA-9AAE-4208E3001CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{F4191932-1307-49C0-8B29-E4F25FC42265}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [UDP Query User{1BE58C9A-3E9C-4F5E-9825-3FFF45EA130F}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [TCP Query User{3E3F2381-DC07-4E0E-AB18-8ADF0BAB2768}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{A33F52A3-F96A-4384-867C-EA285BD468FC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [TCP Query User{3507EB71-76CE-4DA5-8AC6-BB8424C6A7F5}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [UDP Query User{B429ACA3-99EB-40B7-B2AE-CDB339813961}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [TCP Query User{3C873F9F-93F7-43B4-B0EE-8820B7F22562}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{11F6721E-56E9-4FF0-8752-83AE5CF81A02}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [{98B2A9BB-9750-45C3-991C-D4EF944180ED}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{0A07EA7F-3F64-4C6D-A443-8B9C0BD6F524}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{B67FAC51-12E8-40D8-9EE3-96BADD86FE26}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{55375A40-F346-46D0-9568-B93032638C9A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{55F09BF1-3D12-45B5-A596-7D418A98A4A6}] => (Allow) C:\Games\WoTLauncher.exe
    FirewallRules: [{80F40897-2C77-4F69-B816-F4D658D1B806}] => (Allow) C:\Games\WoTLauncher.exe
    FirewallRules: [{27265D42-BBFB-48A5-905A-B8A4B75F6058}] => (Allow) C:\Games\worldoftanks.exe
    FirewallRules: [{8C480B6E-42F2-4A33-B05D-E6644914E990}] => (Allow) C:\Games\worldoftanks.exe
    FirewallRules: [TCP Query User{04C434CF-618F-4258-84B4-40344E434993}D:\bsgo\launcher\launcher.exe] => (Allow) D:\bsgo\launcher\launcher.exe
    FirewallRules: [UDP Query User{1A8F74CB-9D07-4026-861C-CB7BDF07EBE3}D:\bsgo\launcher\launcher.exe] => (Allow) D:\bsgo\launcher\launcher.exe
    FirewallRules: [{89E64063-51B1-41FB-9223-5B32D3E466CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{1EE0D3D7-5AE0-4FEB-936B-3E6C4D14A3B5}] => (Allow) D:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{A0074658-39C8-4A65-BF67-5E5F17860F58}] => (Allow) D:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [TCP Query User{6BE74A74-E8C5-4427-B20A-673E6E3FB234}C:\users\r\appdata\local\temp\i1492013413\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1492013413\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{142CC588-E7F9-443E-9C89-A10DAA3247AE}C:\users\r\appdata\local\temp\i1492013413\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1492013413\windows\resource\jre\bin\javaw.exe
    FirewallRules: [TCP Query User{48E48D0D-152D-4A62-B1AC-C951B4D6EC36}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{4DAABE64-443B-4034-BB2E-16F9B8C9C5FC}D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\runtime\jre-x64\1.8.0_25\bin\javaw.exe
     
    ==================== Restore Points =========================
     
    19-04-2017 19:05:01 Scheduled Checkpoint
    20-04-2017 08:16:37 Windows Update
    21-04-2017 09:18:16 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
    Name: Microsoft Virtual WiFi Miniport Adapter
    Description: Microsoft Virtual WiFi Miniport Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: vwifimp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (04/21/2017 09:24:08 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (04/21/2017 09:08:44 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
    Error: (04/21/2017 09:07:41 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
     
    Error: (04/21/2017 09:07:21 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (04/21/2017 01:40:39 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (04/20/2017 07:48:03 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (04/20/2017 07:52:17 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
    Error: (04/20/2017 07:51:36 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
     
    Error: (04/20/2017 07:51:21 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (04/19/2017 08:19:45 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
     
    System errors:
    =============
    Error: (04/21/2017 09:12:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (04/21/2017 09:12:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (04/21/2017 09:12:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    Error: (04/21/2017 09:12:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
     
    Error: (04/21/2017 09:12:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The EgisTec Service service terminated unexpectedly.  It has done this 1 time(s).
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
    Percentage of memory in use: 43%
    Total physical RAM: 6125.86 MB
    Available physical RAM: 3468.5 MB
    Total Virtual: 12249.9 MB
    Available Virtual: 9403.81 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:465.76 GB) (Free:380.29 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:856.77 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C352CBF0)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D32A87A1)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #96
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,778 posts
    • MVP

    Nothing much new in your logs.  I see you have added 

    Browsec VPN - Privacy and Security Online to Chrome.

     

    Since you don't use IE perhaps you should disable it totally:

     

    https://www.howtogee...from-windows-7/

     

     

    Your Addition.txt log shows you have a problem with Adobe AIR.  If you don't use it just uninstall it.  If you do then get a new copy.

    Adobe's Creative Cloud  is also acting up.  You have it unchecked in msconfig but there are 2 tasks for it:

     

    Task: {0968AACF-E55C-4B22-A007-7C2354D2E36A} - System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"

     
    Task: {C5E39D1D-3BBE-446E-91B7-855D78040226} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
     

    I would search for

     

    task scheduler

    and hit Enter

    then click on Task Scheduler Library.

     

    In the middle pane you will see a list of tasks.  Find either the number or the name (after system32\tasks\ ) and right click and Disable each task.

     

     

    Also a problem with Windows Live\Photo Gallery\MovieMaker.Exe

    As you know Windows Live is no longer supported by MS and you can't reinstall it so best to find an alternative and stop trying to use it.

     

    I would turn off  Windows Media Player Network Sharing Service:

     

    Search for

    services.msc

    hit Enter

    find the  Windows Media Player Network Sharing Service  and right click and select Properties then change the Startup Type to Disabled.  OK

     

     

     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

    • 0

    #97
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Alright, I'll figure out the part regarding Adobe AIR, and disabled 2 tasks, as per instructed in your post - Disabled Internet Explorer 11, so that's good to go, I also had disabled Windows Media Player Network Sharing Service, too. 

     

    Now, here's the logs for the system - pasting Application logs after this - 

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 21/04/2017 12:00:38 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 21/04/2017 5:54:39 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped. 

    • 0

    #98
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here's the logs from Application - 

     

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 21/04/2017 12:05:29 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 21/04/2017 5:55:33 PM
    Type: Warning Category: 6
    Event: 3057 Source: Application Virtualization Client
    {tid=8E8}
    The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: R-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command: 
     
    Log: 'Application' Date/Time: 21/04/2017 5:55:30 PM
    Type: Warning Category: 3
    Event: 3191 Source: Application Virtualization Client
    {tid=8E8}
    -------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
     
    Log: 'Application' Date/Time: 21/04/2017 5:54:36 PM
    Type: Warning Category: 0
    Event: 1530 Source: Microsoft-Windows-User Profiles Service
    Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1351455686-1081943194-175279126-1000:
    Process 600 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1351455686-1081943194-175279126-1000

    • 0

    #99
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,778 posts
    • MVP

    Looks a lot better now,  Any improvement?


    • 0

    #100
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Yup, everything's running as smoothly as it should be, thanks for the help, again, was worried that I may had downloaded something bad again, turns out it's nothing, cheers. 

     

    I'll be back again if anything comes up. 


    • 0

    Advertisements


    #101
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,778 posts
    • MVP

    OK


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP