Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Opera browser is full of Malware - keeps opening advertising tabs

Started by BearCavalry , Mar 03 2017 07:51 PM

  • This topic is locked This topic is locked

#1
BearCavalry
Posted 03 March 2017 - 07:51 PM

BearCavalry

    Member

  • Member
  • PipPipPip
  • 141 posts

Deak Geeks. I have a serious infection or hijacking of my Opera browser, if I do a search in google for example and try clicking on a result, the browser will instead open a new tab with an advertisement. I use the latest version of Opera. And Windows 7 64bit.

 

Here are my scans

 

FRST.txt

-----------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-03-2017
Ran by Donkey (administrator) on DONKEY-PC (03-03-2017 19:30:41)
Running from C:\Users\Donkey\Desktop
Loaded Profiles: Donkey (Available Profiles: Donkey)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Windows\[email protected]
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.SIXBITDBSERVER\MSSQL\Binn\sqlservr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google, Inc) C:\Users\Donkey\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Spotify Ltd) C:\Users\Donkey\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\EM01A\Monitor.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Windows\[email protected]
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 
 
2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer 
 
Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer 
 
Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-06-27] (Power Software Ltd)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda 
 
Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle 
 
Corporation)
HKLM-x32\...\Run: [Gaming Mouse Driver] => C:\Program Files (x86)\EM01A\Monitor.exe [761856 2014-11-19] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] 
 
(Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe 
 
[43984 2016-09-04] (Glarysoft Ltd)
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Run: [Google Photos Backup] => C:\Users\Donkey\AppData\Local\Programs\Google
 
\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Run: [Spotify Web Helper] => C:\Users\Donkey\AppData\Roaming\Spotify
 
\SpotifyWebHelper.exe [1523312 2016-09-09] (Spotify Ltd)
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware
 
\SUPERAntiSpyware.exe [7946144 2017-02-11] (SUPERAntiSpyware)
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] 
 
(Skype Technologies S.A.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\OSppSvc.exe: [Debugger] [email protected]
IFEO\SppSvc.exe: [Debugger] [email protected]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud
 
\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud
 
\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud
 
\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AF125D4D-E10A-4C42-9979-8C759222486E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3602713331-3058630740-4036502352-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = 
 
hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] 
 
(Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office
 
\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10
 
-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll 
 
[2016-10-22] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office
 
\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft 
 
Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll 
 
[2016-10-22] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] 
 
(Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017
 
-02-01] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] (Microsoft 
 
Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-02-01] 
 
(Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: ypz587h8.default
FF ProfilePath: C:\Users\Donkey\AppData\Roaming\Mozilla\Firefox\Profiles\ypz587h8.default [2017-02-01]
FF NewTab: Mozilla\Firefox\Profiles\ypz587h8.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\ypz587h8.default -> about:home
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle 
 
Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe 
 
Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins
 
\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins
 
\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins
 
\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader
 
\plugins\npFoxitReaderPlugin.dll [2016-12-29] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle 
 
Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle 
 
Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft 
 
Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA 
 
Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] 
 
(Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] 
 
(Adobe Systems)
FF Plugin HKU\S-1-5-21-3602713331-3058630740-4036502352-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Donkey\AppData\Local
 
\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3602713331-3058630740-4036502352-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Donkey\AppData\Local
 
\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3602713331-3058630740-4036502352-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donkey\AppData\LocalLow
 
\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://mail.ru/cnt/10445?gp=811009"
CHR Profile: C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Slides) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek 
 
[2017-02-03]
CHR Extension: (PhotoMania) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjfnbkfaofifbiflcicanlgaiafcamj [2017
 
-02-02]
CHR Extension: (HD for YouTube™) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\akjbfncbadcmnkopckegnmjgihagponf [2017-02-02]
CHR Extension: (reddit companion) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\algjnflpgoopkdijmkalfcifomdhmcbe [2017-02-10]
CHR Extension: (Google Docs) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake 
 
[2017-02-03]
CHR Extension: (Google Drive) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf 
 
[2017-02-03]
CHR Extension: (YouTube) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo 
 
[2017-02-02]
CHR Extension: (My IP address) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf 
 
[2017-02-02]
CHR Extension: (Omnibox Site Search) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\cckcidchbmodjccllbmegoignhmidncg [2017-02-02]
CHR Extension: (Ebates Cash Back) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\chhjbpecpncaggjpdakmflnfcopglcmi [2017-02-28]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ciagpekplgpbepdgggflgmahnjgiaced [2017-02-02]
CHR Extension: (uBlock Origin) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm 
 
[2017-02-10]
CHR Extension: (Adblock for Youtube™) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\cmedhionkhpnakcndndgjdbohmhepckk [2017-02-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\dajedkncpodkggklbegccjpmnglmnflm [2017-02-02]
CHR Extension: (Netflix) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2017-
 
02-02]
CHR Extension: (Calculator) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja 
 
[2017-02-02]
CHR Extension: (Home - New Tab Page) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ehhkfhegcenpfoanmgfpfhnmdmflkbgk [2017-03-02]
CHR Extension: (Translate Language) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ehihmefpkkchenckklpjmfaaobbfacij [2017-02-02]
CHR Extension: (Google Play Music) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-28]
CHR Extension: (Google Sheets) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap 
 
[2017-02-03]
CHR Extension: (HTML Revealer and Password Revealer) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\fgeopcldenngppapceagonnenonklpbn [2017-02-02]
CHR Extension: (FBDown Video Downloader) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\fhplmmllnpjjlncfjpbbpjadoeijkogc [2017-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-10]
CHR Extension: (Artstation Discover) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ghkbedmkakkdhfkhchadmkhlflnafocm [2017-02-02]
CHR Extension: (Pinterest Save Button) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-02-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\hdokiejnpimakedhajhdlcegeplioahd [2017-02-28]
CHR Extension: (Cardboard - New Tab Page) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\hilmkmopmiomkmehbhajigccnglobaap [2017-02-02]
CHR Extension: (Pixlr Editor) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk 
 
[2017-02-02]
CHR Extension: (Start!) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2017-
 
02-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-19]
CHR Extension: (Support Free Content - AllMusic) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\kffpbhfpflaacppoegnbknokchggcoao [2017-02-02]
CHR Extension: (Alarm Clock Radio) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\kipdhcpepbpjaoggihaloebfjfafagmi [2017-02-02]
CHR Extension: (IP Whois & Flags Chrome & Websites Rating) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\kmdfbacgombndnllogoijhnggalgmkon [2017-02-02]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\llaficoajjainaijghjlofdfmbjpebpa [2017-03-02]
CHR Extension: (Google Maps) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh 
 
[2017-02-02]
CHR Extension: (Thesaurus: Synonym 4 Right Click) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\lpkpcliecpgjbkffooidajhakoidhidh [2017-02-02]
CHR Extension: (Line Numbers for Google Docs) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\mblodabbcapnkgcfnddfpfaamjckjlik [2017-02-02]
CHR Extension: (LastPass Vault) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf 
 
[2017-02-02]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-02]
CHR Extension: (Adblock Pro) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch 
 
[2017-02-02]
CHR Extension: (OverTask) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiijfgmbaopeehamdhiiepidbpfkcda 
 
[2017-02-02]
CHR Extension: (Psykopaint) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil 
 
[2017-02-02]
CHR Extension: (Gmail) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02
 
-02]
CHR Extension: (Chrome Media Router) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR Extension: (Privacy Badger) - C:\Users\Donkey\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-02-02]
 
Opera: 
=======
OPR Extension: (No Name) - C:\Users\Donkey\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-
 
01-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-11] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 
 
2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] 
 
(Apple Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2016-12-08] (Freemake) [File not signed]
R2 KMS-R@1n; C:\Windows\[email protected] [26112 2017-02-28] () [File not signed]
R2 MSSQL$SIXBITDBSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.SIXBITDBSERVER\MSSQL\Binn\sqlservr.exe [370368 2014-02-
 
21] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] 
 
(NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-01] (NVIDIA 
 
Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-01] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
S4 SQLAgent$SIXBITDBSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.SIXBITDBSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 
 
2014-02-21] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-04-18] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-05-29] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-02-22] (REALiX™)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201464 2015-12-04] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-12-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-12-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [80592 2016-03-14] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-12-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-12-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [177424 2016-02-17] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-12-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [264976 2016-02-17] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-12-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [171792 2016-08-04] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [127248 2016-08-04] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205072 2016-08-04] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2016-08-04] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2016-08-04] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2016-08-04] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 19:30 - 2017-03-03 19:30 - 00032145 _____ C:\Users\Donkey\Desktop\FRST.txt
2017-03-03 19:29 - 2017-03-03 19:29 - 02423808 _____ (Farbar) C:\Users\Donkey\Desktop\FRST64.exe
2017-03-03 12:35 - 2017-03-03 12:35 - 00000000 ____D C:\Users\Donkey\Desktop\WordPress Photos
2017-03-03 12:17 - 2017-03-03 12:17 - 00000638 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-03-03 12:17 - 2017-03-03 12:17 - 00000638 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-03-03 12:16 - 2017-03-03 12:16 - 00000235 _____ C:\Users\Donkey\Desktop\htaccess_Backup_for_ukrainianoptimus.com.txt
2017-03-02 23:52 - 2017-03-02 23:52 - 00000815 _____ C:\Users\Donkey\Desktop\The Walking Dead A New Frontier Episode 2.lnk
2017-03-02 23:52 - 2017-03-02 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead A New Frontier 
 
Episode 2
2017-03-02 23:41 - 2017-03-02 23:41 - 00000815 _____ C:\Users\Donkey\Desktop\The Walking Dead A New Frontier Episode 1.lnk
2017-03-02 23:41 - 2017-03-02 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Walking Dead A New Frontier 
 
Episode 1
2017-03-02 12:47 - 2017-03-02 12:47 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsign7ac773b3a943cb69
2017-03-02 12:47 - 2017-03-02 12:47 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsign5f8d899aa357b997
2017-03-02 12:45 - 2017-03-02 12:45 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsign702cb7973205678b
2017-03-02 12:44 - 2017-03-02 12:44 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsignf79aefc73c292982
2017-03-02 12:44 - 2017-03-02 12:44 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsignbcf8abbecb143c61
2017-03-02 12:44 - 2017-03-02 12:44 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsign5081a11e7c4c4af2
2017-03-02 12:44 - 2017-03-02 12:44 - 00000000 ____D C:\Users\Donkey\AppData\Local\Tempzxpsign4f853d56c23c9308
2017-03-02 12:38 - 2017-03-02 12:41 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-03-02 09:17 - 2017-03-02 09:19 - 00158065 _____ C:\Users\Donkey\Desktop\58823 Request for Forbearance.pdf
2017-03-01 20:14 - 2017-03-01 20:19 - 00000000 ____D C:\Users\Donkey\Desktop\WOW
2017-03-01 20:04 - 2017-03-01 20:04 - 00000112 ____H C:\F4BB63E4F399
2017-03-01 20:04 - 2017-03-01 20:04 - 00000112 ____H C:\443067690D43
2017-03-01 20:04 - 2017-03-01 20:04 - 00000040 ____H C:\4ED2FBD4FC0E
2017-03-01 17:27 - 2017-03-02 12:39 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\mIRC
2017-03-01 17:27 - 2017-03-02 12:13 - 00000000 ____D C:\Program Files (x86)\mIRC
2017-03-01 17:27 - 2017-03-01 17:27 - 00000955 _____ C:\Users\Public\Desktop\mIRC.lnk
2017-03-01 17:27 - 2017-03-01 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2017-03-01 13:23 - 2017-03-01 13:23 - 00000000 ____D C:\Users\Donkey\AppData\Local\FalloutNV
2017-03-01 13:22 - 2017-03-01 13:23 - 00000000 ____D C:\Users\Donkey\Documents\Nexus Mod Manager
2017-03-01 13:22 - 2017-03-01 13:23 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-03-01 13:22 - 2017-03-01 13:22 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-03-01 13:22 - 2017-03-01 13:22 - 00000000 ____D C:\Users\Donkey\AppData\Local\Black_Tree_Gaming
2017-03-01 13:22 - 2017-03-01 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-03-01 05:28 - 2016-08-08 03:00 - 00070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-02-28 22:14 - 2017-02-28 22:14 - 00026112 _____ C:\Windows\[email protected]
2017-02-28 22:14 - 2017-02-28 22:14 - 00005120 _____ C:\Windows\[email protected]
2017-02-28 22:14 - 2017-02-28 22:14 - 00004096 _____ C:\Windows\[email protected]
2017-02-28 22:14 - 2017-02-28 22:14 - 00000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2017-02-28 21:09 - 2017-02-28 21:09 - 00002833 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-28 21:09 - 2017-02-28 21:09 - 00002805 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-28 21:09 - 2017-02-28 21:09 - 00002769 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-28 21:09 - 2017-02-28 21:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-02-28 21:08 - 2017-02-28 21:08 - 00000000 ____D C:\Windows\PCHEALTH
2017-02-28 21:07 - 2017-02-28 21:07 - 00000000 __RHD C:\MSOCache
2017-02-28 21:07 - 2017-02-28 21:07 - 00000000 ____D C:\Windows\SHELLNEW
2017-02-28 21:07 - 2017-02-28 21:07 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-28 21:07 - 2017-02-28 21:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-28 18:14 - 2017-02-28 18:14 - 00000795 _____ C:\Users\Public\Desktop\Fallout New Vegas.lnk
2017-02-28 18:14 - 2017-02-28 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2017-02-28 08:19 - 2017-02-28 08:19 - 00000000 ____D C:\Program Files\Adobe
2017-02-28 08:18 - 2017-02-28 08:18 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-02-27 20:12 - 2017-02-27 20:12 - 00042225 _____ C:\Users\Donkey\Desktop\Life as seen from Above - The Book.odt
2017-02-26 18:31 - 2017-02-26 22:59 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Acrylic Wi-Fi Home
2017-02-26 18:31 - 2017-02-26 22:59 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2017-02-26 01:04 - 2017-02-26 01:04 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Launchpad
2017-02-26 01:02 - 2017-02-26 01:04 - 00000000 ____D C:\Users\Donkey\AppData\Local\Frontier Developments
2017-02-25 23:19 - 2017-02-25 23:19 - 00000000 ____D C:\Users\Donkey\Documents\TrialsFusion
2017-02-25 20:01 - 2017-02-25 23:12 - 00000000 ____D C:\Users\Donkey\Desktop\BOOKS
2017-02-25 13:14 - 2017-02-25 13:14 - 00000000 ____D C:\Users\Donkey\AppData\LocalLow\JutsuGames
2017-02-25 13:12 - 2017-02-25 13:16 - 00000000 ____D C:\Program Files (x86)\PlayWay SA
2017-02-22 22:40 - 2017-02-22 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-02-22 22:39 - 2017-02-26 01:03 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-22 22:33 - 2017-02-22 22:33 - 00000145 _____ C:\Users\Donkey\Desktop\Drivers Update - DUMo.url
2017-02-22 22:33 - 2017-02-22 22:33 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\KC Softwares
2017-02-22 22:33 - 2017-02-22 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2017-02-22 22:33 - 2017-02-22 22:33 - 00000000 ____D C:\Program Files (x86)\KC Softwares
2017-02-22 22:32 - 2017-02-22 22:32 - 00027552 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-02-22 22:31 - 2017-02-22 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-02-22 22:31 - 2017-02-22 22:31 - 00000000 ____D C:\Program Files\HWiNFO64
2017-02-22 10:33 - 2017-02-22 10:33 - 00000054 _____ C:\Users\Donkey\Desktop\mama mc cc.txt
2017-02-18 05:01 - 2017-02-27 14:09 - 00000797 _____ C:\Users\Donkey\Desktop\theHunter Call of the Wild.lnk
2017-02-18 05:01 - 2017-02-27 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\theHunter Call of the Wild
2017-02-17 16:09 - 2017-02-17 16:09 - 00505359 _____ C:\Users\Donkey\Desktop\2016Taxes-1040 Svetlana.pdf
2017-02-17 14:31 - 2017-02-17 14:31 - 00000240 _____ C:\Users\Donkey\Desktop\zane.txt
2017-02-16 19:37 - 2017-02-16 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisiPics
2017-02-16 19:37 - 2017-02-16 19:37 - 00000000 ____D C:\Program Files (x86)\VisiPics
2017-02-16 18:07 - 2017-02-16 18:07 - 00000000 ____D C:\Users\Donkey\AppData\Local\Spoon
2017-02-16 18:07 - 2017-02-16 18:07 - 00000000 ____D C:\Users\Donkey\AppData\Local\IsolatedStorage
2017-02-16 18:06 - 2017-02-16 18:06 - 00001450 _____ C:\Users\Public\Desktop\Free Duplicate Photo Finder.lnk
2017-02-16 18:06 - 2017-02-16 18:06 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Free Picture Solutions
2017-02-16 18:06 - 2017-02-16 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Duplicate Photo Finder
2017-02-16 18:06 - 2017-02-16 18:06 - 00000000 ____D C:\Program Files (x86)\Free Picture Solutions
2017-02-16 17:09 - 2017-02-16 17:10 - 00018117 _____ C:\Users\Donkey\Desktop\soldiers.odt
2017-02-15 16:27 - 2017-02-15 16:27 - 00000000 ____D C:\Users\Donkey\Desktop\Blog
2017-02-15 14:57 - 2017-02-15 14:57 - 01389395 _____ (pendrivelinux.com) C:\Users\Donkey\Desktop\Universal-USB-Installer-1.9.7.2.exe
2017-02-14 13:17 - 2017-02-14 13:17 - 00000085 _____ C:\Windows\wininit.ini
2017-02-12 12:59 - 2017-02-14 15:45 - 00000000 ____D C:\Users\Donkey\Desktop\CAR
2017-02-12 10:09 - 2017-02-12 10:09 - 00000222 _____ C:\Users\Donkey\Desktop\FTL Faster Than Light.url
2017-02-11 22:48 - 2017-03-03 15:00 - 00000000 ____D C:\Users\Donkey\Desktop\hahahaha
2017-02-11 15:46 - 2017-02-11 18:25 - 00013795 _____ C:\Users\Donkey\Desktop\Computers for soldiers.xml
2017-02-10 22:01 - 2017-02-10 22:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-10 22:01 - 2017-02-10 22:01 - 00000000 ____D C:\Windows\tracing
2017-02-10 22:01 - 2017-02-10 22:01 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-10 16:03 - 2017-02-10 16:11 - 00000455 _____ C:\Users\Public\Desktop\Tyranny.lnk
2017-02-10 16:03 - 2017-02-10 16:11 - 00000455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyranny.lnk
2017-02-10 12:58 - 2017-02-10 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-10 12:57 - 2017-02-10 12:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 12:57 - 2016-12-29 07:10 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-10 12:57 - 2016-12-29 06:28 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-10 12:57 - 2016-09-09 12:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-10 12:57 - 2016-09-09 12:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-02-10 12:57 - 2016-09-09 12:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-10 12:57 - 2016-09-09 12:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-10 12:54 - 2017-02-02 10:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-10 12:54 - 2017-02-02 10:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-10 12:54 - 2017-02-02 08:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-10 12:54 - 2016-12-31 09:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-10 12:54 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-10 12:54 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-10 12:54 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-10 12:54 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-02-10 12:54 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-10 12:54 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-02-10 12:54 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-02-10 12:54 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-02-10 12:54 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-10 12:54 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-10 12:54 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-10 12:54 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-10 12:54 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-10 12:54 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-10 12:54 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-10 12:54 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-02-10 12:54 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-10 12:54 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-10 12:54 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-10 12:54 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-10 12:54 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-10 12:54 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-10 12:54 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-02-10 12:54 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-02-10 12:54 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-10 12:54 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-02-10 12:54 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-02-10 12:54 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-02-10 12:54 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-10 12:54 - 2016-03-23 16:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-02-10 12:54 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-02-10 12:54 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-02-10 12:54 - 2015-05-25 12:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-02-10 12:54 - 2015-05-25 12:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-02-10 12:54 - 2015-05-25 12:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-02-10 12:54 - 2015-05-25 12:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-02-10 12:54 - 2015-05-25 12:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-02-10 12:54 - 2015-05-25 12:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-02-10 12:54 - 2015-05-25 12:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-02-10 12:54 - 2015-05-25 12:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-02-10 12:54 - 2015-05-25 12:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-02-10 12:54 - 2015-05-25 12:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-02-10 12:54 - 2015-05-25 12:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-02-10 12:54 - 2015-05-25 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-02-10 12:54 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-02-10 12:54 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-02-10 12:54 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-02-10 12:54 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2017-02-10 12:53 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-02-10 12:53 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-02-10 12:50 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-10 12:50 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-02-09 22:04 - 2017-02-09 22:16 - 00000875 _____ C:\Users\Public\Desktop\Sid Meiers Civilization VI.lnk
2017-02-09 22:04 - 2017-02-09 22:16 - 00000875 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI.lnk
2017-02-09 18:21 - 2017-02-09 18:24 - 00000000 ____D C:\Users\Donkey\Desktop\9
2017-02-09 16:54 - 2017-03-02 09:18 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Foxit Software
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\Users\Public\Foxit Software
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Foxit AgentInformation
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2017-02-09 16:54 - 2017-02-09 16:54 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2017-02-09 14:13 - 2017-02-09 14:14 - 00000000 ____D C:\Users\Donkey\Desktop\ufc
2017-02-08 16:41 - 2017-02-08 16:41 - 00000000 ____D C:\Users\Donkey\AppData\Local\Apps\2.0
2017-02-08 13:27 - 2017-02-08 13:27 - 00081920 _____ C:\Users\Donkey\Desktop\appointment.pdf
2017-02-07 22:43 - 2017-02-07 22:43 - 00000026 _____ C:\Users\Donkey\Desktop\WP-Login.txt
2017-02-07 20:59 - 2017-02-07 21:01 - 00000000 ____D C:\Users\Donkey\Desktop\space
2017-02-07 13:59 - 2017-02-07 17:00 - 00000982 _____ C:\Users\Donkey\Desktop\medicine.txt
2017-02-06 09:29 - 2017-02-06 09:29 - 00006134 _____ C:\Users\Donkey\Desktop\wp.pdf
2017-02-04 11:41 - 2017-02-04 11:41 - 00001982 _____ C:\Users\Public\Desktop\CuteFTP 9.lnk
2017-02-04 11:36 - 2017-02-04 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
2017-02-04 10:09 - 2017-02-04 10:09 - 00000000 ____D C:\ProgramData\Splashtop
2017-02-04 10:08 - 2017-02-04 10:08 - 00002260 _____ C:\Users\Public\Desktop\Splashtop Personal.lnk
2017-02-04 10:08 - 2017-02-04 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2017-02-04 10:08 - 2017-02-04 10:08 - 00000000 ____D C:\Program Files (x86)\Splashtop
2017-02-03 18:26 - 2017-02-03 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Master PDF Editor 4
2017-02-02 21:54 - 2017-02-02 21:54 - 00000222 _____ C:\Users\Donkey\Desktop\Game Dev Tycoon.url
2017-02-02 20:47 - 2017-02-27 05:01 - 00000000 ____D C:\Users\Donkey\AppData\Local\Game Dev Tycoon - Steam
2017-02-02 20:28 - 2017-02-02 20:28 - 00000000 ____D C:\Users\Donkey\Documents\U-Play online
2017-02-02 18:24 - 2017-02-02 18:24 - 00001008 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2017-02-02 16:29 - 2017-02-02 16:29 - 00000000 ____D C:\ProgramData\RegRun
2017-02-02 16:28 - 2017-02-02 16:34 - 00000000 ____D C:\Users\Donkey\Documents\RegRun2
2017-02-02 16:28 - 2017-02-02 16:28 - 00000002 RSHOT C:\Windows\winstart.bat
2017-02-02 16:28 - 2017-02-02 16:28 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2017-02-02 16:28 - 2017-02-02 16:28 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2017-02-02 16:18 - 2017-02-02 16:18 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2017-02-02 16:18 - 2017-02-02 16:18 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-02-02 15:15 - 2017-02-02 15:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-01 16:22 - 2017-02-01 16:29 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-01 16:02 - 2017-02-01 16:02 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Donkey\Downloads\SpyHunter-Installer.exe
2017-02-01 16:00 - 2017-02-01 16:00 - 00881904 _____ (Plumbytes Software) C:\Users\Donkey\Downloads\antimalwaresetup.exe
2017-02-01 16:00 - 2017-02-01 16:00 - 00881904 _____ (Plumbytes Software) C:\Users\Donkey\Downloads\antimalwaresetup (1).exe
2017-02-01 14:08 - 2017-02-03 08:21 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-02-01 11:21 - 2017-02-01 11:21 - 00000000 ____D C:\zoek
2017-02-01 11:09 - 2017-02-01 11:22 - 00003272 _____ C:\runcheck.txt
2017-02-01 11:09 - 2017-02-01 11:22 - 00000000 ____D C:\zoek_backup
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-03 19:30 - 2017-01-30 12:14 - 00000000 ____D C:\FRST
2017-03-03 19:28 - 2016-05-29 10:51 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Skype
2017-03-03 18:51 - 2016-05-29 10:42 - 00000000 ____D C:\Users\Donkey\Desktop\Wallpaper
2017-03-03 16:09 - 2009-07-13 23:13 - 00925508 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-03 16:09 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2017-03-03 12:26 - 2016-07-17 07:59 - 00000000 ____D C:\Users\Donkey\AppData\Local\Thunderbird
2017-03-03 12:17 - 2016-05-29 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-03 04:49 - 2016-11-30 16:22 - 00000000 ____D C:\Users\Donkey\Documents\Telltale Games
2017-03-03 04:13 - 2009-07-13 22:45 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-
 
439d-8115-601632D005A0
2017-03-03 04:13 - 2009-07-13 22:45 - 00028704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-
 
439d-8115-601632D005A0
2017-03-02 20:39 - 2016-05-31 13:51 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\vlc
2017-03-02 13:45 - 2016-05-28 21:48 - 00000000 ____D C:\Users\Donkey\AppData\Local\ElevatedDiagnostics
2017-03-02 13:45 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-02 12:47 - 2016-06-02 12:55 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-03-02 12:45 - 2016-05-29 23:28 - 00000000 ____D C:\Users\Donkey\AppData\Local\Adobe
2017-03-02 12:44 - 2016-05-28 20:22 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Adobe
2017-03-02 12:41 - 2016-06-02 12:53 - 00000000 ____D C:\Users\Donkey\Documents\Adobe
2017-03-02 12:30 - 2016-07-30 05:59 - 00000000 ____D C:\Users\Donkey\AppData\LocalLow\Adobe
2017-03-01 19:59 - 2016-07-06 18:43 - 00000000 ___HD C:\Users\Donkey\Desktop\.picasaoriginals
2017-03-01 13:23 - 2016-05-30 20:18 - 00000000 ____D C:\Users\Donkey\Documents\My Games
2017-03-01 12:08 - 2016-10-28 21:12 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1477710770
2017-03-01 12:08 - 2016-10-28 21:12 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-01 05:29 - 2016-05-29 21:40 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-03-01 05:28 - 2016-09-09 08:20 - 00000352 _____ C:\Users\Donkey\AppData\Roaming\sp_data.sys
2017-03-01 05:28 - 2016-05-28 21:28 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-01 05:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-01 05:28 - 2009-07-13 22:45 - 00613400 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-01 05:27 - 2016-05-28 20:22 - 00000000 ____D C:\Users\Donkey
2017-03-01 05:25 - 2016-05-30 09:39 - 00138488 _____ C:\Users\Donkey\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-28 22:13 - 2016-07-17 21:25 - 00000000 ____D C:\Users\Donkey\AppData\Local\mpress
2017-02-28 21:08 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-02-28 12:45 - 2016-06-01 15:34 - 00000000 ____D C:\Users\Donkey\Desktop\Ukraine
2017-02-28 08:20 - 2016-06-02 12:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-02-28 08:20 - 2016-05-29 23:28 - 00000000 ____D C:\ProgramData\Adobe
2017-02-28 08:17 - 2016-05-29 23:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-27 18:04 - 2016-06-01 15:34 - 00000000 ____D C:\Users\Donkey\Desktop\STUFF
2017-02-27 17:13 - 2016-06-01 15:35 - 00000000 ____D C:\Users\Donkey\Desktop\SFO
2017-02-27 05:04 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-26 01:05 - 2016-07-01 12:22 - 00000000 ____D C:\Users\Donkey\AppData\LocalLow\Obsidian Entertainment
2017-02-25 08:08 - 2016-07-12 12:30 - 00000000 ____D C:\Users\Donkey\AppData\Local\CrashDumps
2017-02-22 22:40 - 2016-05-29 10:51 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2017-02-22 22:40 - 2016-05-29 10:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-22 22:40 - 2016-05-29 10:51 - 00000000 ____D C:\ProgramData\Skype
2017-02-19 16:34 - 2017-01-31 23:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-19 16:34 - 2016-12-07 18:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-16 16:27 - 2016-07-17 07:51 - 00000000 ____D C:\Users\Donkey\Desktop\EVERYTHING
2017-02-14 13:17 - 2017-01-31 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-12 20:08 - 2016-07-06 12:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 20:08 - 2016-06-21 13:00 - 00000000 ____D C:\Program Files\Bonjour
2017-02-12 10:09 - 2016-05-31 14:05 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-11 04:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2017-02-10 22:39 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2017-02-10 12:58 - 2016-05-28 21:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 12:57 - 2016-05-28 21:28 - 00000000 ____D C:\Users\Donkey\AppData\Local\NVIDIA
2017-02-10 12:57 - 2016-05-28 21:28 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 12:57 - 2016-05-28 21:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 21:24 - 2016-06-30 23:15 - 00003217 _____ C:\Users\Donkey\Desktop\passwords (3).txt
2017-02-04 11:36 - 2016-05-28 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-03 18:26 - 2016-10-30 20:42 - 00000000 ____D C:\Program Files\Code Industry
2017-02-02 16:39 - 2016-05-28 21:12 - 00000000 ____D C:\Users\Donkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-02 15:15 - 2017-01-27 17:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-02 15:15 - 2017-01-27 17:15 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-01 18:34 - 2016-05-28 21:10 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 18:34 - 2016-05-28 21:10 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-01 11:22 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
 
==================== Files in the root of some directories =======
 
2016-08-22 19:08 - 2016-08-22 19:15 - 0000600 _____ () C:\Users\Donkey\AppData\Roaming\PUTTY.RND
2016-09-09 08:20 - 2017-03-01 05:28 - 0000352 _____ () C:\Users\Donkey\AppData\Roaming\sp_data.sys
2016-07-05 21:44 - 2016-07-05 21:44 - 0000173 _____ () C:\Users\Donkey\AppData\Local\msmathematics.qat.Donkey
2016-05-30 09:28 - 2016-08-22 22:20 - 0000600 _____ () C:\Users\Donkey\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
2017-02-19 16:35 - 2017-02-19 16:35 - 16762032 _____ () C:\Users\Donkey\AppData\Local\Temp\gusetup8.exe
2015-07-30 19:36 - 2015-07-30 19:36 - 0242864 ____R (Microsoft Corporation) C:\Users\Donkey\AppData\Local\Temp\ose00000.exe
2017-02-22 22:37 - 2017-02-22 22:38 - 56756184 _____ (Skype Technologies S.A.) C:\Users\Donkey\AppData\Local\Temp\SkypeSetup.exe
2017-02-22 22:39 - 2017-02-22 22:39 - 14456872 _____ (Microsoft Corporation) C:\Users\Donkey\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 09:59
 
==================== End of FRST.txt ============================
 
 
 
-------------------------------Addition.txt--------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-03-2017
Ran by Donkey (03-03-2017 19:31:04)
Running from C:\Users\Donkey\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-29 02:22:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3602713331-3058630740-4036502352-500 - Administrator - Enabled)
Donkey (S-1-5-21-3602713331-3058630740-4036502352-1000 - Administrator - Enabled) => C:\Users\Donkey
Guest (S-1-5-21-3602713331-3058630740-4036502352-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3602713331-3058630740-4036502352-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Angry Birds Star Wars II (HKLM-x32\...\{F2901A5D-DB84-4E40-AD63-F8DFB239DD86}) (Version: 1.5.1 - Rovio Entertainment Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0040 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Free 9.3 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version:  - )
FastStone Capture 8.2 (HKLM-x32\...\FastStone Capture) (Version: 8.2 - FastStone Soft)
Firewatch (HKLM-x32\...\Firewatch_is1) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Duplicate Photo Finder (HKLM-x32\...\{00EBC706-8946-4967-9B64-16648DB3BA3A}) (Version: 1.0.0 - Free Picture Solutions)
Freemake Video Converter RePack by CUTA (HKLM-x32\...\Freemake Video Converter RePack by CUTA) (Version: 4.1.9.13 - RePack by CUTA)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Fresco Logic USB3.0 Host Controller (HKLM\...\{4A5AC986-912D-4B40-BF2C-7A159923632D}) (Version: 3.5.30.0 - Fresco Logic Inc.)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Gaming Mouse Driver (HKLM-x32\...\{462C5B32-91B7-48E8-87E4-7630BC543A85}) (Version:  - )
Glary Utilities PRO 5.60 (HKLM-x32\...\Glary Utilities 5) (Version: 5.60.0.81 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Photos Backup (HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HWiNFO64 Version 5.44 (HKLM\...\HWiNFO64_is1) (Version: 5.44 - Martin Malík - REALiX)
inSSIDer 4 (HKLM-x32\...\{61B59B49-255D-40F3-8726-8CE8C173935C}) (Version: 4.0.0.20 - MetaGeek, LLC)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 5.1.3.353 - KC Softwares)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Master PDF Editor 4.0 (HKLM\...\Master PDF Editor 4_is1) (Version: 4.0.30 - Code Industry Ltd.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.47 - mIRC Co. Ltd.)
Moon Colonization Project (HKLM\...\Steam App 496500) (Version:  - Belarus Games)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.7.1 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-68c369dc-2088-4cd5-a85d-b339f19562c6) (Version:  - Epic Games, Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Papers, Please (HKLM\...\Steam App 239030) (Version:  - 3909)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PIXresizer (HKLM-x32\...\PIXresizer_is1) (Version: 2.0.8 - Bluefive software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8018 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Sid Meiers Civilization VI Update v1.0.0.38 (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version:  - Valve)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM\...\{2D766E70-7670-41A8-B370-1E09084ABA5D}) (Version: 10.1.2531.0 - Microsoft Corporation)
SQL Server System CLR Types (HKLM-x32\...\{C9FD9DF2-D92B-4321-A338-52961FECE249}) (Version: 10.1.2531.0 - Microsoft Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
The Walking Dead A New Frontier Episode 1 (HKLM-x32\...\The Walking Dead A New Frontier Episode 1_is1) (Version:  - )
The Walking Dead A New Frontier Episode 2 (HKLM-x32\...\The Walking Dead A New Frontier Episode 2_is1) (Version:  - )
theHunter Call of the Wild (HKLM-x32\...\theHunter Call of the Wild_is1) (Version:  - )
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Tyranny DLC Unlocker (HKLM\...\dHlyYW5ueQ_is1) (Version: 1 - )
Unity Web Player (HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version:  - Microsoft)
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3602713331-3058630740-4036502352-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Donkey\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3602713331-3058630740-4036502352-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3602713331-3058630740-4036502352-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Donkey\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2593A6C4-B69D-428B-A476-CB73CF100286} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {46F7BCD4-D47D-4750-84E7-122F8E1BE96F} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic 
Task: {49B9A2F4-C5CD-4D30-956E-18A271A44F69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3602713331-3058630740-4036502352-1000UA => C:\Users\Donkey\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
Task: {5ED68747-A13C-4D7A-A513-96EF6317F420} - \Trojan Remover -> No File <==== ATTENTION
Task: {737A6088-B2F1-437E-BCA2-15D47F9A6021} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {7CF515CD-3006-4056-A725-F4799754631A} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-09-18] (Glarysoft Ltd)
Task: {92D138B7-00F7-4597-9C6D-FD29AD3F7B46} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3602713331-3058630740-4036502352-1000Core => C:\Users\Donkey\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
Task: {9F2EE15D-0048-4D1E-9268-E0DE4F92A131} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
Task: {BD3B598E-0D29-4EFC-B7E9-02E1099346DF} - System32\Tasks\Opera scheduled Autoupdate 1477710770 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {BF41DA51-B176-4D3C-9374-016CD9F2284B} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-12-15] (Realtek Semiconductor)
Task: {C4454D36-CE42-476F-98DF-C0CF3993985F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-28] (Google Inc.)
Task: {DD0821CF-DBD7-455F-92DE-4B20A7148058} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {F7C05D69-5183-40C7-B592-6C3E826766E8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {FBF1379F-54B7-40C5-B2C5-94019C7345DC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-12-15] (Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Donkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\Donkey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-28 22:14 - 2017-02-28 22:14 - 00026112 _____ () C:\Windows\[email protected]
2016-05-30 09:36 - 2016-05-01 23:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-30 09:36 - 2016-05-01 23:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-30 09:36 - 2016-05-01 23:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-28 21:28 - 2016-05-01 23:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-06 13:44 - 2014-12-12 16:24 - 00044760 _____ () C:\Windows\runSW.exe
2016-05-28 21:28 - 2016-12-29 07:16 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-14 15:11 - 2010-07-14 15:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-17 16:42 - 2016-05-17 16:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-05-30 09:36 - 2016-05-01 23:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-30 09:36 - 2016-05-01 23:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-30 09:36 - 2016-05-01 23:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-30 09:36 - 2016-05-01 23:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-30 09:36 - 2016-05-01 23:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-30 09:36 - 2016-05-01 23:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-02 19:20 - 2014-11-19 14:19 - 00761856 _____ () C:\Program Files (x86)\EM01A\Monitor.exe
2017-02-01 18:34 - 2017-02-01 03:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-01 18:34 - 2017-02-01 03:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-28 22:14 - 2017-02-28 22:14 - 00005120 _____ () C:\Windows\[email protected]
2017-02-28 22:14 - 2017-02-28 22:14 - 00004096 _____ () C:\Windows\[email protected]
2015-12-15 11:17 - 2015-12-15 11:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-04-08 16:35 - 2016-04-08 16:35 - 03481600 _____ () C:\Users\Donkey\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2016-11-15 06:27 - 2016-11-15 06:27 - 08911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2012-01-31 08:25 - 2012-01-31 08:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-06 18:32 - 2012-02-06 18:32 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2017-01-02 19:20 - 2014-09-09 15:05 - 00057344 _____ () C:\Program Files (x86)\EM01A\lan.dll
2017-01-02 19:20 - 2013-11-01 12:57 - 00049152 _____ () C:\Program Files (x86)\EM01A\hiddriver.dll
2016-09-18 02:59 - 2016-09-18 02:59 - 00086992 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2017-03-01 12:08 - 2017-03-01 12:08 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-01 12:08 - 2017-03-01 12:08 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-01 12:08 - 2017-03-01 12:08 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-01 12:08 - 2017-03-01 12:08 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2017-01-29 08:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3602713331-3058630740-4036502352-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Donkey\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1C1E9024-6830-4451-886B-69D5F7319D5B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{90C9DEEB-4FA4-4B3A-83BB-289A14B678C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A4CC7E7D-85F8-41EE-B4E3-70616ADEE5EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A2C0C3B-ABAD-4A12-B217-0B09BBDFC817}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BBF3AD0C-955E-4BEB-8C67-EC969113B8F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9199E157-4C92-4AD7-9BC0-AE06BCD3FBD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3ED66AFE-F03D-4600-8032-D73A2809008D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FFDE67B0-A390-4405-9ABA-033EFE95AB6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B9A9231-100C-4EB5-885D-1A14EDE4F519}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F99A992-94F4-467F-A21F-AFC4EF01CC3F}] => (Allow) D:\Program Files (x86)\steam\Steam.exe
FirewallRules: [{D3625D65-7599-413B-8C55-2EE280817E3A}] => (Allow) D:\Program Files (x86)\steam\Steam.exe
FirewallRules: [{42DFFFB6-C206-41AD-B784-8B6706F518FE}] => (Allow) D:\Program Files (x86)\steam\bin\steamwebhelper.exe
FirewallRules: [{95B7A470-1A75-42E5-A111-81516FB962D3}] => (Allow) D:\Program Files (x86)\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{5F3D8635-3378-481F-BCA3-2D3E63A6F498}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{E6BD0BB4-B914-49A3-9F81-8F3B39AEC95F}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{B5C39AD9-6C35-4ACB-A759-64A5177D4991}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [UDP Query User{F771CD6B-CC17-463E-AFD1-34403C3469B7}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe
FirewallRules: [{26812591-3384-4DAE-AD39-152D8528F96C}] => (Allow) LPort=1542
FirewallRules: [{496A06A5-83DD-4056-B552-231E40D5F49A}] => (Allow) LPort=1542
FirewallRules: [{D56EEB33-1538-4754-B538-203E502C8FC0}] => (Allow) LPort=53
FirewallRules: [{521CF40B-731A-4F63-9B52-5FA10FDD5E62}] => (Allow) LPort=53
FirewallRules: [{96CFA00A-AAA4-4621-8262-F4D121AD93F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0885135F-2118-4E73-83AC-0294E25E02E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9150A7F7-875D-4117-9305-FD00F3FBDDD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28F8F42D-6754-4B90-ABC5-78790EF5DE1F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7D05A85-1066-44F7-B872-3394996CA18E}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{F2B89D1C-AC5F-4E23-A040-4FEC4F29C4EE}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{7E804017-36E6-47C2-8958-9D6D79BA59AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{25EAC9B3-7DC1-46FF-94E9-4FD02BF05870}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A0BB82E0-9584-4D35-8F03-49F8C13DCCE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AA48C17C-9C25-4DF2-AA4D-91E918CB32A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{A9AF1DFE-61E7-40A7-99D1-543ED8422B21}D:\games\civ 5\civilization v\civilizationv_dx11.exe] => (Allow) D:\games\civ 5\civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{8C56C05B-264D-4C7E-AAC5-A22720F881CB}D:\games\civ 5\civilization v\civilizationv_dx11.exe] => (Allow) D:\games\civ 5\civilization v\civilizationv_dx11.exe
FirewallRules: [{B444D626-8C38-4708-823B-5BAEC74C91FE}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{80B95AE2-6274-43E5-9C88-947ADAE437C9}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{3982305F-A42C-4BC7-A9BA-82007B8DEEDC}D:\games\civ5\civilization v\civilizationv.exe] => (Allow) D:\games\civ5\civilization v\civilizationv.exe
FirewallRules: [UDP Query User{03F4B982-EE85-49DB-9E99-45DCDA036154}D:\games\civ5\civilization v\civilizationv.exe] => (Allow) D:\games\civ5\civilization v\civilizationv.exe
FirewallRules: [TCP Query User{A564E52E-D534-44E8-9D90-BBA7A09A5B1E}D:\games\master of orion\masteroforion.exe] => (Allow) D:\games\master of orion\masteroforion.exe
FirewallRules: [UDP Query User{AC303ECC-1A1B-47E3-B21A-05A36D4E94CC}D:\games\master of orion\masteroforion.exe] => (Allow) D:\games\master of orion\masteroforion.exe
FirewallRules: [TCP Query User{0D3E824C-110A-4E50-AEAD-EEE489B03170}C:\users\donkey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\donkey\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{23F9E49A-E64A-4E00-B94B-8E1A475E6967}C:\users\donkey\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\donkey\appdata\roaming\spotify\spotify.exe
FirewallRules: [{881CFDD0-9A3B-486F-9EE6-98FD6E1FB7F3}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{FE2AB19D-1551-4089-9C01-629F1F6B2691}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{B25B87B3-6EB9-4540-B4E7-8574A0B37575}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EDFEB0AD-D157-44EF-ADB9-C43F1893DD30}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{960C01B1-A8FA-49BE-9CEB-752330C9E415}C:\program files (x86)\dragon fire games inc\ukrainian ninja\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\dragon fire games inc\ukrainian ninja\binaries\win32\udk.exe
FirewallRules: [UDP Query User{18B8EA21-4959-4767-9D1B-163E3075FCA9}C:\program files (x86)\dragon fire games inc\ukrainian ninja\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\dragon fire games inc\ukrainian ninja\binaries\win32\udk.exe
FirewallRules: [TCP Query User{689545A2-D2B0-487D-BB4E-DB8EF8D26726}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
FirewallRules: [UDP Query User{25E38209-D854-4BF1-BAE6-0A66832C6084}C:\program files (x86)\master of orion\masteroforion.exe] => (Allow) C:\program files (x86)\master of orion\masteroforion.exe
FirewallRules: [{64AC5D68-1AEC-46CA-AA37-775FE3EF2FA8}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{668B6686-2445-4269-8722-D409F3BEFD1E}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{1401920C-1102-45CB-879B-DDC684F898A3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D0A68128-EF8E-4CCE-8041-818FDE5DD6DD}] => (Allow) D:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1654054C-9D02-471F-8FEC-A0B94FF328DA}] => (Allow) D:\Program Files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CCCAAA97-B1EC-4396-A3E5-E4BB19F0D90F}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{3B000CAB-F3E7-4709-B402-6720677EA979}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{963BE412-20CD-462C-B96E-9532E075A5F4}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\MCP\MCP.exe
FirewallRules: [{E3ABE40E-571D-47EA-A116-AE02FA2D21C7}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\MCP\MCP.exe
FirewallRules: [{74754925-629C-4AC7-934C-C503388B745E}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
FirewallRules: [{51BF37EC-B159-4DD9-A908-26B8D858D530}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1D5BAD16-9A32-4E19-825F-3467BBECD1FE}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{17083270-088B-4012-B0E9-7B354BDFAF3B}] => (Allow) C:\Program Files (x86)\UnHackMe\Unhackme.exe
FirewallRules: [{CDD8FE65-8AD5-4DCE-BCD7-D07C82E34479}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{264D4401-CDF9-497A-87A3-43B8F05930A6}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{BC368790-38AC-4175-A025-AC4C5B276E2A}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{14E8DB31-8817-42FB-98DE-7EEFB104E61E}] => (Allow) D:\Program Files (x86)\steam\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{29868C2A-9E64-4650-B8C6-19454AEF2305}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{1D86C9DD-3103-407C-8AA1-457D051C419E}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{429D53A7-8D7B-440C-AE48-F2FD960DC9B7}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{AE0FFD8D-354C-4BF4-9028-F9DEEC57785A}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{C9DF1C9E-FB4A-4568-AB30-7F013282AE7F}] => (Allow) C:\Windows\[email protected]
FirewallRules: [{24D992E9-0FBC-4322-9F02-847A8E951400}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [TCP Query User{9EBC5276-3354-45E8-A692-0E79EC8CAF71}C:\program files (x86)\mirc\mirc.exe] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{4209D3B1-3E4C-4C0C-B94A-0D391DA975C5}C:\program files (x86)\mirc\mirc.exe] => (Block) C:\program files (x86)\mirc\mirc.exe
 
==================== Restore Points =========================
 
02-03-2017 12:39:38 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2017 04:09:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/02/2017 04:12:20 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/01/2017 05:28:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x58493b47
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23572, time stamp: 0x57fd0379
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x954
Faulting application start time: 0x01d2927ef2673d09
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 35341991-fe72-11e6-bf7e-82841da9380d
 
Error: (03/01/2017 05:28:35 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (03/01/2017 05:28:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/01/2017 05:28:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (03/01/2017 05:28:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (03/01/2017 05:28:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (03/01/2017 05:25:19 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\System32\systemcpl.dll".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="&#x2a;",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2017 05:20:29 AM) (Source: VSS) (EventID: 12344) (User: )
Description: Volume Shadow Copy Error: An error 0x00000000c000014d was encountered while Registry Writer was preparing the registry for a shadow
copy.  Check the Application and System event logs for any related errors.
 
 
Operation:
   OnFreeze event
   Freeze Event
 
Context:
   Execution Context: Registry Writer
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {f9a1262a-9d80-40be-be2a-baad0ba65d40}
 
 
System errors:
=============
Error: (03/03/2017 02:39:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TOSHIBA EXT.
 
Error: (03/03/2017 02:39:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TOSHIBA EXT.
 
Error: (03/03/2017 02:39:26 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TOSHIBA EXT.
 
Error: (03/02/2017 12:28:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/01/2017 08:00:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/01/2017 05:28:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/01/2017 05:28:21 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (03/01/2017 05:27:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (03/01/2017 05:14:05 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d32\Device\HarddiskVolume1\Boot\BCD
 
Error: (02/28/2017 07:32:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-01-29 12:44:22.459
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 12:31:56.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 08:58:43.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 08:39:49.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 08:12:45.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 08:04:07.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 08:01:08.426
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-29 08:01:08.406
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-01-29 07:51:22.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-29 07:43:44.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 16361.18 MB
Available physical RAM: 9782.66 MB
Total Virtual: 16359.36 MB
Available Virtual: 9344.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:27.25 GB) NTFS
Drive d: () (Fixed) (Total:650.77 GB) (Free:185.62 GB) NTFS
Drive e: () (Fixed) (Total:47.76 GB) (Free:47.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 96AA52EF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=650.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=47.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
Jr0x
Posted 04 March 2017 - 03:14 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi BearCavalry,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

Hang on while I analyze your log.
  • 0

#3
Jr0x
Posted 04 March 2017 - 03:21 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi BearCavalry,

WVCheck

Please download WVCheck from Latest EXE Download.
  • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.
CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Double click (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

#4
BearCavalry
Posted 04 March 2017 - 11:38 AM

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
Windows Validation Check
Version: 1.9.12.7
Log Created On: 1105_04-03-2017
-----------------------
INFORMATION & UPDATES
Latest versions:
-----------------------
 
 
Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1 
Windows Mode: Normal
Systemroot Path: C:\Windows
 
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2017-03-04 08:48:08
Last Success Time for Update Download: 2017-03-03 22:42:06
Last Success Time for Update Installation: 2017-03-03 22:42:24
 
 
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
 
 
WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/11/2010 21:24:21
Modification; 20/11/2010 21:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
 
 
WVCheck's Dir Dump
-----------------------
D:\Torrents\3 - SOFTWARE\Windows 7 Ultimate Sp1 x64 En-Us ESD April2016 Pre-Activated=-TEAM OS=-
Size: 0 bytes
Creation; 12/5/2016 17:53:22
Modification; 12/5/2016 17:53:24
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
 
 
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
 
 
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
 
 
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
 
 
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 3cb074875ac88a7c1010a2a7f9881a8c
 
 
-------- End of File, program close at 1110_04-03-2017 --------

  • 0

#5
BearCavalry
Posted 04 March 2017 - 11:40 AM

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
CKScanner 2.5 - Additional Security Risks
scanner sequence 3.CF.11.GXAPFZ
 ----- EOF ----- 

  • 0

#6
BearCavalry
Posted 04 March 2017 - 02:49 PM

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts

Than you Jr0x for taking my case. I appreciate it.


  • 0

#7
Jr0x
Posted 05 March 2017 - 12:12 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Please do not remove any lines output by CKScanner.

 

Please post the exact log that was outputted by CKScanner.


  • 0

#8
BearCavalry
Posted 05 March 2017 - 02:20 AM

BearCavalry

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 141 posts
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\frst\quarantine\c\windows\[email protected]
scanner sequence 3.AB.11.VWCPQ0
 ----- EOF ----- 

  • 0

#9
Jr0x
Posted 05 March 2017 - 02:38 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

MGA Diagnostic Tool

Please run the MGA Diagnostic Tool and post back the report it produces:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

 

According to G2G Terms of Use under:

 

  • The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

 

Either or both your Microsoft Windows and Office product seem to be pirated and activated via KMS.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP