Hello
I have recently updated my anti-virus Avast Free and Malwarebytes programs. Avast also prompted me to update programs that were out of date (Mozzila, winrar, Flash, Adobe,...) and I did.
Malwarebytes was upgraded to a 30day premium trial (with real time protection). Soon after it started throwing warning messages, it intercepted some outgoing stuff (can't remember exactly what it said) every few minutes.
I scanned everything both with Avast and Malwarebytes. Found nothing.
Following various sites&forums I first downloaded Tdsskiller and run it through. It found a single issue with secdrv.sys (System32/drivers/secdrv.sys). It only marked it as medium dangerous. As it's a system file I did not delete it.
I then downloaded NortonPowerEraser and HitmanPRO and run it...Norton found some simple stuff (mostly cookies) as problematic. I followed its recomended settings (making sure I don't delete something vital) and deleted and completed scans.
I ran all of these programs multiple times.
The Malwarebytes warning messages went away for a while. When I woke up this morning I get a message from Malewarebytes that my real time web protection is off. As I try to turn it on, it turns off on its own right away. This virus is turning off my safty features.
QUESTION: Should I keep my computer on Shut down or Sleep whilst waiting for a reply? Or can I continue to use it? I don't want the infection to spread.
PERHAPS UNRELATED:
I have a bad motherboard(fixed before), so the laptop often runs 100% CPU and sometimes throws a blue screen of death. The high CPU is very apparant when using Chrome and Mozzila. Might be my hardware, might be the virus running something in the background...idk.
Thank you for taking the time to look into this.
FRSTtxt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2017
Ran by Mathew (administrator) on MATHEW-PC (21-11-2017 13:46:20)
Running from C:\Users\Mathew\Desktop
Loaded Profiles: Mathew (Available Profiles: Mathew)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\SimracewayUpdater\SRWUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-18] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-05-05] (Logitech Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2247568 2013-01-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5422432 2014-05-13] (Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7772704 2009-10-02] (Realtek Semiconductor)
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM\...\Run: [ATKMEDIA] => C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM\...\Run: [HControlUser] => C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3111712 2017-11-17] (Valve Corporation)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [4110992 2014-04-27] (Speedbit Ltd.)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\MountPoints2: {cfc95b6d-a835-11e5-ad7b-c89ac6531659} - I:\LaunchU3.exe -a
BootExecute: autocheck autochk * sdnclean.exebootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{D2D5868A-4340-4853-8DD5-C36310836696}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D2D5868A-4340-4853-8DD5-C36310836696}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.si/?gws_rd=cr,ssl&ei=QJs_VNL-KqTnygOQj4DoCA
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-18] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-19] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 [2017-11-21]
FF Homepage: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> hxxps://www.google.com/?bcutc=sp-006
FF NewTab: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120 -> hxxps://www.google.com/search?bcutc=sp-006
FF Extension: (Avast SafePrice) - C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\Extensions\[email protected] [2017-10-15]
FF Extension: (Avast Online Security) - C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\Extensions\[email protected] [2017-11-11]
FF SearchPlugin: C:\Users\Mathew\AppData\Roaming\Mozilla\Firefox\Profiles\yp7khgkp.default-1486819378120\searchplugins\google-avast.xml [2017-02-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1990737404-2085512467-1734709770-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mathew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-24] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://search.entru.com/?s=21983
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default [2017-11-21]
CHR Extension: (Docs) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Avast Online Security) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-10-15]
CHR Extension: (You've Got Gmail) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\malfeooooleemdfajjpighcjgnbmmbam [2014-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]
CHR Profile: C:\Users\Mathew\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-21]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [djcpfkccckpeeghiklnhienllljccglb] - D:\Program Files\SPEEDbit Video Downloader\Chrome\DownloaderChrome.crx [2014-06-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files\DAP\DAPChrome\DAPChrome6.crx [2014-04-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [ledcpigomgblcmofccnacobhmcdkpiea] - C:\Program Files\SearchPredict\Chrome\SearchPredictChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-18] (AVAST Software)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-18] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-10-29] (Foxit Software Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2905656 2016-06-15] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2018360 2016-06-15] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-14] ()
R2 Simraceway Update Service; C:\Program Files\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-07-15] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [157176 2017-11-18] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [255616 2017-11-18] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157408 2017-11-18] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276728 2017-11-18] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50376 2017-11-18] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42848 2017-11-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124952 2017-11-18] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [99560 2017-11-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70864 2017-11-18] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783136 2017-11-18] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [388760 2017-11-19] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [150848 2017-11-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [298360 2017-11-18] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3237888 2013-11-01] (Qualcomm Atheros Communications, Inc.)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1.sys [24424 2012-12-13] (Windows ® Win 7 DDK provider)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-25] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [296336 2013-01-03] (ELAN Microelectronics Corp.)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
S3 fspad_win732; C:\Windows\System32\DRIVERS\fspad_win732.sys [144736 2014-05-13] (Sentelic Corporation)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [167352 2017-11-19] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-11-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-11-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-11-21] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [14392 2009-05-13] (ASUS)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [50744 2016-04-14] (NVIDIA Corporation)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11968 2000-07-24] () [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761024 2010-09-07] (Sonix Technology Co., Ltd.)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S1 EterlogicVirtualSerialDriver; \??\C:\Users\Mathew\AppData\Local\Temp\VSPE.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-21 13:46 - 2017-11-21 13:51 - 000019395 _____ C:\Users\Mathew\Desktop\FRST.txt
2017-11-21 13:46 - 2017-11-21 13:46 - 000000000 ____D C:\FRST
2017-11-21 13:45 - 2017-11-21 13:45 - 001787904 _____ (Farbar) C:\Users\Mathew\Desktop\FRST.exe
2017-11-21 13:40 - 2017-11-21 13:40 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-11-21 12:33 - 2017-11-21 12:40 - 000229830 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_12.33.00_log.txt
2017-11-21 03:54 - 2017-11-21 03:56 - 000233460 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_03.54.32_log.txt
2017-11-21 03:52 - 2017-11-21 03:52 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2017-11-21 03:52 - 2017-11-21 03:52 - 000000780 _____ C:\Windows\system32\bootdelete.lst
2017-11-21 03:30 - 2017-11-21 03:54 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-21 03:30 - 2017-11-21 03:30 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-21 03:29 - 2017-11-21 03:29 - 011007936 _____ (SurfRight B.V.) C:\Users\Mathew\Desktop\hitmanpro.exe
2017-11-21 03:21 - 2017-11-21 03:25 - 000233626 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_03.21.58_log.txt
2017-11-21 03:19 - 2017-11-21 03:19 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-21 03:17 - 2017-11-21 03:17 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-11-21 03:00 - 2017-11-21 03:25 - 000000000 ____D C:\Users\Mathew\AppData\Local\NPE
2017-11-21 03:00 - 2017-11-21 03:00 - 000000000 ____D C:\ProgramData\Norton
2017-11-21 02:58 - 2017-11-21 02:59 - 003422944 _____ (Symantec Corporation) C:\Users\Mathew\Desktop\NPE.exe
2017-11-21 02:19 - 2017-11-21 02:59 - 000231826 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_02.19.03_log.txt
2017-11-21 01:35 - 2017-11-21 02:13 - 000460978 _____ C:\TDSSKiller.3.1.0.15_21.11.2017_01.35.42_log.txt
2017-11-20 21:50 - 2017-11-20 21:50 - 000000000 ____D C:\Users\Mathew\AppData\Local\AVAST Software
2017-11-20 21:45 - 2017-11-20 21:45 - 000002095 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2017-11-20 21:45 - 2017-11-20 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-11-20 21:25 - 2017-11-20 21:30 - 000985390 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_21.25.33_log.txt
2017-11-20 21:09 - 2017-11-20 21:21 - 000230872 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_21.09.00_log.txt
2017-11-20 20:41 - 2017-11-20 21:08 - 000456586 _____ C:\TDSSKiller.3.1.0.15_20.11.2017_20.41.46_log.txt
2017-11-20 20:41 - 2017-11-20 20:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Mathew\Desktop\tdsskiller.exe
2017-11-20 20:37 - 2017-11-20 20:37 - 003227608 _____ C:\Users\Mathew\Downloads\Unconfirmed 25082.crdownload
2017-11-20 20:32 - 2017-11-20 20:32 - 004551260 _____ C:\Users\Mathew\Downloads\Unconfirmed 376312.crdownload
2017-11-20 20:31 - 2017-11-20 20:31 - 003084203 _____ C:\Users\Mathew\Downloads\Unconfirmed 286259.crdownload
2017-11-19 02:45 - 2017-11-21 03:17 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-19 02:45 - 2017-11-21 03:17 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-11-19 02:45 - 2017-11-19 02:45 - 000167352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-11-19 02:45 - 2017-11-19 02:45 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-19 02:45 - 2017-11-19 02:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-19 02:44 - 2017-11-19 02:44 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-19 02:44 - 2017-11-19 02:44 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-19 02:44 - 2017-11-01 08:54 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-11-19 02:42 - 2017-11-19 02:42 - 000000000 ____D C:\Program Files\Common Files\Java
2017-11-19 02:26 - 2017-11-18 02:21 - 000305328 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-19 02:22 - 2017-11-19 02:22 - 007176464 _____ (AVAST Software) C:\Users\Mathew\Downloads\avast_free_antivirus_setup_online.exe
2017-11-19 02:18 - 2017-11-19 02:18 - 008893232 _____ (AVAST Software) C:\Users\Mathew\Downloads\Unconfirmed 106996.crdownload
2017-11-19 02:14 - 2017-11-18 02:22 - 000157176 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-15 12:11 - 2017-10-18 07:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 12:11 - 2017-10-18 02:55 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 12:11 - 2017-10-18 02:55 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 12:11 - 2017-10-16 23:49 - 001213672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 12:11 - 2017-10-16 23:25 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 12:11 - 2017-10-16 22:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-11-15 12:11 - 2017-10-14 08:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 12:11 - 2017-10-14 08:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 12:11 - 2017-10-14 08:03 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 12:11 - 2017-10-14 07:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 12:11 - 2017-10-14 07:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 12:11 - 2017-10-14 07:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 12:11 - 2017-10-14 07:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 12:11 - 2017-10-14 07:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 12:11 - 2017-10-14 07:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 12:11 - 2017-10-14 07:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 12:11 - 2017-10-14 07:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 12:11 - 2017-10-14 07:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 12:11 - 2017-10-14 07:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 12:11 - 2017-10-14 07:45 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 12:11 - 2017-10-14 07:41 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 12:11 - 2017-10-14 07:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 12:11 - 2017-10-14 07:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 12:11 - 2017-10-14 07:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 12:11 - 2017-10-14 07:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 12:11 - 2017-10-14 07:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 12:11 - 2017-10-14 07:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 12:11 - 2017-10-14 07:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 12:11 - 2017-10-14 07:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 12:11 - 2017-10-14 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 12:11 - 2017-10-14 07:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 12:11 - 2017-10-14 07:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 12:11 - 2017-10-14 07:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 12:11 - 2017-10-14 07:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 12:11 - 2017-10-14 07:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 12:11 - 2017-10-14 07:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 12:11 - 2017-10-14 07:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 12:11 - 2017-10-14 07:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 12:11 - 2017-10-14 07:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 12:11 - 2017-10-12 01:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 12:11 - 2017-10-12 01:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 12:11 - 2017-10-12 01:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 12:11 - 2017-10-12 01:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 12:11 - 2017-10-12 01:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 12:11 - 2017-10-12 01:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 12:11 - 2017-10-12 01:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 12:11 - 2017-10-12 01:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 12:11 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 12:11 - 2017-10-12 01:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 12:11 - 2017-10-12 01:16 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 12:11 - 2017-10-12 01:14 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 12:11 - 2017-09-07 14:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 12:11 - 2017-09-07 14:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-12 15:03 - 2017-11-12 15:04 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Mathew\Downloads\flashplayer27_xa_install.exe
2017-11-10 21:29 - 2017-11-10 21:30 - 014158948 _____ C:\Users\Mathew\Downloads\2014 CRF Enduro.saf
2017-11-06 13:16 - 2017-11-06 13:16 - 000000000 ____D C:\Program Files\Motocross The Force 9XX
2017-11-06 13:15 - 2017-11-06 13:16 - 016862444 _____ C:\Users\Mathew\Downloads\MotocrossTheForce964Setup.exe
2017-11-06 00:52 - 2017-11-06 00:52 - 000453832 _____ C:\Windows\Minidump\110617-25724-01.dmp
2017-10-30 13:14 - 2017-10-30 13:14 - 001060179 _____ C:\Users\Mathew\Downloads\grand-theft-auto-vice-city-v10-english-no-cdfixed-exe-passwd-lonebullet.7z
2017-10-30 12:55 - 2017-10-30 12:55 - 000232689 _____ C:\Users\Mathew\Downloads\1505777222_First Person View Mod For Vice City.rar
2017-10-30 12:55 - 2017-10-30 12:55 - 000232689 _____ C:\Users\Mathew\Downloads\1505777222_First Person View Mod For Vice City (1).rar
2017-10-30 12:54 - 2017-10-30 12:55 - 016062857 _____ C:\Users\Mathew\Downloads\1508063391_VC Remastered 2.0.zip
2017-10-29 21:12 - 2017-10-30 13:04 - 000000000 ____D C:\Users\Mathew\Documents\GTA Vice City User Files
2017-10-29 19:05 - 2017-10-29 19:05 - 000000215 _____ C:\Users\Mathew\Desktop\Grand Theft Auto Vice City.url
2017-10-23 18:23 - 2017-10-23 18:40 - 000000098 _____ C:\Users\Mathew\Desktop\PC specs.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-21 13:50 - 2009-07-14 05:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-21 13:50 - 2009-07-14 05:34 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-21 03:19 - 2016-10-08 00:32 - 000000000 ____D C:\Program Files\Steam
2017-11-21 03:17 - 2014-08-07 14:39 - 000000348 _____ C:\Windows\Tasks\DriverToolkit Autorun.job
2017-11-21 03:16 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-21 01:36 - 2017-09-04 14:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-21 01:36 - 2016-06-10 16:42 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Mozilla
2017-11-20 22:00 - 2016-10-09 12:32 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Octoshape
2017-11-20 21:47 - 2014-11-03 23:05 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-11-20 21:47 - 2014-11-03 23:05 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-11-20 21:47 - 2014-11-03 23:05 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-20 21:45 - 2017-05-18 21:31 - 000000000 ____D C:\ProgramData\Foxit Software
2017-11-19 02:44 - 2014-04-24 20:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-19 02:44 - 2014-04-24 20:08 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-11-19 02:42 - 2014-09-01 10:32 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-11-19 02:42 - 2014-09-01 10:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-19 02:41 - 2014-09-01 10:32 - 000000000 ____D C:\Program Files\Java
2017-11-19 02:27 - 2015-06-29 14:17 - 000002079 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-19 02:27 - 2014-04-24 14:05 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-19 02:26 - 2014-04-24 14:08 - 000388760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-19 02:17 - 2017-08-13 21:32 - 000000000 _____ C:\Windows\system32\last.dump
2017-11-18 02:22 - 2014-04-24 14:08 - 000298360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000150848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000124952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000099560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000070864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-18 02:22 - 2014-04-24 14:08 - 000042848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000276728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000255616 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000157408 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-11-18 02:21 - 2017-08-15 12:46 - 000050376 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-11-18 02:21 - 2014-04-24 14:08 - 000783136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-16 15:00 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\rescache
2017-11-16 12:37 - 2009-07-14 05:33 - 000444336 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 00:21 - 2014-04-24 14:10 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 12:43 - 2016-10-08 00:32 - 000000000 ____D C:\Program Files\Common Files\Steam
2017-11-13 19:06 - 2017-08-10 18:52 - 000000000 ____D C:\Users\Mathew\AppData\Local\CrashDumps
2017-11-12 15:05 - 2014-11-03 23:03 - 000000000 ____D C:\Users\Mathew\AppData\Local\Adobe
2017-11-10 21:54 - 2015-01-07 17:10 - 000000000 ____D C:\Users\Mathew\AppData\Local\MX Simulator
2017-11-10 21:52 - 2015-01-07 17:02 - 000000000 ____D C:\Program Files\Mx simulator
2017-11-08 21:11 - 2016-11-16 20:35 - 000000000 ____D C:\Users\Mathew\AppData\LocalLow\Mozilla
2017-11-07 18:49 - 2016-11-13 19:08 - 000039410 _____ C:\Users\Mathew\Desktop\Next Arma suggestion.txt
2017-11-06 00:52 - 2014-07-03 21:55 - 000000000 ____D C:\Windows\Minidump
2017-11-06 00:51 - 2016-06-10 16:41 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-11-05 09:49 - 2014-04-25 18:56 - 000000000 ____D C:\Users\Mathew\AppData\Local\NVIDIA
2017-11-04 08:23 - 2014-04-25 18:57 - 000000000 ____D C:\Users\Mathew\AppData\Local\NVIDIA Corporation
2017-11-04 08:23 - 2014-04-25 18:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-04 08:23 - 2014-04-25 18:41 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-03 14:29 - 2010-11-20 22:01 - 000778834 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-03 14:29 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-10-29 21:11 - 2014-04-29 11:29 - 000000000 ____D C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-10-22 20:34 - 2014-09-03 16:04 - 000002394 _____ C:\Users\Mathew\Desktop\MOVIES.txt
==================== Files in the root of some directories =======
2015-11-14 10:12 - 2015-11-14 10:12 - 000138576 _____ () C:\Users\Mathew\AppData\Roaming\PnkBstrK.sys
2014-06-12 16:08 - 2014-06-12 16:13 - 000003584 _____ () C:\Users\Mathew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 18:34 - 2017-02-11 13:39 - 000007669 _____ () C:\Users\Mathew\AppData\Local\resmon.resmoncfg
2016-02-11 21:56 - 2016-02-11 21:56 - 000000000 _____ () C:\Users\Mathew\AppData\Local\{82A76771-8F6F-42F6-A934-737C31A590CE}
Some files in TEMP:
====================
2017-11-20 21:44 - 2017-08-21 17:01 - 003700288 _____ (Foxit Corporation) C:\Users\Mathew\AppData\Local\Temp\FoxitUpdater.exe
2017-11-14 12:36 - 2017-11-14 12:36 - 000000000 _____ () C:\Users\Mathew\AppData\Local\Temp\{810D1997-C0A5-4BF7-AFE3-D3734A2DAD57}-GoogleUpdateSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-19 18:22
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by Mathew (21-11-2017 13:52:20)
Running from C:\Users\Mathew\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-04-24 12:55:14)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1990737404-2085512467-1734709770-500 - Administrator - Disabled)
Guest (S-1-5-21-1990737404-2085512467-1734709770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1990737404-2085512467-1734709770-1002 - Limited - Enabled)
Mathew (S-1-5-21-1990737404-2085512467-1734709770-1001 - Administrator - Enabled) => C:\Users\Mathew
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
1 (HKLM\...\MOTORM4X Offroad Extreme_is1) (Version: - )
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0015-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0016-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0018-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0019-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001A-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001B-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-041A-0000-0000000FF1CE}_PROPLUS_{C9CC66D9-D7D3-46C1-A485-9601E4DE8D28}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-001F-0424-0000-0000000FF1CE}_PROPLUS_{6E8DFF8D-F7D1-4451-952A-61CAB73A59E2}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-0044-0424-0000-0000000FF1CE}_PROPLUS_{CAC07BC7-D855-4A94-B1DB-5154D99BFBE0}) (Version: - Microsoft) Hidden
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM\...\{90120000-006E-0424-0000-0000000FF1CE}_PROPLUS_{5983F0B6-A661-4378-AEA8-9EB1992D2FB0}) (Version: - Microsoft) Hidden
3D Route Builder (HKLM\...\{22EA8886-788F-449C-9ADE-417F41E9C954}) (Version: 7.3.9 - Hybrid GeoTools)
3D Sound Back Beta0.1 (HKLM\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)
7-Zip 16.04 (HKLM\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Armed Assault Türkiye Mod Paketi (HKLM\...\Armed Assault Türkiye Mod Paketiv1.0) (Version: v1.0 - Armed Assault Türkiye)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
B375 Peugeot 206 1.00 (HKLM\...\B375 Peugeot 206 1.00) (Version: - )
Bathurst v1.5 (2010 V8SC) (HKLM\...\{DDD54BB5-416B-41AE-A67A-F7BAC01C6CA1}_is1) (Version: v1.5 - Team ORSM)
BobsTrackBuilder (HKLM\...\{ECDF8120-703D-4A96-B36C-A565419B3900}) (Version: 1.0.0 - Bobs Track Builder)
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.66.1075 - AB Team, d.o.o.)
CBR Reader (HKLM\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version: - cbrreader.com)
Cities XL Platinum (HKLM\...\Cities XL Platinum_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D.O.D. Map Pack v1.2 (HKLM\...\D.O.D. Map Pack v1.2) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deus Ex - Game of the Year Edition (HKLM\...\Deus Ex - Game of the Year Edition_is1) (Version: - GOG.com)
Disney's Simba's Pride GameBreak (HKLM\...\Simba's Pride GameBreak) (Version: - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10059 (Build 2593) - Speedbit Ltd.)
Electronic Arts Game Updater (HKLM\...\Electronic Arts Game Updater) (Version: - )
ETDWare PS/2-X86 11.5.6.6_WHQL (HKLM\...\Elantech) (Version: 11.5.6.6 - ELAN Microelectronic Corp.)
Façade (HKLM\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fender FUSE (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\4051934814.fuse.fender.com) (Version: - fuse.fender.com)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.7.1 - Sentelic)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
Freelancer (HKLM\...\Freelancer 1.0) (Version: - )
Game Copa Petrobras de Marcas version 1.02 (HKLM\...\{A5075C60-242E-432B-B935-31C90D127DA9}}_is1) (Version: 1.02 - Reiza Studios Ltda.)
Google Chrome (HKLM\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IMVU Avatar Chat Software (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Installer (HKLM\...\{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java 8 Update 151 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Logitech Gaming Software 5.09 (HKLM\...\{4EDD761B-5253-4CD1-A309-9DFEE960E344}) (Version: 5.09.131 - Logitech)
Mafia II (HKLM\...\Mafia II_is1) (Version: - R.G. Mechanics, DANTE2050)
Mafia The City of Lost Heaven version 1.0.0.1 (HKLM\...\Mafia The City of Lost Heaven_is1) (Version: 1.0.0.1 - KNIGHT)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Midtown Madness 2 (HKLM\...\Midtown Madness 2.0) (Version: - )
Microsoft Midtown Madness 2 Trial (HKLM\...\Midtown Madness 2.0 Trial) (Version: - )
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )
Minecraft1.8 (HKLM\...\Minecraft1.8) (Version: - )
Motocross The Force (remove only) (HKLM\...\Motocross The Force) (Version: - )
Mount&Blade Warband (HKLM\...\Mount&Blade Warband) (Version: - )
Mozilla Firefox 57.0 (x86 sl) (HKLM\...\Mozilla Firefox 57.0 (x86 sl)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
muvee Reveal 11 (HKLM\...\{92150CEE-F017-9FF5-17C4-B1CEB1048A3D}) (Version: 11.0.0.26762 - muvee Technologies Pte Ltd)
muvee Reveal Runtime (HKLM\...\{89018418-6136-4BA8-BAF9-FC0D3C4D4DDA}) (Version: 11.0.0.26762 - muvee Technologies Pte Ltd)
Mx simulator version 1 (HKLM\...\{E7D1E14C-153A-4EBF-8F20-616EB8B45CDF}_is1) (Version: 1 - Josh Vanderhoof)
Need for Speed - Hot Pursuit 2 (HKLM\...\Need for Speed - Hot Pursuit 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Need For Speed - Porsche 2000 (HKLM\...\Need For Speed - Porsche 2000) (Version: - )
NirSoft VideoCacheView (HKLM\...\NirSoft VideoCacheView) (Version: - )
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version: - )
Operation Flashpoint 1.96 Multi Serial Edition (HKLM\...\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}) (Version: 1.20 - GanjaBlood)
ParaflySim 3D Simulator BETA Demo (HKLM\...\{747E9E45-921F-4A99-BAB8-298F96F63A81}) (Version: 1.0.0 - RealSimSoft)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )
Posodobitev za Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0424-0000-0000000FF1CE}_PROPLUS_{FD705E62-13B4-4BF5-A4B2-A7599309751B}) (Version: - Microsoft)
Posodobitev za Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0424-0000-0000000FF1CE}_PROPLUS_{045DC059-1CCC-47B9-BA35-713E269D33B8}) (Version: - Microsoft)
Posodobitev za Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0424-0000-0000000FF1CE}_PROPLUS_{AD1C31E7-4856-4887-9307-1ABDE0F2DF7C}) (Version: - Microsoft)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Raven Shield 2.0 English (HKLM\...\Raven_0) (Version: - KetsuCorp Enterprises)
Real Lives 2010 (HKLM\...\Real Lives 2010) (Version: 10.0.0.13 - Educational Simulations)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R - Shadow of Chernobyl (HKLM\...\S.T.A.L.K.E.R - Shadow of Chernobyl_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Screamer 4x4 (HKLM\...\Screamer 4x4) (Version: - )
SeeYou Version 3.1 (HKLM\...\SeeYou_is1) (Version: - )
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Pirates! (HKLM\...\{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Pirates! (HKLM\...\InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}) (Version: 1.00.0000 - Firaxis Games)
Simraceway 28.92 (HKLM\...\Simraceway) (Version: 28.92 - Simraceway)
SpeedBit Video Downloader (HKLM\...\SPEEDbit Video Downloader) (Version: 1155(build_502) - SPEEDbit Ltd.)
Splinter Cell Chaos Theory version 1.0.5 (HKLM\...\Splinter Cell Chaos Theory_is1) (Version: 1.0.5 - Ubisoft)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SWAT 3 - Tactical Game of The Year Edition (HKLM\...\SWAT 3 - Tactical Game of The Year Edition_is1) (Version: - GOG.com)
SWAT 4 - The Stetchkov Syndicate (HKLM\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM\...\{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.) Hidden
SWAT 4 (HKLM\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia (HKLM\...\Syberia_is1) (Version: - GOG.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.7 - Synaptics Incorporated)
System Requirements Lab (HKLM\...\{B35DBBD7-B42E-494A-8913-431A2E448131}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{CF2519AE-18CA-49DD-B590-11C08AC216F4}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Terror Strike (HKLM\...\{11B3D22F-AAAA-4A52-99A5-A2966CE640EA}) (Version: - Encore)
TGZ TDM Map Pack 1 (HKLM\...\TGZ TDM Map Pack 1) (Version: - )
Unity Web Player (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb976884) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FB60F280-C70F-4174-BADB-471412AA42F0}) (Version: - Microsoft)
USB 2.0 2.0M UVC WebCam (HKLM\...\USB 2.0 2.0M UVC WebCam) (Version: - )
UserTesting (HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Mathew\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1990737404-2085512467-1734709770-1001_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-18] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2017-10-21] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01C89291-F0F3-4587-819A-00D525056BF7} - System32\Tasks\{5526E1A7-8AD9-45E2-91BB-82A5C906A6B0} => C:\Windows\system32\pcalua.exe -a "E:\see you\wcusetup.exe" -d "E:\see you"
Task: {01D14CA3-FAE7-43B1-9708-30E499CD40EC} - System32\Tasks\{807C03D6-2F4A-480C-8CA0-AC8198EF4933} => C:\Windows\system32\pcalua.exe -a "E:\see you\pcusetup.exe" -d "E:\see you"
Task: {080AC514-22EA-4C5B-87D0-B80234D42AC2} - System32\Tasks\{41C75AC0-628D-40B9-B03B-52FD7A3BC093} => C:\Program Files\Bohemia Interactive\ArmA\arma.exe
Task: {0C27DD63-45C9-4CF0-A132-DE73B8B3FCD4} - System32\Tasks\{1BEDF4F3-0FD7-4162-B440-A8A0C51A06B7} => C:\Windows\system32\pcalua.exe -a C:\Users\Mathew\Desktop\SWAT4XSRIInstaller_19122013_2156_F4.exe -d C:\Users\Mathew\Desktop
Task: {1584D162-1732-4EF3-AD97-D8245790B77D} - System32\Tasks\ATKOSD2 => C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {16F12432-5798-4DA7-84C4-7FCA1B65EFE5} - System32\Tasks\{A7AC577A-51DA-4319-8472-6C6E3788E20D} => D:\Pcx2\pcsx2-r5875.exe
Task: {1EB39D68-559E-42D9-B9E9-BD6C9BFFBFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {206BCD4C-651B-438F-907F-849113E4B96E} - System32\Tasks\{90973D2C-DC55-4F62-9FB1-2EB0A8B0E2AD} => D:\Program Files\Red Storm Entertainment\RavenShield\RavenShield.exe [2004-11-07] ()
Task: {2573EEA7-13AC-4119-B896-6BB95E462357} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-18] (AVAST Software)
Task: {3100433B-1060-4ED7-A67D-6FD456585ABE} - System32\Tasks\{361B90C5-B454-46B9-9BC1-DF0908C9A02F} => D:\Program Files\Red Storm Entertainment\RavenShield\RavenShield.exe [2004-11-07] ()
Task: {491B71A8-92C8-468D-9BB0-07AFE9BC02F6} - System32\Tasks\{AA3C8F08-07F5-4DDB-95D2-2C01716546E5} => C:\Windows\system32\pcalua.exe -a "E:\see you\alps_cit.exe" -d "E:\see you"
Task: {50155067-7FB4-4DB8-9E90-292111043CE8} - System32\Tasks\{E7987ECD-059F-4B3D-A0EC-4D7895256A97} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mathew\Downloads\RAINBOW SIX\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword\athena_sword_v1.00_to_v1.10_us.exe" -d "C:\Users\Mathew\Downloads\RAINBOW SIX\Raven Shield Complete\Rainbow Six - Raven Shield - Athena Sword"
Task: {592D3C7E-7AA5-401E-8164-EA6600C9AD7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-20] (Adobe Systems Incorporated)
Task: {6BFA1515-C906-4422-88C2-19CC09E88219} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {807F4D55-974D-4667-8FFF-A6485F846FDF} - System32\Tasks\{A71E74B9-400F-4BE5-A127-4B5185F0FEF0} => D:\Pcx2\pcsx2-r5875.exe
Task: {82E4CF9C-6A95-4954-8826-9EA52EEBA155} - System32\Tasks\{11F4B189-75CF-4F2B-BDBD-216595340620} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Mount&Blade Warband\Modules\TLD\.exe" -d "D:\Program Files\Mount&Blade Warband\Modules\TLD"
Task: {983E5AE6-EEC6-4512-B67D-83B7D0F10CF8} - System32\Tasks\{57A9B9E8-C773-4996-ABEE-5B977EBA7B16} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Games\Midtown Madness 2\mm1xppat.EXE" -d "C:\Program Files\Microsoft Games\Midtown Madness 2"
Task: {9B05C977-B011-4FA5-B9C9-13DEE669E250} - System32\Tasks\{E5957E5B-AC2B-437B-913F-460F192E5217} => C:\Program Files\Bohemia Interactive\ArmA\arma.exe
Task: {A11990F2-7550-44A3-BE36-94FC642FE894} - System32\Tasks\{8039A73C-C336-435D-ACB6-AB5FA97818FE} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Red Storm Entertainment\RavenShield\IronWrathSetup_US.exe" -d "D:\Program Files\Red Storm Entertainment\RavenShield"
Task: {A492C135-2A02-4F09-8EFB-AA0CBE98A3D3} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe
Task: {A54C47BF-5C6E-447A-9B9C-A823C7428DD2} - System32\Tasks\{CFB91BDE-3F0A-4327-9F92-8F1BBBBF71E3} => D:\Pcx2\pcsx2-r5875.exe
Task: {A598B1E6-1776-42ED-88BE-C203D7E47032} - System32\Tasks\{D7A9FAF8-E8C1-4E15-8C78-2CC37A894333} => C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
Task: {AC2271E5-FF2D-4B43-A418-AA3BEDA37F99} - System32\Tasks\{7295C6F3-157E-4264-B0A2-C3FE9D7D9327} => C:\Windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
Task: {ACA9AC95-D2BD-4AC4-832D-0466CB7DE555} - System32\Tasks\{977D0F07-3C67-4770-98B5-D27CA70317BE} => C:\Windows\system32\pcalua.exe -a "F:\See You\zemljevidi\see you\italy_cit.exe" -d "F:\See You\zemljevidi\see you"
Task: {AE63424B-4E30-4050-99C5-78FEA931C38A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {B611825A-6748-4DCE-ACFA-8251CABD7830} - System32\Tasks\{DF220F30-33A2-4EE2-BEC8-701A7D6C4CB6} => C:\Users\Mathew\AppData\Local\VelvetSundown\VelvetSundown.exe
Task: {C99F2DCB-FD40-416D-98C0-1D93F3D74C5D} - System32\Tasks\{AEAB169B-AD88-440E-B016-747A08D43020} => C:\Windows\system32\pcalua.exe -a "E:\see you\alps_cit.exe" -d "E:\see you"
Task: {D8BBD54C-11B4-4757-84CB-E786CD1C0BF4} - System32\Tasks\{80086FA0-C125-4351-8297-5A1E05BCB3A0} => C:\Windows\system32\pcalua.exe -a "F:\See You\zemljevidi\see you\alps_e_cmr.exe" -d "F:\See You\zemljevidi\see you"
Task: {DB8CC00E-FFF5-4202-AD2C-2E9A10F98583} - System32\Tasks\{92A7044C-88C6-496C-8A6E-A7C9AAB9DE0B} => C:\Windows\system32\pcalua.exe -a "D:\Program Files\Red Storm Entertainment\RavenShield\system\Setup.exe" -d "D:\Program Files\Red Storm Entertainment\RavenShield\system"
Task: {EF89DD9B-D528-4659-B043-D6C494D503A6} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {F9E4DF57-CA79-4F17-BA40-127296F642C2} - System32\Tasks\{F78B9C97-3D06-442A-AF31-B4FC10D07AB0} => C:\Users\Mathew\AppData\Local\VelvetSundown\VelvetSundown.exe
Task: {FC3E0844-0D4C-474A-BAAD-BA59984AC6F4} - System32\Tasks\{902C7244-6053-4828-8207-DC7D2F14DAD1} => D:\Pcx2\pcsx2-r5875.exe
Task: {FF6BE837-4060-4578-B2C1-91E23E2DAB07} - System32\Tasks\{9CB8ACF6-B226-4629-96E3-D223F37194AB} => C:\Windows\system32\pcalua.exe -a "D:\see you\alps_cit.exe" -d "D:\see you"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Mathew\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
==================== Loaded Modules (Whitelisted) ==============
2014-04-25 18:53 - 2015-02-04 03:05 - 000106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-20 21:19 - 2017-11-20 21:19 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17112014\algo.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-11-21 12:16 - 2017-11-21 12:16 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17112100\algo.dll
2015-11-14 10:12 - 2015-11-14 10:12 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-07-11 22:04 - 2013-07-11 22:04 - 001630720 _____ () C:\Program Files\SimracewayUpdater\SRWUpdate.exe
2013-07-11 22:03 - 2013-07-11 22:03 - 000252832 _____ () C:\Program Files\SimracewayUpdater\PATCHW32.dll
2017-11-19 02:44 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2015-06-14 15:04 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2017-08-15 12:44 - 2017-08-15 12:44 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-18 02:21 - 2017-11-18 02:21 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\.rdata:X [526]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [244]
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A [132]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60543831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60543831.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1990737404-2085512467-1734709770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mathew\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRW Download Manager.lnk => C:\Windows\pss\SRW Download Manager.lnk.CommonStartup
MSCONFIG\startupreg: DownloadAccelerator => "C:\Program Files\DAP\DAP.EXE" /STARTUP
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4DD5E91C-5DF6-42E8-BE82-4CCD56A2A26A}] => (Allow) C:\Users\Mathew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{262F9DEA-19D9-452C-87CD-791016A91855}] => (Allow) C:\Users\Mathew\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31C54D4B-5672-4DCB-8C45-9A87FE82F527}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4C071302-58D6-4E45-9576-550E8D61C6AF}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C4CBA154-ABF1-4CAB-976F-40CD3576C9A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{392E21F7-6031-460D-8CC4-D84F2D1F0C03}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [UDP Query User{CA1A5252-919E-42B7-BD7A-89514CD9972B}C:\program files\dap\dap.exe] => (Allow) C:\program files\dap\dap.exe
FirewallRules: [TCP Query User{3667509C-B9D9-453C-BC99-1DAD751AD833}D:\program files\red storm entertainment\ravenshield\ravenshield.exe] => (Block) D:\program files\red storm entertainment\ravenshield\ravenshield.exe
FirewallRules: [UDP Query User{D89534E5-9B63-434C-BE5F-B6AC3867CAD3}D:\program files\red storm entertainment\ravenshield\ravenshield.exe] => (Block) D:\program files\red storm entertainment\ravenshield\ravenshield.exe
FirewallRules: [{2518DBC8-F8C5-4A79-8525-7A34DA4D5822}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{F2F062B1-C20B-4BFD-B22C-7224D4EC260D}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{A6F73AB1-55B8-411F-B294-645A959B02F9}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{F8B5D939-309B-4082-BF45-6644DA1C0FFC}] => (Allow) D:\IgniteGT\Simraceway\SimracewayGame.exe
FirewallRules: [{9A8471CC-973F-4157-8917-6F986156C161}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{92A99E4A-89A7-4BAD-BBEA-D6BF47F381DA}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{AE367BBC-29CB-4254-8263-75114D8A12EE}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [{B7898FA4-38E7-4D24-A33F-540D3062C2A9}] => (Allow) D:\IgniteGT\Simraceway\SRWAgent.exe
FirewallRules: [TCP Query User{9A68EAC7-542A-4E16-BD73-F99F0428CD32}D:\program files\operation flashpoint\flashpointresistance.exe] => (Allow) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [UDP Query User{D885F59C-B000-4F14-8D09-7604C12B9EB5}D:\program files\operation flashpoint\flashpointresistance.exe] => (Allow) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [{8BE31250-6D9A-4F18-83D7-D8473A9C28F7}] => (Block) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [{A0D5A1D9-905C-4AB3-B708-A85A31BAF929}] => (Block) D:\program files\operation flashpoint\flashpointresistance.exe
FirewallRules: [TCP Query User{88FEB055-B353-409B-8DEF-6D3E699B9E15}D:\program files\rfactor\rfactor.exe] => (Allow) D:\program files\rfactor\rfactor.exe
FirewallRules: [UDP Query User{43C14CF6-9698-44B8-A42F-05C8EB764E5A}D:\program files\rfactor\rfactor.exe] => (Allow) D:\program files\rfactor\rfactor.exe
FirewallRules: [{379C16A1-81CD-4E85-AC96-A665ABF66443}] => (Block) D:\program files\rfactor\rfactor.exe
FirewallRules: [{04B88080-6829-48FC-A402-7A8CEC5A89B9}] => (Block) D:\program files\rfactor\rfactor.exe
FirewallRules: [{6265EEA4-33C9-4286-A905-ACFDEC0A6580}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{478FE079-0D9B-49FF-96D3-BFD0B85CA82E}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{A269DBC6-9061-4184-B4F8-F66AD27FB143}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{B8E78A08-50CF-49A7-8F43-3307DDA3098D}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{41A65162-1C5B-46C0-A77A-7101DC94C07F}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{38F40F2D-F141-45F6-8F8A-2295A93C0CE2}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{D272909C-5CDE-4AF1-AAA8-53FC9F414AF0}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{E6152171-877C-4111-B5E6-619201217474}] => (Allow) C:\Program Files\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [TCP Query User{08B05F11-DC8C-43B8-BB12-AE52BEF2DF79}D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [UDP Query User{FA6D00AC-9818-4608-B7D0-F0793C8EB7DC}D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe] => (Allow) D:\program files\red storm entertainment\ravenshield\system\ravenshield.exe
FirewallRules: [TCP Query User{990FADB7-02DE-49BD-AFB3-F2B150EF7F35}C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe] => (Allow) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [UDP Query User{B618ED6D-84AA-46CE-9E4B-699634B72364}C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe] => (Allow) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{276AB34D-6B60-45F3-9CCE-103BCBA18DDC}] => (Block) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{8EF818FE-B96F-499B-838E-2727AC7D20A0}] => (Block) C:\program files\ubisoft\splinter cell chaos theory\system\splintercell3.exe
FirewallRules: [{32B7B097-ECB1-40A7-96E4-B3D9B7A735D1}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{996B20A4-1CD6-4716-BB05-45EAB2DEFC59}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
FirewallRules: [{01F8C205-D591-4624-8920-E8EEDAF98028}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{6C59BFD7-8345-4546-BDBD-3E97DFDF79F9}] => (Allow) C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe
FirewallRules: [{142835AE-4657-4BC2-9904-D8DAB2FC1024}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{29340537-89EC-414F-9F42-3C2EE7347A53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A36C2FBF-5D95-41A0-AF91-48D0D6F832F8}D:\igg-rimworld.alpha.14\rimworldwin.exe] => (Block) D:\igg-rimworld.alpha.14\rimworldwin.exe
FirewallRules: [UDP Query User{A45554D6-32B3-4B2C-9871-94A1AAF98875}D:\igg-rimworld.alpha.14\rimworldwin.exe] => (Block) D:\igg-rimworld.alpha.14\rimworldwin.exe
FirewallRules: [TCP Query User{758070AA-1711-4A93-BA77-B3503A4543C3}D:\program files\encore\terror strike\system\ts.exe] => (Block) D:\program files\encore\terror strike\system\ts.exe
FirewallRules: [UDP Query User{39C4A6FA-3BFF-4243-A69F-1DD0CB65BCCD}D:\program files\encore\terror strike\system\ts.exe] => (Block) D:\program files\encore\terror strike\system\ts.exe
FirewallRules: [{7FE63155-73AF-4D77-AE47-D7EFB9DD5583}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{5AAE7CC4-3D3F-4705-AED1-22D1DEA6D39D}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{20116EF8-35DA-4FD9-BE81-D0E0AA8B5E04}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{0F38A0F5-EFFD-4855-8628-30EDABA32DBE}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Gold\arma.exe
FirewallRules: [{B1F3594D-5ADC-45EF-BE40-F694CCD0BA9A}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{E53E862A-6333-4725-A808-BEE19375272C}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{3F2634F8-737C-488C-9E72-93BA83D93EC0}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [{93B3620E-0CAE-4E62-B692-7DA04B9B2331}] => (Allow) C:\Program Files\Steam\steamapps\common\ARMA Cold War Assault\ColdWarAssaultPreferences.exe
FirewallRules: [TCP Query User{30E66A4A-8BD5-4B0D-B986-8D41F24EFB70}C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{A98CC43C-26E7-452C-B058-94D22D2E476A}C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{88E63957-D523-4878-9A2D-E1C82A53F96B}] => (Block) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{A4DEF5F5-43CD-44A4-9AE5-23213CD159BD}] => (Block) C:\users\mathew\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{7E6D70BD-5ABA-4F1F-8691-E5B0EFCABC9D}] => (Allow) C:\Program Files\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{B5CE0A47-2C1A-42B1-BD12-AD5762F58139}] => (Allow) C:\Program Files\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{7ECAA8F3-BA09-4397-AEE4-EAFD9EAC2145}] => (Allow) C:\Program Files\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{5CE93207-7470-4808-8AA5-3DCBF2D1F8EA}] => (Allow) C:\Program Files\Steam\steamapps\common\WOG\disasm.exe
FirewallRules: [{5871D4C7-11D5-4C1B-BF96-41A9432CFB6D}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{142B7AFF-B90A-40DB-920B-F7FDCF2DC3B3}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A2598BEF-B0DF-4758-8BB2-AD76485D9037}] => (Allow) C:\Program Files\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{293026D5-41BA-462D-9962-9BEB38AEE06E}] => (Allow) C:\Program Files\Steam\steamapps\common\Enclave\Enclave.exe
FirewallRules: [{EFBF68DF-53E9-40E2-96B8-40094A4DD358}] => (Allow) C:\Program Files\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{661CF132-31C9-4DD0-8C41-20DAD4803653}] => (Allow) C:\Program Files\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{6034DCC7-F960-46D5-8CCB-5A07CAB0940F}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{75FBD5BB-83FB-4A58-BE91-F0727CE6806A}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Rainbow Six Lockdown\lockdown.exe
FirewallRules: [{ACED9187-0ADF-449E-804B-2452C6782B4F}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Another World\anowor.exe
FirewallRules: [{315AFAE8-8A9C-4A11-94C5-2F4AA13014A7}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Another World\anowor.exe
FirewallRules: [{F97DA682-43C1-4769-ADB2-E5731E146D63}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{E152EF10-4A70-45A8-85B1-9123AC9B97E7}] => (Allow) D:\Program Files\SteamLibrary\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{DCDE74F4-F04E-4CB4-8A04-8A2E47E3C90B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1DD5BF34-14FC-4A31-A460-6A25152A324B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{641DC58E-45D7-4CA8-90EE-0B979EAA7AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{841A1A3B-1C59-4CC9-8FA1-2EF8C7235895}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC7DDEE9-850A-4C38-88B0-BEC35A8DCE2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BE42EA93-37BF-4EE9-8B37-7053D86AB6F8}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\tow.exe
FirewallRules: [{489A23C8-34AF-4CC5-AAA3-310EBE95F5AF}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\tow.exe
FirewallRules: [{4F411B8A-6168-4597-8664-8223FE164335}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{77D57FEF-98D8-410D-BF1B-BD55DEFF6396}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{51109AB5-E7B3-41A5-8FAC-468584CC140B}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{87CE4F46-BEA2-4EED-9C66-2EB863C9ADF4}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{26014F3B-FC79-443E-993C-A0AE3A10E1E3}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\Builder.exe
FirewallRules: [{D23492F7-5099-4B0F-9353-C7E8D9239C58}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\Builder.exe
FirewallRules: [{2ADB96CE-FCA7-41F0-AAA9-A648F9009D71}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\towsetup.exe
FirewallRules: [{3A19E02E-7A98-4B07-A8BD-010DCD06B5F2}] => (Allow) C:\Program Files\Steam\steamapps\common\Theatre of War\towsetup.exe
FirewallRules: [{C1F6D369-02D5-410E-BA1D-2592787EE3B1}] => (Allow) C:\Program Files\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{D36A6836-05F8-4B27-BC5A-27E05A4DC31F}] => (Allow) C:\Program Files\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{F920886C-2B4F-495A-BA09-901F005D6EB7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
Name: EterlogicVirtualSerialDriver
Description: EterlogicVirtualSerialDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: EterlogicVirtualSerialDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0146F9B8.64). hr = 0x80070005, Access is denied.
.
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000050c,(null),0,REG_BINARY,0353F0C8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e72413f5-22f3-41e8-8331-c3036670b73c}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000050c,(null),0,REG_BINARY,0353F0B4.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e72413f5-22f3-41e8-8331-c3036670b73c}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007e4,(null),0,REG_BINARY,010DEDF8.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b60c6403-e015-49a5-9d9f-23a5f5b5d955}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000007e4,(null),0,REG_BINARY,010DEDE4.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {b60c6403-e015-49a5-9d9f-23a5f5b5d955}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000db4,(null),0,REG_BINARY,0715ECB0.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {496171cf-6d47-43a0-8372-cfbbde522674}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001ac,(null),0,REG_BINARY,019BF118.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {bfd2c29d-10d0-4af2-b1dc-6b1cc14594fe}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001e8,(null),0,REG_BINARY,0106F208.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {127b9787-3ab8-4fd8-8158-afab059b07bf}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000db4,(null),0,REG_BINARY,0715EC9C.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {496171cf-6d47-43a0-8372-cfbbde522674}
Error: (11/21/2017 03:53:28 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,014FF898.64). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {51a2e8a4-ca15-4cff-aa61-a317877dbcb7}
System errors:
=============
Error: (11/21/2017 01:42:18 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D2D5868A-4340-4853-8DD5-C36310836696}.
The backup browser is stopping.
Error: (11/21/2017 01:40:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.
Error: (11/21/2017 01:39:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (11/21/2017 01:39:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (11/21/2017 01:39:45 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
Error: (11/21/2017 01:39:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error:
Access is denied.
Error: (11/21/2017 01:38:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (11/21/2017 01:38:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (11/21/2017 01:38:35 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
Error: (11/21/2017 12:41:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
CodeIntegrity:
===================================
Date: 2017-08-14 17:29:37.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-14 17:29:37.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 22:34:06.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 22:30:47.969
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 22:30:47.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 20:40:49.265
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-13 20:40:49.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-10 12:34:46.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-10 12:31:53.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
Date: 2017-08-10 12:31:53.180
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 53%
Total physical RAM: 3071.11 MB
Available physical RAM: 1433.56 MB
Total Virtual: 7677.44 MB
Available Virtual: 5810.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.04 GB) (Free:20.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:139.28 GB) (Free:9.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=139.3 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================