Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Diskdriver and Win64Coinminer.CZ infection

coinminer diskdriver virus infection russian

  • Please log in to reply

#1
promithius

promithius

    Member

  • Member
  • PipPip
  • 24 posts

Apparently I have a coinminer infection on my computer that won't die!

I have run my Eset Nod antivirus and Malwarebytes numerous times yet this virus persists.

Each time the scanners suggest "cleaning" or "remove" and no matter which option I select the problem is still here.

My browser loads and half the content on any search comes back in Russian.

I am running Windows 7 64bit.

This problem is infuriating!

 

Help, please.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


  • 0

#3
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Ok here is the log for the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by SkyNet (administrator) on SKYNET-SYSTEMS (01-06-2018 17:21:32)
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINBE.EXE
(Epic Privacy Browser) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-05-18] (Epic Privacy Browser)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\MountPoints2: {e08f94a0-81e1-11e7-9180-7c5cf8efb1df} - O:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{0106C499-AACA-48BE-AF96-B40332427A56}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{7D8893E0-C1FA-44BA-B6A2-3CD6574C780F}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{AC203D52-C6E6-42A8-AD7B-233D446FD834}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{BDF7F6CA-FCE0-463B-8573-872A301D511B}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C3273B72-6137-46B4-B56D-6577F37FD1CE}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050004005_1.13.424807.562_u_hp
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5 [2018-06-01] [Legacy] [not signed]
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default [2018-05-18]
CHR Extension: (YouTube) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Adblock Plus) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (Google Search) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-04-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24]
CHR Extension: (uBlock) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-05-12]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-10]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249312 2017-12-20] (DTS, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183568 2017-06-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2012-04-18] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 WinDefendSecurity; C:\Windows\system32\windfn.exe [2218496 2018-05-27] (Microsoft Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2016-07-12] (Advanced Micro Devices Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2016-07-12] (IVT Corporation.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1560552 2017-12-20] (Motorola Solutions, Inc.)
S2 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-12] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [206344 2017-12-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-01] (Malwarebytes)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3427848 2017-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-20] (NVIDIA Corporation)
S3 Revoflt; C:\Windows\SysWOW64\DRIVERS\revoflt.sys [40240 2016-12-21] (VS Revo Group)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 17:21 - 2018-06-01 17:21 - 000027056 _____ C:\Users\SkyNet\Desktop\FRST.txt
2018-06-01 17:20 - 2018-06-01 17:20 - 002413056 _____ (Farbar) C:\Users\SkyNet\Desktop\FRST64.exe
2018-05-30 17:01 - 2018-06-01 15:31 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 17:01 - 2018-06-01 15:17 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 17:01 - 2018-06-01 15:17 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 17:01 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 16:35 - 2018-06-01 17:21 - 000000000 ____D C:\FRST
2018-05-30 16:34 - 2018-05-30 16:34 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-29 17:12 - 2018-05-29 19:27 - 411273012 _____ C:\Users\SkyNet\Desktop\Death Wish (2018).mkv
2018-05-28 15:54 - 2018-05-28 15:54 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-28 13:12 - 2018-05-28 13:12 - 000000000 ____D C:\Program Files\ESET
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 __SHD C:\ProgramData\DSS
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\Users\SkyNet\Documents\EA Games
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 17:49 - 2018-05-27 17:49 - 002612224 _____ (Microsoft Corporation) C:\Windows\system32\StartupCheckLibrary.dll
2018-05-27 17:49 - 2018-05-27 17:49 - 002218496 _____ (Microsoft Corporation) C:\Windows\system32\windfn.exe
2018-05-27 17:47 - 2018-05-27 17:47 - 015211584 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006463128 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006270152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006105024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 17:47 - 2018-05-27 17:47 - 005938872 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005593576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003571504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003410288 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003299776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003145872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002992144 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002190944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001591016 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001382200 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001242440 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001154912 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001105920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001009544 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001003816 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000986960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000973568 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000899488 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000604752 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000441224 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000392832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000366080 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000315936 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000278232 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000166160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000075504 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 17:46 - 2018-05-27 17:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 17:46 - 2018-05-27 17:46 - 015464151 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 17:46 - 2018-05-27 17:46 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 17:42 - 2018-05-27 17:42 - 000226280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 17:42 - 2018-05-27 17:42 - 000046064 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:40 - 2018-05-27 17:41 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:40 - 2018-05-27 17:40 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 038468128 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 031271232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 030741024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 025984920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 020264848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 019009672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 017776824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 016973216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 17:40 - 2018-05-27 17:40 - 015619736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 015189168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 004046088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003962272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003495000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001561536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001417304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001215424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001091616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000182776 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-27 13:45 - 2015-07-18 03:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:32 - 2018-04-29 05:27 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2018-05-27 13:32 - 2018-01-28 13:09 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2018-05-25 17:06 - 2018-05-25 17:06 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\EasyAntiCheat
2018-05-23 11:53 - 2018-05-23 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 07:06 - 2018-05-21 07:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 07:06 - 2018-05-21 07:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-18 16:07 - 2018-05-18 16:08 - 000000000 ____D C:\Users\SkyNet\Documents\Flight Simulator X Files
2018-05-18 09:50 - 2018-05-18 09:50 - 000002384 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
2018-05-18 09:49 - 2018-05-18 09:50 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Epic Privacy Browser
2018-05-18 09:49 - 2018-05-18 09:49 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
2018-05-13 12:24 - 2018-05-13 12:24 - 004642685 _____ C:\Users\SkyNet\Desktop\Millennial Falcon.psd
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Users\SkyNet\AppData\Local\bunkus.org
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 23
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Program Files\MKVToolNix 23
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake Nightly
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\HandBrake
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Program Files\HandBrake Nightly
2018-05-09 20:56 - 2018-05-09 20:56 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-09 20:56 - 2018-05-09 20:56 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-09 19:01 - 2018-05-09 19:01 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 5
2018-05-09 18:57 - 2018-05-09 18:57 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 6
2018-05-09 12:02 - 2018-05-09 12:02 - 000000000 _____ C:\Windows\system32\dir
2018-05-07 19:05 - 2018-05-07 19:06 - 000000000 ____D C:\ffmpeg
2018-05-06 16:15 - 2018-05-19 09:32 - 000000000 ____D C:\Users\SkyNet\Desktop\100NCD90
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\mkvtoolnix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Program Files (x86)\MKVToolNix
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 17:20 - 2015-12-24 08:48 - 000000000 ____D C:\Incoming
2018-06-01 17:08 - 2018-01-09 23:08 - 000000911 _____ C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job
2018-06-01 16:46 - 2016-11-03 15:46 - 000000911 _____ C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job
2018-06-01 16:22 - 2015-12-24 08:29 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-01 16:22 - 2015-12-24 08:29 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-01 15:24 - 2009-07-13 19:13 - 000794582 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-01 15:24 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-01 15:24 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-01 15:24 - 2009-07-13 17:20 - 000000000 ____D C:\Windows\inf
2018-06-01 15:17 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-01 15:17 - 2009-07-13 19:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-01 10:09 - 2015-12-29 09:36 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\DMCache
2018-05-31 21:40 - 2015-12-23 21:32 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\tixati
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\ProgramData\XLN Audio
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\Program Files\XLN Audio
2018-05-31 19:20 - 2018-01-27 17:39 - 000000000 ____D C:\Users\SkyNet\Documents\XLN Online Installer
2018-05-31 18:40 - 2015-12-23 20:04 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-31 18:40 - 2015-12-23 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-31 18:40 - 2015-12-23 19:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 17:41 - 2015-12-24 08:31 - 000000000 ___RD C:\Users\SkyNet\Dropbox
2018-05-31 15:50 - 2015-12-23 20:23 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-05-30 17:01 - 2015-12-24 08:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-29 17:22 - 2017-01-12 18:28 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CrashDumps
2018-05-29 17:21 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-29 08:49 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\brave
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files\Rockstar Games
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-05-27 17:50 - 2016-04-13 11:05 - 000000398 __RSH C:\ProgramData\ntuser.pol
2018-05-27 17:49 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-27 17:47 - 2016-12-24 19:51 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 17:47 - 2016-10-10 16:36 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 17:47 - 2016-10-10 11:32 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 17:42 - 2017-01-11 19:04 - 001688104 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-27 17:40 - 2017-01-12 19:12 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 023241960 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 004573960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-27 17:30 - 2016-07-12 16:43 - 000000000 ____D C:\ProgramData\ProductData
2018-05-27 17:29 - 2016-10-10 16:46 - 000002900 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SkyNet)
2018-05-27 13:45 - 2015-12-23 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 17:07 - 2015-12-28 17:56 - 000000000 ____D C:\Users\SkyNet\Documents\My Games
2018-05-24 13:53 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Local\brave
2018-05-23 11:53 - 2015-12-24 08:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-20 12:54 - 2016-07-12 12:45 - 000000000 ____D C:\Users\SkyNet\AppData\Local\ElevatedDiagnostics
2018-05-19 22:14 - 2016-07-05 18:12 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CAPCOM
2018-05-18 16:17 - 2015-12-24 08:29 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 16:17 - 2015-12-24 08:29 - 000003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 16:12 - 2016-10-10 11:58 - 000416816 _____ C:\Users\SkyNet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 16:11 - 2009-07-13 18:45 - 005920168 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-18 16:07 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-18 16:02 - 2016-10-23 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2018-05-17 09:02 - 2015-12-23 09:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 18:37 - 2015-12-23 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 18:37 - 2015-12-23 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 18:38 - 2017-05-16 11:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 18:38 - 2017-05-16 11:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 20:18 - 2017-12-21 19:01 - 000000000 ____D C:\Users\SkyNet\Documents\Manuals
2018-05-14 20:18 - 2016-10-18 22:37 - 000000000 ____D C:\Users\SkyNet\Documents\PDFs
2018-05-09 20:54 - 2016-10-10 11:34 - 000786820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-07 09:16 - 2017-01-12 19:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-07 09:15 - 2017-01-11 19:05 - 005947976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 001767552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000634952 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000450856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000124384 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
 
==================== Files in the root of some directories =======
 
2017-05-06 17:54 - 2017-05-06 17:54 - 000000087 _____ () C:\Users\SkyNet\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-01-12 21:12 - 2018-01-12 21:12 - 000000171 _____ () C:\Users\SkyNet\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-01-12 21:12 - 2018-01-12 21:12 - 000000304 _____ () C:\Users\SkyNet\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-01-12 21:12 - 2018-01-12 21:12 - 000000175 _____ () C:\Users\SkyNet\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-01-26 17:41 - 2017-01-26 17:42 - 000001456 _____ () C:\Users\SkyNet\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ () C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ () C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2017-03-02 21:07 - 2017-03-02 21:07 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{86098965-5FBF-4491-9F48-24AD67142EBD}
2017-01-14 12:42 - 2017-01-14 12:42 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{F371B246-82C8-4076-8EF4-244595164BBE}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 16:30
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by SkyNet (administrator) on SKYNET-SYSTEMS (01-06-2018 17:21:32)
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINBE.EXE
(Epic Privacy Browser) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-05-18] (Epic Privacy Browser)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\MountPoints2: {e08f94a0-81e1-11e7-9180-7c5cf8efb1df} - O:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{0106C499-AACA-48BE-AF96-B40332427A56}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{7D8893E0-C1FA-44BA-B6A2-3CD6574C780F}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{AC203D52-C6E6-42A8-AD7B-233D446FD834}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{BDF7F6CA-FCE0-463B-8573-872A301D511B}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C3273B72-6137-46B4-B56D-6577F37FD1CE}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050004005_1.13.424807.562_u_hp
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5 [2018-06-01] [Legacy] [not signed]
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default [2018-05-18]
CHR Extension: (YouTube) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Adblock Plus) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (Google Search) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-04-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24]
CHR Extension: (uBlock) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-05-12]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-10]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249312 2017-12-20] (DTS, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183568 2017-06-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2012-04-18] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 WinDefendSecurity; C:\Windows\system32\windfn.exe [2218496 2018-05-27] (Microsoft Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2016-07-12] (Advanced Micro Devices Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2016-07-12] (IVT Corporation.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1560552 2017-12-20] (Motorola Solutions, Inc.)
S2 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-12] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [206344 2017-12-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-01] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-01] (Malwarebytes)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3427848 2017-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-20] (NVIDIA Corporation)
S3 Revoflt; C:\Windows\SysWOW64\DRIVERS\revoflt.sys [40240 2016-12-21] (VS Revo Group)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 17:21 - 2018-06-01 17:21 - 000027056 _____ C:\Users\SkyNet\Desktop\FRST.txt
2018-06-01 17:20 - 2018-06-01 17:20 - 002413056 _____ (Farbar) C:\Users\SkyNet\Desktop\FRST64.exe
2018-05-30 17:01 - 2018-06-01 15:31 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 17:01 - 2018-06-01 15:17 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 17:01 - 2018-06-01 15:17 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 17:01 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 16:35 - 2018-06-01 17:21 - 000000000 ____D C:\FRST
2018-05-30 16:34 - 2018-05-30 16:34 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-29 17:12 - 2018-05-29 19:27 - 411273012 _____ C:\Users\SkyNet\Desktop\Death Wish (2018).mkv
2018-05-28 15:54 - 2018-05-28 15:54 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-28 13:12 - 2018-05-28 13:12 - 000000000 ____D C:\Program Files\ESET
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 __SHD C:\ProgramData\DSS
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\Users\SkyNet\Documents\EA Games
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 17:49 - 2018-05-27 17:49 - 002612224 _____ (Microsoft Corporation) C:\Windows\system32\StartupCheckLibrary.dll
2018-05-27 17:49 - 2018-05-27 17:49 - 002218496 _____ (Microsoft Corporation) C:\Windows\system32\windfn.exe
2018-05-27 17:47 - 2018-05-27 17:47 - 015211584 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006463128 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006270152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006105024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 17:47 - 2018-05-27 17:47 - 005938872 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005593576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003571504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003410288 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003299776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003145872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002992144 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002190944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001591016 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001382200 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001242440 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001154912 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001105920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001009544 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001003816 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000986960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000973568 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000899488 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000604752 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000441224 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000392832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000366080 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000315936 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000278232 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000166160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000075504 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 17:46 - 2018-05-27 17:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 17:46 - 2018-05-27 17:46 - 015464151 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 17:46 - 2018-05-27 17:46 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 17:42 - 2018-05-27 17:42 - 000226280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 17:42 - 2018-05-27 17:42 - 000046064 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:40 - 2018-05-27 17:41 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:40 - 2018-05-27 17:40 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 038468128 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 031271232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 030741024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 025984920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 020264848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 019009672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 017776824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 016973216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 17:40 - 2018-05-27 17:40 - 015619736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 015189168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 004046088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003962272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003495000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001561536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001417304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001215424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001091616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000182776 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-27 13:45 - 2015-07-18 03:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:32 - 2018-04-29 05:27 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2018-05-27 13:32 - 2018-01-28 13:09 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2018-05-25 17:06 - 2018-05-25 17:06 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\EasyAntiCheat
2018-05-23 11:53 - 2018-05-23 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 07:06 - 2018-05-21 07:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 07:06 - 2018-05-21 07:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-18 16:07 - 2018-05-18 16:08 - 000000000 ____D C:\Users\SkyNet\Documents\Flight Simulator X Files
2018-05-18 09:50 - 2018-05-18 09:50 - 000002384 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
2018-05-18 09:49 - 2018-05-18 09:50 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Epic Privacy Browser
2018-05-18 09:49 - 2018-05-18 09:49 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
2018-05-13 12:24 - 2018-05-13 12:24 - 004642685 _____ C:\Users\SkyNet\Desktop\Millennial Falcon.psd
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Users\SkyNet\AppData\Local\bunkus.org
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 23
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Program Files\MKVToolNix 23
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake Nightly
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\HandBrake
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Program Files\HandBrake Nightly
2018-05-09 20:56 - 2018-05-09 20:56 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-09 20:56 - 2018-05-09 20:56 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-09 19:01 - 2018-05-09 19:01 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 5
2018-05-09 18:57 - 2018-05-09 18:57 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 6
2018-05-09 12:02 - 2018-05-09 12:02 - 000000000 _____ C:\Windows\system32\dir
2018-05-07 19:05 - 2018-05-07 19:06 - 000000000 ____D C:\ffmpeg
2018-05-06 16:15 - 2018-05-19 09:32 - 000000000 ____D C:\Users\SkyNet\Desktop\100NCD90
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\mkvtoolnix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Program Files (x86)\MKVToolNix
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-01 17:20 - 2015-12-24 08:48 - 000000000 ____D C:\Incoming
2018-06-01 17:08 - 2018-01-09 23:08 - 000000911 _____ C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job
2018-06-01 16:46 - 2016-11-03 15:46 - 000000911 _____ C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job
2018-06-01 16:22 - 2015-12-24 08:29 - 000000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-06-01 16:22 - 2015-12-24 08:29 - 000000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-06-01 15:24 - 2009-07-13 19:13 - 000794582 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-01 15:24 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-01 15:24 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-01 15:24 - 2009-07-13 17:20 - 000000000 ____D C:\Windows\inf
2018-06-01 15:17 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-01 15:17 - 2009-07-13 19:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-01 10:09 - 2015-12-29 09:36 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\DMCache
2018-05-31 21:40 - 2015-12-23 21:32 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\tixati
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\ProgramData\XLN Audio
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\Program Files\XLN Audio
2018-05-31 19:20 - 2018-01-27 17:39 - 000000000 ____D C:\Users\SkyNet\Documents\XLN Online Installer
2018-05-31 18:40 - 2015-12-23 20:04 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-31 18:40 - 2015-12-23 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-31 18:40 - 2015-12-23 19:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 17:41 - 2015-12-24 08:31 - 000000000 ___RD C:\Users\SkyNet\Dropbox
2018-05-31 15:50 - 2015-12-23 20:23 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-05-30 17:01 - 2015-12-24 08:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-29 17:22 - 2017-01-12 18:28 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CrashDumps
2018-05-29 17:21 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-29 08:49 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\brave
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files\Rockstar Games
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-05-27 17:50 - 2016-04-13 11:05 - 000000398 __RSH C:\ProgramData\ntuser.pol
2018-05-27 17:49 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-27 17:47 - 2016-12-24 19:51 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 17:47 - 2016-10-10 16:36 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 17:47 - 2016-10-10 11:32 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 17:42 - 2017-01-11 19:04 - 001688104 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-27 17:40 - 2017-01-12 19:12 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 023241960 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 004573960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-27 17:30 - 2016-07-12 16:43 - 000000000 ____D C:\ProgramData\ProductData
2018-05-27 17:29 - 2016-10-10 16:46 - 000002900 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SkyNet)
2018-05-27 13:45 - 2015-12-23 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 17:07 - 2015-12-28 17:56 - 000000000 ____D C:\Users\SkyNet\Documents\My Games
2018-05-24 13:53 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Local\brave
2018-05-23 11:53 - 2015-12-24 08:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-20 12:54 - 2016-07-12 12:45 - 000000000 ____D C:\Users\SkyNet\AppData\Local\ElevatedDiagnostics
2018-05-19 22:14 - 2016-07-05 18:12 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CAPCOM
2018-05-18 16:17 - 2015-12-24 08:29 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 16:17 - 2015-12-24 08:29 - 000003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 16:12 - 2016-10-10 11:58 - 000416816 _____ C:\Users\SkyNet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 16:11 - 2009-07-13 18:45 - 005920168 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-18 16:07 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-18 16:02 - 2016-10-23 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2018-05-17 09:02 - 2015-12-23 09:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 18:37 - 2015-12-23 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 18:37 - 2015-12-23 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 18:38 - 2017-05-16 11:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 18:38 - 2017-05-16 11:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 20:18 - 2017-12-21 19:01 - 000000000 ____D C:\Users\SkyNet\Documents\Manuals
2018-05-14 20:18 - 2016-10-18 22:37 - 000000000 ____D C:\Users\SkyNet\Documents\PDFs
2018-05-09 20:54 - 2016-10-10 11:34 - 000786820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-07 09:16 - 2017-01-12 19:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-07 09:15 - 2017-01-11 19:05 - 005947976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 001767552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000634952 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000450856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000124384 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
 
==================== Files in the root of some directories =======
 
2017-05-06 17:54 - 2017-05-06 17:54 - 000000087 _____ () C:\Users\SkyNet\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-01-12 21:12 - 2018-01-12 21:12 - 000000171 _____ () C:\Users\SkyNet\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-01-12 21:12 - 2018-01-12 21:12 - 000000304 _____ () C:\Users\SkyNet\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-01-12 21:12 - 2018-01-12 21:12 - 000000175 _____ () C:\Users\SkyNet\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-01-26 17:41 - 2017-01-26 17:42 - 000001456 _____ () C:\Users\SkyNet\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ () C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ () C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2017-03-02 21:07 - 2017-03-02 21:07 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{86098965-5FBF-4491-9F48-24AD67142EBD}
2017-01-14 12:42 - 2017-01-14 12:42 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{F371B246-82C8-4076-8EF4-244595164BBE}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 16:30
 
==================== End of FRST.txt ============================
 
 
 
 
 
Here is the Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by SkyNet (01-06-2018 17:22:01)
Running from C:\Users\SkyNet\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-10 21:58:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-407761387-3444271927-348064540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-407761387-3444271927-348064540-1006 - Limited - Enabled)
Guest (S-1-5-21-407761387-3444271927-348064540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-407761387-3444271927-348064540-1008 - Limited - Enabled)
SkyNet (S-1-5-21-407761387-3444271927-348064540-1000 - Administrator - Enabled) => C:\Users\SkyNet
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
300 Modpack 2.1 (HKLM-x32\...\300 Modpack 2.1) (Version:  - )
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\Aliens vs. Predator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Brave) (Version: 0.22.721 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Call of Duty: Ghosts Update 3 (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Crysis version 1.21.0.0 (HKLM-x32\...\Crysis_is1) (Version: 1.21.0.0 - Mr DJ)
Crysis Warhead version 1.1.0.0 (HKLM-x32\...\Crysis Warhead_is1) (Version: 1.1.0.0 - Mr DJ)
CRYZENX 1.00 (HKLM-x32\...\CRYZENX 1.00) (Version:  - )
Dirt.4.v1.04-ENG.repack version 1.04 (HKLM-x32\...\{32FFCB8E-23C9-435F-AFC0-7CE64F696FC2}}_is1) (Version: 1.04 - Ali213.net)
Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epic Privacy Browser (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry 4 version 1.10.0.0 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.10.0.0 - Mr DJ)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Hawaiian HI Fonts (HKLM\...\{9128B5D4-6CB4-4090-A09B-D4CF850AD5A1}) (Version: 1.0.3.40 - Hale Kuamoo, University of Hawaii at Hilo)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Ignition (HKLM\...\{50DC22E6-B3C7-4C24-B96C-2939DB5AC0D9}) (Version: 1.50.20324.4505 - Powerteq) Hidden
Ignition (HKLM-x32\...\{e44b92d0-30d5-49aa-950e-a01e2fce0811}) (Version: 1.50.20324.4505 - Powerteq)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth®(patch version 17.1.1531.1764) (HKLM\...\{302600C1-6BDF-4FD1-1507-148929CC1385}) (Version: 17.1.1507.0532 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Klingon Academy (HKLM-x32\...\Klingon Academy) (Version:  - )
K-Lite Codec Pack 14.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.0 - KLCP)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MKVToolNix 23.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 23.0.0 - Moritz Bunkus)
Mojo Jojo's Pet Project (HKLM-x32\...\{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}) (Version:  - )
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM-x32\...\Revo Uninstaller Pro 3.2.0) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Sniper - Ghost Warrior 2 — Repacked by R.G. Revenants (HKLM-x32\...\Sniper - Ghost Warrior 2_R.G. Revenants) (Version: 3.4.1.4621 - City Interactive)
SolveigMM AVI Trimmer+ version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.1 - Aspyr)
STAR WARS® - Knights of the Old Republic™ II - The Sith Lords (HKLM-x32\...\1421404581_is1) (Version: 2.0.0.2 - GOG.com)
Subtitle Edit 3.3.5 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.5.1862 - Nikse)
TagScanner 6.0.27 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos version 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider GOTY version 1.1.748.0 (HKLM-x32\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
VidCoder 2.31 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 2.31 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World in Conflict (HKLM-x32\...\World in Conflict) (Version: 1.011 - Ubisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-14] (VS Revo Group)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {377718A3-9C49-4F6B-B47E-F4AF82D79B6F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {44F446AE-529D-481A-BB08-A900F3A53B41} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: {574D6353-DED6-45DC-BD0C-0D75768F3630} - System32\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-13] ()
Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit)
Task: {79C655A7-B86E-480A-A906-6D51938C93AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {B4501B30-6D73-49B8-9145-05858DA45F6E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {BBCD4906-AD2E-4AC3-AF14-89B0ABC94F44} - System32\Tasks\AdobeGCInvoker-1.0-SKYNET-SYSTEMS-SkyNet => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {BE763E74-85F7-4612-B459-06BD2D5EB115} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CE3C1698-CD65-49E2-AB60-D2231AA5D0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {DCA0EAAC-887C-433D-BDEB-13FAA45979E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E3942701-4DA4-446F-A47A-4884A026C1B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {F839542E-ABE6-4270-A40A-8DC32F621586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{2F5A4C44-C787-4243-BF67-47A7A6576221} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{9EE9851F-1ACE-4793-8F9F-F6086C9F532B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-20 12:45 - 2016-10-13 13:57 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-03-28 22:31 - 2013-03-28 22:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-23 14:55 - 2016-11-15 07:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-01-11 19:06 - 2016-08-25 13:28 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-05-30 17:01 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 17:01 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-12-26 12:46 - 2011-03-02 12:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-12-24 08:31 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-01-09 18:08 - 2016-11-17 22:14 - 000730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-09 18:08 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-09 18:08 - 2016-11-17 22:12 - 000237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2013-09-17 00:58 - 2013-09-17 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-01-09 18:08 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-09 18:08 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-09 18:08 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-24 08:31 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\src\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\bin\libffi-6.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2018-05-23 11:53 - 2018-05-21 07:06 - 000847688 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 10:59 - 2018-05-21 07:05 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:35 - 2018-05-21 07:10 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 15:33 - 2018-05-21 07:09 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-24 08:30 - 2018-05-21 07:10 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:01 - 2018-05-21 07:10 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 19:36 - 2018-05-21 07:10 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:36 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 14:11 - 2018-05-21 07:09 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-23 11:53 - 2018-05-21 07:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 18:18 - 2018-05-21 07:10 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-06-01 15:17 - 2018-06-01 15:17 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\src\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000118784 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000069120 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000083968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\zlib1.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000275968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000015360 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008192 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000023552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000036352 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\libffi-6.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-10-13 13:57 - 2016-10-13 13:57 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-10-13 13:57 - 2016-10-13 13:57 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2015-12-23 20:04 - 2018-06-01 15:19 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-23 20:04 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-25 23:50 - 2018-01-12 11:15 - 000001298 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: tixati => "C:\Program Files\tixati\tixati.exe" -startminimized -d1
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FB7C27F5-BB80-4ED8-A52E-F204BD37C316}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{9542AAF1-188F-4C71-861A-E752ABC11CFA}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{1CCE33FB-AEEA-4ED8-AF19-C2B396B5D814}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{E1342536-15D0-452F-8FF9-EF3578728F2D}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{5175D9CD-A3FD-4EF4-A80D-AA46C01BD890}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6E5EF3EA-31F2-402C-B458-BB016DB34BB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{B378563C-33B4-49E2-912D-D7C231DB1E6F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{AE11614C-C137-4DF6-86D1-F4C76816BD63}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{0452BC5E-4D0C-43D9-9A5E-28F4028CBAF1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{0ADE0E85-BFE0-482B-A20A-4887E9751D9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{F616906F-6237-47D8-A0C5-AF3BA54D97E4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{99C0B5F5-7B51-4D07-A8D2-0AE91146DB40}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{B0C5662F-C649-4A36-8792-48537527A83C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{141273CE-5FDD-402E-B222-9E13759563E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{35A350FD-94D7-4440-AAD5-82F0C4ACA246}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{8C3DE5BB-FF61-4E70-9A47-8F85DEE903AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{007968BD-260C-4DCE-8A9F-1EA6AF72400E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5685863-D18B-4099-820C-F472BF3D84CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{96E7BE0E-D304-403C-A275-5DCA2FB0302B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{941F3F54-2BD5-4E85-BD36-7BEA0B435FF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDE5C324-684C-4E79-B3BB-C08BBB124967}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{959BB1F3-A68E-4E0E-A5F2-1DEEB86CC41C}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59D8FE2C-0564-4023-8C40-102475C74732}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8D54B22B-A954-496F-901D-9C08FC8A0D19}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{079FC4F4-FAD0-4813-8938-95AC8E0DE885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0628F2CA-7F4B-4A6C-ABAB-E88127310AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1749864-6003-46D3-B48D-FA91635A074D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27FBBF6F-8789-44F7-AF44-DDB719F236E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D796CF0-0B6B-4123-9EE5-FB3045FDEFB1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{C2106B5E-D166-4C23-A572-00D2114EAF76}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{9DA04F3C-ADD7-4DE9-B271-60981EC6B6A2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{011BAD99-FD9F-4C9D-932A-C3FD26172956}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{C9417F31-5112-40C5-9643-CFB0F537EAA9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{881B987B-391D-4938-B34E-E74A2D2CBE2A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8D8F7100-8302-4698-A5C6-0EF070A51474}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8678EAE2-2D5F-45E6-9E2C-DB644A80DF28}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{2CC957B7-C991-4E8B-B4A4-3B023D395393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [TCP Query User{BE7382CB-95AE-429A-821A-60400273278C}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [UDP Query User{0044A1D1-3464-42E8-B96E-9BAD626BC7CC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [TCP Query User{5F9A971F-F2B5-47FB-94CB-2E3C972A5242}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [UDP Query User{2292E954-049F-4D9F-8F1B-4D3B6D27CC33}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A33F7BB0-D522-4AE5-8DC5-822325B276C9}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{E00F54FA-48A5-4A6D-AA1C-8464791B6010}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A895B6AE-F13E-4174-A79E-FD8347F917CA}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{35730279-BF13-4671-8E81-82A1CCB63E1C}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{B7D557E8-EF05-4895-9868-C2BE5DEAA4E6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D91D1AE7-F21D-426C-83D1-AB43FEBC5502}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{0DA2D116-B31F-44F4-96BC-D5BCCB9D8296}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B50FF09C-5F9A-47E9-92F3-166A2CFC1570}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BFB25B55-7634-4A79-9B85-238CBDB85E50}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [UDP Query User{D02F7EB6-3E5C-4E37-8347-6FBDAF3D6096}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{35AECB37-E4C5-4F08-B6BE-A6AFF2AA660D}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{E6656235-82B1-4D03-A36F-29703812A191}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{D0A6F404-E401-460D-8761-283D847FB16C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F5A48009-9391-4A75-82E0-64C42C095BDA}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{E9AA2D51-8AF4-49CF-92EC-EAB695FE018B}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F6F0223E-E183-4BFC-9720-E2B9C1867171}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{169B5F1A-E12A-4DD4-9B61-5EAF08F0313C}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{564BABF5-3AC7-49A0-B215-14B7DC093BA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0575828A-DA83-4013-94FE-52C030651860}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{388BDF3E-E23C-4484-8E2B-0AAFDEB573C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F7CBCA-974E-4DEE-97FA-7AF1D6043384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C4D4BA-DC5D-415E-81C0-4C38D08EA927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D229850E-8137-47F5-8B6D-6BA99B5728B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1672625E-8396-4437-AFA1-2544812F7448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{561E2E6D-9290-4365-8807-BAC94A32B0CE}] => (Allow) LPort=2869
FirewallRules: [{6ED08D25-6A52-4ECD-9CEF-889328ED4F63}] => (Allow) LPort=1900
FirewallRules: [{00F530C6-AE3A-442C-962D-CC9C8C54085C}] => (Allow) LPort=2869
FirewallRules: [{60031D35-ED6F-49C7-97A7-58F109F7534D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9F8DFD05-4F5B-4ED3-9C99-5528A983C57A}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{AA747C07-FD9B-4589-A2A3-9DFE290EAE7F}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [{8B8D43CC-23C4-4883-9A76-889CBAD0B7C8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{AE899E63-7251-4A22-9243-2B18B09C5785}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{287CFD38-8173-4AF5-8A11-32591DCC48A2}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C342F57F-EDB6-42F1-9BE3-E86F57FF46C9}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{77EE1476-DCB7-4A85-A781-1B6E945C05A9}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{6773DDC3-60BD-49A5-B978-81AE305A348B}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{3A8B1383-5526-44B4-8314-B01CB83DD6F2}] => (Block) LPort=445
FirewallRules: [{3CAA6FC2-FA59-40FF-AD08-369F2AEC17B4}] => (Block) LPort=445
FirewallRules: [{43DD8E92-1050-4FEF-AE3B-46C92AC691AC}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{381B961A-83D5-42ED-AD65-C80A4FBCF5EB}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{4908AA1F-EC3F-42DD-8A96-F114ED067D2A}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [UDP Query User{8C50542A-44EE-4306-A90D-93AB8DB8B74B}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{834AD21D-8A0E-42A9-874E-2F96D2691D57}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{69AC1BDD-9F1D-4CF0-9EFD-7703A250A674}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{A5DE2541-A865-4489-835B-F7152B3E8DAB}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{97625A2F-03C2-4658-9704-4639321E880A}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{1E29B81A-BD2E-49AF-A713-F2C0B358D9B2}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{F02C1FE6-8E5E-47FE-921E-00192642F714}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [TCP Query User{C40DCABF-7228-4B5B-92CB-30E629DB7F9E}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{9D0D49D9-32A3-4EAC-B64B-B21DC60B4156}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{F5A98A22-AB34-4F42-8722-0664C26CC0D8}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{C1700217-77DD-4025-BDAC-361288581F78}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{4665A9A8-260F-4AAE-AFA9-79334C1FF388}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [{BBC7C6C9-A363-4950-897A-BD192F1EE47E}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [TCP Query User{92078F10-6042-4519-B1B4-26BBFD9ACEF5}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{F1C038E9-0383-460F-84B2-77C4D534DD9E}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{4D561CC5-30A1-4E9E-96E2-F3EAF3DD9AAC}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{DC245F4A-3DC3-40CE-AFD2-9DD7026F5F6C}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{0F417FB7-9F17-410B-8960-4DE17AAEB626}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{D55F24A3-EB8B-42FB-8771-31FD56C0F857}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{284784CA-48D1-4BF7-A81A-529C35A052E9}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [{BDBC5E1C-0C1A-4ABA-B5EB-82B0D54465F4}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [TCP Query User{956666EC-7408-4005-97D3-4458F7A6535D}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [UDP Query User{6ED08CF2-2311-4CD9-B003-D9C78C3B03DD}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [{D732A50E-88AA-44B8-BE55-964BD4FB659D}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [{96AE1DED-8908-42B2-B433-90732895E166}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [TCP Query User{16514BDC-2796-487A-B1A2-1F687775A690}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [UDP Query User{9839D3C7-6CF6-469E-B71C-4EE3D491B333}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [{C9692BB1-278C-4FA9-B181-A5A8A1EC8927}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [{ED308862-E600-48A2-9A93-932A8CBE1A6D}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [TCP Query User{E0C34252-11D0-4CA7-8ED0-A48B8C2CF3BA}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [UDP Query User{A097959E-765B-49CD-9205-08A0DF668759}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [{4987A6DB-1650-4C11-B488-3FCD3282BB10}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [{6F2A6423-539B-4DD6-AB5A-D77A7A51A8C9}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [TCP Query User{090E6C1D-3F2A-439A-A8C7-2D049A9E59CE}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{43D41ECF-63AC-4D38-8A66-DFDDC6CEDEA2}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{FC3CDEA3-8B96-4847-A0A5-05A8D06BDC90}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{8A01975A-BDC8-4198-8AD6-5762D3D6144A}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BA0CC5F1-8891-4784-8727-FDD6FEFE9A72}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{AF5F8BA9-B4C3-4FBB-AF81-DABB907CF037}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{DE486E41-348B-4867-AD4C-AF539F02A5D3}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{47D0FEEA-A4FC-4D1C-9286-7443E5F0AC10}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9C468828-A775-4BD6-9D0C-A062C8A68FED}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{298F078E-DF83-4D6E-BE6F-1F3B0EBEADFD}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{77086B90-99CE-4C7B-99C7-C92B46989ADA}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{F21326C8-627D-4C0D-AA15-F8313BCA9942}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{57AD44DC-9194-42C2-8492-DF0F6A5A785D}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{50C77D90-6314-46DA-922D-1BA9A5199B11}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{11AE5B51-3D43-4137-AB1E-B5DBAE22B266}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{A1437E5F-4A3D-494B-B95F-EE3917147B2F}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{15BFE731-6C42-426C-817A-A1AB2670C275}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{023B99DE-D2C5-4E0F-83BC-14E91FDE9421}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [{C1737EC2-E06B-4CB0-9CBD-E92C68D36362}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{55428380-F572-4B81-B89F-65C7CBF7A512}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{08C66253-AB20-4EEB-A2AE-3F41D0AB9EC0}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{0668A9A4-816F-45FC-8FF2-077C44C8A428}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [TCP Query User{84E28F8B-CA08-4DC8-BB8A-9DF711280C7B}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [UDP Query User{ABC15052-4E47-460E-85CC-248154B9CECA}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [TCP Query User{D35B6580-F1D8-4196-B6F3-DAED0186E7DC}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{F2E0036E-6785-46F5-AA59-A5C0DCBA15B9}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [{2E7FA420-A310-4400-B791-5B7570DDEA40}] => (Allow) H:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{3A3AD48B-BD87-4F2A-A5F8-361FB6050200}] => (Allow) H:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [TCP Query User{C28438FE-5764-4FA6-865A-ECBA98BCC0CF}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{AE9A1FCC-2806-47B6-A412-EB50EB01E56C}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{911084A3-0070-4ADE-A49C-2931D8126CE9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A60088F-03B3-4F02-8568-BAEA4680A035}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{738E9E66-F20A-4847-B8DC-90CFC2B47F73}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9AFC4B02-19C5-49F9-888C-950953E2716B}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [UDP Query User{EEC425FC-0A96-45D3-9BF4-83988C9E2B0F}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [{EA7E1592-153E-46ED-A2DA-2D899B0EE5E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31E324FA-D15E-4110-AAB6-DDA46C525E86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
31-05-2018 18:40:12 Removed USB BIOS Flashback
31-05-2018 18:40:35 Removed AI Suite II
31-05-2018 18:48:11 Revo Uninstaller Pro's restore point - CSR Harmony Wireless Software Stack
31-05-2018 18:48:30 Removed CSR Harmony Wireless Software Stack.
31-05-2018 19:12:54 Revo Uninstaller Pro's restore point - Ableton Live 9 Lite
31-05-2018 19:13:12 Removed Ableton Live 9 Lite
31-05-2018 19:19:35 Revo Uninstaller Pro's restore point - XLN Online Installer
31-05-2018 19:22:56 Revo Uninstaller Pro's restore point - WinX Blu-ray Decrypter 3.2.0
31-05-2018 19:30:40 Revo Uninstaller Pro's restore point - GameRanger
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2018 03:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (06/01/2018 03:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/01/2018 09:27:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (06/01/2018 09:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 09:32:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/31/2018 07:12:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {10b3202a-bdf8-4c90-a84e-7dccbe870cc9}
 
Error: (05/31/2018 06:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 06:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b4e7
Faulting module name: csrportmon.dll_unloaded, version: 0.0.0.0, time stamp: 0x4dde5365
Exception code: 0xc0000005
Fault offset: 0x000007feec35ba10
Faulting process id: 0x6b0
Faulting application start time: 0x01d3f9634897c367
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: csrportmon.dll
Report Id: dda989ee-6557-11e8-8968-7c5cf8efb1df
 
 
System errors:
=============
Error: (06/01/2018 04:20:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 04:20:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:48:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:48:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:32:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:32:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:24:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:24:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-01 17:20:30.129
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 15:17:38.214
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 10:09:13.807
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 09:27:59.820
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 21:40:40.323
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 21:31:58.526
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 18:56:10.104
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 18:45:47.039
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 23%
Total physical RAM: 16283.5 MB
Available physical RAM: 12517.25 MB
Total Virtual: 32565.19 MB
Available Virtual: 28285.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:187.08 GB) NTFS
Drive f: (Mars) (Fixed) (Total:465.76 GB) (Free:381.51 GB) NTFS
Drive g: (Pluto) (Fixed) (Total:200 GB) (Free:108.05 GB) NTFS
Drive h: (Hoth) (Fixed) (Total:931.51 GB) (Free:308.58 GB) NTFS
Drive i: (Saturn) (Fixed) (Total:1062.89 GB) (Free:200.65 GB) NTFS
Drive o: (T-600 GOLD) (Removable) (Total:14.87 GB) (Free:14.19 GB) FAT32
Drive q: (Ryloth) (Fixed) (Total:1953.12 GB) (Free:1718.23 GB) NTFS
Drive r: (Scarif) (Fixed) (Total:1772.77 GB) (Free:583.87 GB) NTFS
Drive s: (Mercury) (Fixed) (Total:600 GB) (Free:57.37 GB) NTFS
 
\\?\Volume{92252ac3-a9cc-11e5-aced-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6C2710D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D7729B52)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
 
==================== End of Addition.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by SkyNet (01-06-2018 17:22:01)
Running from C:\Users\SkyNet\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-10 21:58:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-407761387-3444271927-348064540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-407761387-3444271927-348064540-1006 - Limited - Enabled)
Guest (S-1-5-21-407761387-3444271927-348064540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-407761387-3444271927-348064540-1008 - Limited - Enabled)
SkyNet (S-1-5-21-407761387-3444271927-348064540-1000 - Administrator - Enabled) => C:\Users\SkyNet
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
300 Modpack 2.1 (HKLM-x32\...\300 Modpack 2.1) (Version:  - )
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\Aliens vs. Predator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Brave) (Version: 0.22.721 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Call of Duty: Ghosts Update 3 (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Crysis version 1.21.0.0 (HKLM-x32\...\Crysis_is1) (Version: 1.21.0.0 - Mr DJ)
Crysis Warhead version 1.1.0.0 (HKLM-x32\...\Crysis Warhead_is1) (Version: 1.1.0.0 - Mr DJ)
CRYZENX 1.00 (HKLM-x32\...\CRYZENX 1.00) (Version:  - )
Dirt.4.v1.04-ENG.repack version 1.04 (HKLM-x32\...\{32FFCB8E-23C9-435F-AFC0-7CE64F696FC2}}_is1) (Version: 1.04 - Ali213.net)
Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epic Privacy Browser (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry 4 version 1.10.0.0 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.10.0.0 - Mr DJ)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Hawaiian HI Fonts (HKLM\...\{9128B5D4-6CB4-4090-A09B-D4CF850AD5A1}) (Version: 1.0.3.40 - Hale Kuamoo, University of Hawaii at Hilo)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Ignition (HKLM\...\{50DC22E6-B3C7-4C24-B96C-2939DB5AC0D9}) (Version: 1.50.20324.4505 - Powerteq) Hidden
Ignition (HKLM-x32\...\{e44b92d0-30d5-49aa-950e-a01e2fce0811}) (Version: 1.50.20324.4505 - Powerteq)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth®(patch version 17.1.1531.1764) (HKLM\...\{302600C1-6BDF-4FD1-1507-148929CC1385}) (Version: 17.1.1507.0532 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Klingon Academy (HKLM-x32\...\Klingon Academy) (Version:  - )
K-Lite Codec Pack 14.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.0 - KLCP)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MKVToolNix 23.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 23.0.0 - Moritz Bunkus)
Mojo Jojo's Pet Project (HKLM-x32\...\{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}) (Version:  - )
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM-x32\...\Revo Uninstaller Pro 3.2.0) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Sniper - Ghost Warrior 2 — Repacked by R.G. Revenants (HKLM-x32\...\Sniper - Ghost Warrior 2_R.G. Revenants) (Version: 3.4.1.4621 - City Interactive)
SolveigMM AVI Trimmer+ version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.1 - Aspyr)
STAR WARS® - Knights of the Old Republic™ II - The Sith Lords (HKLM-x32\...\1421404581_is1) (Version: 2.0.0.2 - GOG.com)
Subtitle Edit 3.3.5 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.5.1862 - Nikse)
TagScanner 6.0.27 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos version 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider GOTY version 1.1.748.0 (HKLM-x32\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
VidCoder 2.31 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 2.31 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World in Conflict (HKLM-x32\...\World in Conflict) (Version: 1.011 - Ubisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-14] (VS Revo Group)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {377718A3-9C49-4F6B-B47E-F4AF82D79B6F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {44F446AE-529D-481A-BB08-A900F3A53B41} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: {574D6353-DED6-45DC-BD0C-0D75768F3630} - System32\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-13] ()
Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit)
Task: {79C655A7-B86E-480A-A906-6D51938C93AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {B4501B30-6D73-49B8-9145-05858DA45F6E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {BBCD4906-AD2E-4AC3-AF14-89B0ABC94F44} - System32\Tasks\AdobeGCInvoker-1.0-SKYNET-SYSTEMS-SkyNet => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {BE763E74-85F7-4612-B459-06BD2D5EB115} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CE3C1698-CD65-49E2-AB60-D2231AA5D0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {DCA0EAAC-887C-433D-BDEB-13FAA45979E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E3942701-4DA4-446F-A47A-4884A026C1B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {F839542E-ABE6-4270-A40A-8DC32F621586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{2F5A4C44-C787-4243-BF67-47A7A6576221} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{9EE9851F-1ACE-4793-8F9F-F6086C9F532B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-20 12:45 - 2016-10-13 13:57 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-03-28 22:31 - 2013-03-28 22:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-23 14:55 - 2016-11-15 07:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-01-11 19:06 - 2016-08-25 13:28 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-05-30 17:01 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 17:01 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-12-26 12:46 - 2011-03-02 12:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-12-24 08:31 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-01-09 18:08 - 2016-11-17 22:14 - 000730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-09 18:08 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-09 18:08 - 2016-11-17 22:12 - 000237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2013-09-17 00:58 - 2013-09-17 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-01-09 18:08 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-09 18:08 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-09 18:08 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-24 08:31 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\src\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\bin\libffi-6.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr6A17.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2018-05-23 11:53 - 2018-05-21 07:06 - 000847688 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 10:59 - 2018-05-21 07:05 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:35 - 2018-05-21 07:10 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 15:33 - 2018-05-21 07:09 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-24 08:30 - 2018-05-21 07:10 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:01 - 2018-05-21 07:10 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 19:36 - 2018-05-21 07:10 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:36 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 14:11 - 2018-05-21 07:09 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-23 11:53 - 2018-05-21 07:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 18:18 - 2018-05-21 07:10 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-06-01 15:17 - 2018-06-01 15:17 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\src\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000118784 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000069120 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000083968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\zlib1.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000275968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000015360 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008192 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000023552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000036352 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\bin\libffi-6.dll
2018-06-01 15:17 - 2018-06-01 15:17 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-01 15:17 - 2018-06-01 15:17 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrBA39.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-10-13 13:57 - 2016-10-13 13:57 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-10-13 13:57 - 2016-10-13 13:57 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2015-12-23 20:04 - 2018-06-01 15:19 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-23 20:04 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-25 23:50 - 2018-01-12 11:15 - 000001298 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
MSCONFIG\startupreg: tixati => "C:\Program Files\tixati\tixati.exe" -startminimized -d1
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FB7C27F5-BB80-4ED8-A52E-F204BD37C316}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{9542AAF1-188F-4C71-861A-E752ABC11CFA}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{1CCE33FB-AEEA-4ED8-AF19-C2B396B5D814}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{E1342536-15D0-452F-8FF9-EF3578728F2D}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{5175D9CD-A3FD-4EF4-A80D-AA46C01BD890}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6E5EF3EA-31F2-402C-B458-BB016DB34BB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{B378563C-33B4-49E2-912D-D7C231DB1E6F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{AE11614C-C137-4DF6-86D1-F4C76816BD63}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{0452BC5E-4D0C-43D9-9A5E-28F4028CBAF1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{0ADE0E85-BFE0-482B-A20A-4887E9751D9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{F616906F-6237-47D8-A0C5-AF3BA54D97E4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{99C0B5F5-7B51-4D07-A8D2-0AE91146DB40}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{B0C5662F-C649-4A36-8792-48537527A83C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{141273CE-5FDD-402E-B222-9E13759563E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{35A350FD-94D7-4440-AAD5-82F0C4ACA246}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{8C3DE5BB-FF61-4E70-9A47-8F85DEE903AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{007968BD-260C-4DCE-8A9F-1EA6AF72400E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5685863-D18B-4099-820C-F472BF3D84CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{96E7BE0E-D304-403C-A275-5DCA2FB0302B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{941F3F54-2BD5-4E85-BD36-7BEA0B435FF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDE5C324-684C-4E79-B3BB-C08BBB124967}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{959BB1F3-A68E-4E0E-A5F2-1DEEB86CC41C}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59D8FE2C-0564-4023-8C40-102475C74732}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8D54B22B-A954-496F-901D-9C08FC8A0D19}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{079FC4F4-FAD0-4813-8938-95AC8E0DE885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0628F2CA-7F4B-4A6C-ABAB-E88127310AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1749864-6003-46D3-B48D-FA91635A074D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27FBBF6F-8789-44F7-AF44-DDB719F236E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D796CF0-0B6B-4123-9EE5-FB3045FDEFB1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{C2106B5E-D166-4C23-A572-00D2114EAF76}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{9DA04F3C-ADD7-4DE9-B271-60981EC6B6A2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{011BAD99-FD9F-4C9D-932A-C3FD26172956}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{C9417F31-5112-40C5-9643-CFB0F537EAA9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{881B987B-391D-4938-B34E-E74A2D2CBE2A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8D8F7100-8302-4698-A5C6-0EF070A51474}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8678EAE2-2D5F-45E6-9E2C-DB644A80DF28}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{2CC957B7-C991-4E8B-B4A4-3B023D395393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [TCP Query User{BE7382CB-95AE-429A-821A-60400273278C}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [UDP Query User{0044A1D1-3464-42E8-B96E-9BAD626BC7CC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [TCP Query User{5F9A971F-F2B5-47FB-94CB-2E3C972A5242}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [UDP Query User{2292E954-049F-4D9F-8F1B-4D3B6D27CC33}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A33F7BB0-D522-4AE5-8DC5-822325B276C9}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{E00F54FA-48A5-4A6D-AA1C-8464791B6010}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A895B6AE-F13E-4174-A79E-FD8347F917CA}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{35730279-BF13-4671-8E81-82A1CCB63E1C}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{B7D557E8-EF05-4895-9868-C2BE5DEAA4E6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D91D1AE7-F21D-426C-83D1-AB43FEBC5502}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{0DA2D116-B31F-44F4-96BC-D5BCCB9D8296}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B50FF09C-5F9A-47E9-92F3-166A2CFC1570}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BFB25B55-7634-4A79-9B85-238CBDB85E50}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [UDP Query User{D02F7EB6-3E5C-4E37-8347-6FBDAF3D6096}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{35AECB37-E4C5-4F08-B6BE-A6AFF2AA660D}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{E6656235-82B1-4D03-A36F-29703812A191}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{D0A6F404-E401-460D-8761-283D847FB16C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F5A48009-9391-4A75-82E0-64C42C095BDA}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{E9AA2D51-8AF4-49CF-92EC-EAB695FE018B}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F6F0223E-E183-4BFC-9720-E2B9C1867171}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{169B5F1A-E12A-4DD4-9B61-5EAF08F0313C}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{564BABF5-3AC7-49A0-B215-14B7DC093BA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0575828A-DA83-4013-94FE-52C030651860}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{388BDF3E-E23C-4484-8E2B-0AAFDEB573C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F7CBCA-974E-4DEE-97FA-7AF1D6043384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C4D4BA-DC5D-415E-81C0-4C38D08EA927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D229850E-8137-47F5-8B6D-6BA99B5728B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1672625E-8396-4437-AFA1-2544812F7448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{561E2E6D-9290-4365-8807-BAC94A32B0CE}] => (Allow) LPort=2869
FirewallRules: [{6ED08D25-6A52-4ECD-9CEF-889328ED4F63}] => (Allow) LPort=1900
FirewallRules: [{00F530C6-AE3A-442C-962D-CC9C8C54085C}] => (Allow) LPort=2869
FirewallRules: [{60031D35-ED6F-49C7-97A7-58F109F7534D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9F8DFD05-4F5B-4ED3-9C99-5528A983C57A}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{AA747C07-FD9B-4589-A2A3-9DFE290EAE7F}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [{8B8D43CC-23C4-4883-9A76-889CBAD0B7C8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{AE899E63-7251-4A22-9243-2B18B09C5785}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{287CFD38-8173-4AF5-8A11-32591DCC48A2}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C342F57F-EDB6-42F1-9BE3-E86F57FF46C9}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{77EE1476-DCB7-4A85-A781-1B6E945C05A9}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{6773DDC3-60BD-49A5-B978-81AE305A348B}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{3A8B1383-5526-44B4-8314-B01CB83DD6F2}] => (Block) LPort=445
FirewallRules: [{3CAA6FC2-FA59-40FF-AD08-369F2AEC17B4}] => (Block) LPort=445
FirewallRules: [{43DD8E92-1050-4FEF-AE3B-46C92AC691AC}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{381B961A-83D5-42ED-AD65-C80A4FBCF5EB}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{4908AA1F-EC3F-42DD-8A96-F114ED067D2A}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [UDP Query User{8C50542A-44EE-4306-A90D-93AB8DB8B74B}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{834AD21D-8A0E-42A9-874E-2F96D2691D57}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{69AC1BDD-9F1D-4CF0-9EFD-7703A250A674}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{A5DE2541-A865-4489-835B-F7152B3E8DAB}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{97625A2F-03C2-4658-9704-4639321E880A}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{1E29B81A-BD2E-49AF-A713-F2C0B358D9B2}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{F02C1FE6-8E5E-47FE-921E-00192642F714}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [TCP Query User{C40DCABF-7228-4B5B-92CB-30E629DB7F9E}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{9D0D49D9-32A3-4EAC-B64B-B21DC60B4156}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{F5A98A22-AB34-4F42-8722-0664C26CC0D8}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{C1700217-77DD-4025-BDAC-361288581F78}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{4665A9A8-260F-4AAE-AFA9-79334C1FF388}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [{BBC7C6C9-A363-4950-897A-BD192F1EE47E}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [TCP Query User{92078F10-6042-4519-B1B4-26BBFD9ACEF5}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{F1C038E9-0383-460F-84B2-77C4D534DD9E}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{4D561CC5-30A1-4E9E-96E2-F3EAF3DD9AAC}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{DC245F4A-3DC3-40CE-AFD2-9DD7026F5F6C}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{0F417FB7-9F17-410B-8960-4DE17AAEB626}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{D55F24A3-EB8B-42FB-8771-31FD56C0F857}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{284784CA-48D1-4BF7-A81A-529C35A052E9}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [{BDBC5E1C-0C1A-4ABA-B5EB-82B0D54465F4}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [TCP Query User{956666EC-7408-4005-97D3-4458F7A6535D}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [UDP Query User{6ED08CF2-2311-4CD9-B003-D9C78C3B03DD}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [{D732A50E-88AA-44B8-BE55-964BD4FB659D}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [{96AE1DED-8908-42B2-B433-90732895E166}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [TCP Query User{16514BDC-2796-487A-B1A2-1F687775A690}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [UDP Query User{9839D3C7-6CF6-469E-B71C-4EE3D491B333}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [{C9692BB1-278C-4FA9-B181-A5A8A1EC8927}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [{ED308862-E600-48A2-9A93-932A8CBE1A6D}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [TCP Query User{E0C34252-11D0-4CA7-8ED0-A48B8C2CF3BA}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [UDP Query User{A097959E-765B-49CD-9205-08A0DF668759}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [{4987A6DB-1650-4C11-B488-3FCD3282BB10}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [{6F2A6423-539B-4DD6-AB5A-D77A7A51A8C9}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [TCP Query User{090E6C1D-3F2A-439A-A8C7-2D049A9E59CE}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{43D41ECF-63AC-4D38-8A66-DFDDC6CEDEA2}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{FC3CDEA3-8B96-4847-A0A5-05A8D06BDC90}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{8A01975A-BDC8-4198-8AD6-5762D3D6144A}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BA0CC5F1-8891-4784-8727-FDD6FEFE9A72}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{AF5F8BA9-B4C3-4FBB-AF81-DABB907CF037}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{DE486E41-348B-4867-AD4C-AF539F02A5D3}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{47D0FEEA-A4FC-4D1C-9286-7443E5F0AC10}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9C468828-A775-4BD6-9D0C-A062C8A68FED}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{298F078E-DF83-4D6E-BE6F-1F3B0EBEADFD}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{77086B90-99CE-4C7B-99C7-C92B46989ADA}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{F21326C8-627D-4C0D-AA15-F8313BCA9942}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{57AD44DC-9194-42C2-8492-DF0F6A5A785D}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{50C77D90-6314-46DA-922D-1BA9A5199B11}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{11AE5B51-3D43-4137-AB1E-B5DBAE22B266}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{A1437E5F-4A3D-494B-B95F-EE3917147B2F}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{15BFE731-6C42-426C-817A-A1AB2670C275}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{023B99DE-D2C5-4E0F-83BC-14E91FDE9421}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [{C1737EC2-E06B-4CB0-9CBD-E92C68D36362}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{55428380-F572-4B81-B89F-65C7CBF7A512}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{08C66253-AB20-4EEB-A2AE-3F41D0AB9EC0}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{0668A9A4-816F-45FC-8FF2-077C44C8A428}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [TCP Query User{84E28F8B-CA08-4DC8-BB8A-9DF711280C7B}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [UDP Query User{ABC15052-4E47-460E-85CC-248154B9CECA}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [TCP Query User{D35B6580-F1D8-4196-B6F3-DAED0186E7DC}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{F2E0036E-6785-46F5-AA59-A5C0DCBA15B9}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [{2E7FA420-A310-4400-B791-5B7570DDEA40}] => (Allow) H:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{3A3AD48B-BD87-4F2A-A5F8-361FB6050200}] => (Allow) H:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [TCP Query User{C28438FE-5764-4FA6-865A-ECBA98BCC0CF}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{AE9A1FCC-2806-47B6-A412-EB50EB01E56C}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{911084A3-0070-4ADE-A49C-2931D8126CE9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A60088F-03B3-4F02-8568-BAEA4680A035}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{738E9E66-F20A-4847-B8DC-90CFC2B47F73}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9AFC4B02-19C5-49F9-888C-950953E2716B}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [UDP Query User{EEC425FC-0A96-45D3-9BF4-83988C9E2B0F}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [{EA7E1592-153E-46ED-A2DA-2D899B0EE5E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31E324FA-D15E-4110-AAB6-DDA46C525E86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
31-05-2018 18:40:12 Removed USB BIOS Flashback
31-05-2018 18:40:35 Removed AI Suite II
31-05-2018 18:48:11 Revo Uninstaller Pro's restore point - CSR Harmony Wireless Software Stack
31-05-2018 18:48:30 Removed CSR Harmony Wireless Software Stack.
31-05-2018 19:12:54 Revo Uninstaller Pro's restore point - Ableton Live 9 Lite
31-05-2018 19:13:12 Removed Ableton Live 9 Lite
31-05-2018 19:19:35 Revo Uninstaller Pro's restore point - XLN Online Installer
31-05-2018 19:22:56 Revo Uninstaller Pro's restore point - WinX Blu-ray Decrypter 3.2.0
31-05-2018 19:30:40 Revo Uninstaller Pro's restore point - GameRanger
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2018 03:23:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (06/01/2018 03:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/01/2018 09:27:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (06/01/2018 09:27:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 09:32:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (05/31/2018 07:12:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {10b3202a-bdf8-4c90-a84e-7dccbe870cc9}
 
Error: (05/31/2018 06:55:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (05/31/2018 06:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17514, time stamp: 0x4ce7b4e7
Faulting module name: csrportmon.dll_unloaded, version: 0.0.0.0, time stamp: 0x4dde5365
Exception code: 0xc0000005
Fault offset: 0x000007feec35ba10
Faulting process id: 0x6b0
Faulting application start time: 0x01d3f9634897c367
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: csrportmon.dll
Report Id: dda989ee-6557-11e8-8968-7c5cf8efb1df
 
 
System errors:
=============
Error: (06/01/2018 04:20:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 04:20:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:48:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:48:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:32:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:32:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/01/2018 03:24:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/01/2018 03:24:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-01 17:20:30.129
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 15:17:38.214
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 10:09:13.807
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-01 09:27:59.820
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 21:40:40.323
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 21:31:58.526
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 18:56:10.104
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-05-31 18:45:47.039
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 23%
Total physical RAM: 16283.5 MB
Available physical RAM: 12517.25 MB
Total Virtual: 32565.19 MB
Available Virtual: 28285.01 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:187.08 GB) NTFS
Drive f: (Mars) (Fixed) (Total:465.76 GB) (Free:381.51 GB) NTFS
Drive g: (Pluto) (Fixed) (Total:200 GB) (Free:108.05 GB) NTFS
Drive h: (Hoth) (Fixed) (Total:931.51 GB) (Free:308.58 GB) NTFS
Drive i: (Saturn) (Fixed) (Total:1062.89 GB) (Free:200.65 GB) NTFS
Drive o: (T-600 GOLD) (Removable) (Total:14.87 GB) (Free:14.19 GB) FAT32
Drive q: (Ryloth) (Fixed) (Total:1953.12 GB) (Free:1718.23 GB) NTFS
Drive r: (Scarif) (Fixed) (Total:1772.77 GB) (Free:583.87 GB) NTFS
Drive s: (Mercury) (Fixed) (Total:600 GB) (Free:57.37 GB) NTFS
 
\\?\Volume{92252ac3-a9cc-11e5-aced-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6C2710D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D7729B52)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
 
==================== End of Addition.txt ============================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   5.21KB   83 downloads

Run FRST and press Fix  (PC will reboot)
A fix log will be generated please post that

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow


Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Return to the elevated Command Prompt or Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Pretty sure that will get rid of the coin miner.  Not sure about the Russian ads.  You have a browser that FRST doesn't know and you use Private Internet Access VPN.  Either could be the cause of the Russian ads.

 


  • 0

#5
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Okay here is the results from the Fixlog file:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by SkyNet (02-06-2018 12:36:24) Run:1
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HHKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
S2 WinDefendSecurity; C:\Windows\system32\windfn.exe [2218496 2018-05-27] (Microsoft Corporation) [File not signed]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2018-05-27 17:49 - 2018-05-27 17:49 - 002612224 _____ (Microsoft Corporation) C:\Windows\system32\StartupCheckLibrary.dll
2018-05-27 17:49 - 2018-05-27 17:49 - 002218496 _____ (Microsoft Corporation) C:\Windows\system32\windfn.exe
Task: {377718A3-9C49-4F6B-B47E-F4AF82D79B6F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{2F5A4C44-C787-4243-BF67-47A7A6576221} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE:/EXE:{9EE9851F-1ACE-4793-8F9F-F6086C9F532B} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] 
MSCONFIG\startupreg: tixati => "C:\Program Files\tixati\tixati.exe" -startminimized -d1
Folder: C:\Windows\system32\unknown
C:\Windows\system32\StartupCheckLibrary.dll
C:\Windows\system32\windfn.exe
C:\Windows\system32\diskdriver.exe
CMD: mkdir C:\Windows\system32\StartupCheckLibrary.dll
CMD: mkdir C:\Windows\system32\windfn.exe
CMD: mkdir C:\Windows\system32\diskdriver.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Hdiskdriver" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}" => removed successfully
"HKLM\System\CurrentControlSet\Services\WinDefendSecurity" => removed successfully
WinDefendSecurity => service removed successfully
"HKLM\System\CurrentControlSet\Services\btwl2cap" => removed successfully
btwl2cap => service removed successfully
"HKLM\System\CurrentControlSet\Services\btwrchid" => removed successfully
btwrchid => service removed successfully
"HKLM\System\CurrentControlSet\Services\dbx" => removed successfully
dbx => service removed successfully
"HKLM\System\CurrentControlSet\Services\lmimirr" => removed successfully
lmimirr => service removed successfully
"HKLM\System\CurrentControlSet\Services\VGPU" => removed successfully
VGPU => service removed successfully
C:\Windows\system32\StartupCheckLibrary.dll => moved successfully
C:\Windows\system32\windfn.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{377718A3-9C49-4F6B-B47E-F4AF82D79B6F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{377718A3-9C49-4F6B-B47E-F4AF82D79B6F}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221}.job => moved successfully
C:\Windows\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}.job => moved successfully
C:\Windows => ":nlsPreferences" ADS removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tixati" => removed successfully
 
========================= Folder: C:\Windows\system32\unknown ========================
 
2018-05-27 17:40 - 2018-05-27 17:40 - 000456792 ____A [829D0E3AC3BAD6591B571C33CC498B5B] (Khronos Group) C:\Windows\system32\unknown\OpenCL32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000551680 ____A [FEBEFBB2186E5A47793B752BF02BE1B9] (Khronos Group) C:\Windows\system32\unknown\OpenCL64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001019296 ____A [CD1C858788351D663C5AD023F389DFA4] () C:\Windows\system32\unknown\VulkanRT-Installer.exe
 
====== End of Folder: ======
 
"C:\Windows\system32\StartupCheckLibrary.dll" => not found
"C:\Windows\system32\windfn.exe" => not found
"C:\Windows\system32\diskdriver.exe" => not found
 
========= mkdir C:\Windows\system32\StartupCheckLibrary.dll =========
 
 
========= End of CMD: =========
 
 
========= mkdir C:\Windows\system32\windfn.exe =========
 
 
========= End of CMD: =========
 
 
========= mkdir C:\Windows\system32\diskdriver.exe =========
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:36:45 ====
 
 
 
This is the log from the Junk.txt
 
2018-06-02 12:44:28, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:28, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:29, Info                  CSI    0000000c [SR] Verify complete
2018-06-02 12:44:29, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:29, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:30, Info                  CSI    00000010 [SR] Verify complete
2018-06-02 12:44:30, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:30, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:31, Info                  CSI    00000014 [SR] Verify complete
2018-06-02 12:44:31, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:31, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:32, Info                  CSI    00000018 [SR] Verify complete
2018-06-02 12:44:32, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:32, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:33, Info                  CSI    0000001c [SR] Verify complete
2018-06-02 12:44:33, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:33, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:34, Info                  CSI    00000020 [SR] Verify complete
2018-06-02 12:44:34, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:34, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:36, Info                  CSI    00000025 [SR] Verify complete
2018-06-02 12:44:36, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:36, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:38, Info                  CSI    0000002b [SR] Verify complete
2018-06-02 12:44:38, Info                  CSI    0000002c [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:38, Info                  CSI    0000002d [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:40, Info                  CSI    00000031 [SR] Verify complete
2018-06-02 12:44:40, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:40, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:41, Info                  CSI    00000035 [SR] Verify complete
2018-06-02 12:44:41, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:41, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:43, Info                  CSI    0000003c [SR] Verify complete
2018-06-02 12:44:43, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:43, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:47, Info                  CSI    00000060 [SR] Verify complete
2018-06-02 12:44:47, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:47, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:49, Info                  CSI    00000064 [SR] Verify complete
2018-06-02 12:44:49, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:49, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:51, Info                  CSI    00000068 [SR] Verify complete
2018-06-02 12:44:51, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:51, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:53, Info                  CSI    0000006c [SR] Verify complete
2018-06-02 12:44:53, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:53, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:54, Info                  CSI    00000070 [SR] Verify complete
2018-06-02 12:44:55, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:55, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2018-06-02 12:44:57, Info                  CSI    00000074 [SR] Verify complete
2018-06-02 12:44:57, Info                  CSI    00000075 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:44:57, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:01, Info                  CSI    00000099 [SR] Verify complete
2018-06-02 12:45:01, Info                  CSI    0000009a [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:01, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:03, Info                  CSI    0000009d [SR] Verify complete
2018-06-02 12:45:04, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:04, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:10, Info                  CSI    000000a1 [SR] Verify complete
2018-06-02 12:45:10, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:10, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:13, Info                  CSI    000000a7 [SR] Verify complete
2018-06-02 12:45:14, Info                  CSI    000000a8 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:14, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:15, Info                  CSI    000000ab [SR] Verify complete
2018-06-02 12:45:15, Info                  CSI    000000ac [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:15, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:15, Info                  CSI    000000af [SR] Verify complete
2018-06-02 12:45:16, Info                  CSI    000000b0 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:16, Info                  CSI    000000b1 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:16, Info                  CSI    000000b3 [SR] Verify complete
2018-06-02 12:45:17, Info                  CSI    000000b4 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:17, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:21, Info                  CSI    000000c8 [SR] Verify complete
2018-06-02 12:45:22, Info                  CSI    000000c9 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:22, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:22, Info                  CSI    000000cc [SR] Verify complete
2018-06-02 12:45:23, Info                  CSI    000000cd [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:23, Info                  CSI    000000ce [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:24, Info                  CSI    000000d0 [SR] Verify complete
2018-06-02 12:45:24, Info                  CSI    000000d1 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:24, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:25, Info                  CSI    000000d4 [SR] Verify complete
2018-06-02 12:45:25, Info                  CSI    000000d5 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:25, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:27, Info                  CSI    000000d8 [SR] Verify complete
2018-06-02 12:45:27, Info                  CSI    000000d9 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:27, Info                  CSI    000000da [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:30, Info                  CSI    000000dd [SR] Verify complete
2018-06-02 12:45:31, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:31, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:32, Info                  CSI    000000e1 [SR] Verify complete
2018-06-02 12:45:32, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:32, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:33, Info                  CSI    000000e5 [SR] Verify complete
2018-06-02 12:45:33, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:33, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:35, Info                  CSI    000000e9 [SR] Verify complete
2018-06-02 12:45:35, Info                  CSI    000000ea [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:35, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:36, Info                  CSI    000000ed [SR] Verify complete
2018-06-02 12:45:36, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:36, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:39, Info                  CSI    000000f1 [SR] Verify complete
2018-06-02 12:45:39, Info                  CSI    000000f2 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:39, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:44, Info                  CSI    00000100 [SR] Verify complete
2018-06-02 12:45:44, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:44, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:47, Info                  CSI    0000010f [SR] Verify complete
2018-06-02 12:45:47, Info                  CSI    00000110 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:47, Info                  CSI    00000111 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:49, Info                  CSI    00000113 [SR] Verify complete
2018-06-02 12:45:49, Info                  CSI    00000114 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:49, Info                  CSI    00000115 [SR] Beginning Verify and Repair transaction
2018-06-02 12:45:57, Info                  CSI    00000117 [SR] Verify complete
2018-06-02 12:45:57, Info                  CSI    00000118 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:45:57, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:02, Info                  CSI    0000011c [SR] Verify complete
2018-06-02 12:46:02, Info                  CSI    0000011d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:02, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:04, Info                  CSI    00000120 [SR] Verify complete
2018-06-02 12:46:05, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:05, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:06, Info                  CSI    00000124 [SR] Verify complete
2018-06-02 12:46:06, Info                  CSI    00000125 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:06, Info                  CSI    00000126 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:08, Info                  CSI    00000128 [SR] Verify complete
2018-06-02 12:46:08, Info                  CSI    00000129 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:08, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:10, Info                  CSI    0000012e [SR] Verify complete
2018-06-02 12:46:10, Info                  CSI    0000012f [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:10, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:11, Info                  CSI    00000132 [SR] Verify complete
2018-06-02 12:46:11, Info                  CSI    00000133 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:11, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:17, Info                  CSI    00000136 [SR] Verify complete
2018-06-02 12:46:18, Info                  CSI    00000137 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:18, Info                  CSI    00000138 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:19, Info                  CSI    0000013b [SR] Verify complete
2018-06-02 12:46:19, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:19, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:22, Info                  CSI    00000140 [SR] Verify complete
2018-06-02 12:46:22, Info                  CSI    00000141 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:22, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:25, Info                  CSI    00000144 [SR] Verify complete
2018-06-02 12:46:25, Info                  CSI    00000145 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:25, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:28, Info                  CSI    00000149 [SR] Verify complete
2018-06-02 12:46:28, Info                  CSI    0000014a [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:28, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:30, Info                  CSI    0000014d [SR] Verify complete
2018-06-02 12:46:30, Info                  CSI    0000014e [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:30, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:32, Info                  CSI    00000151 [SR] Verify complete
2018-06-02 12:46:32, Info                  CSI    00000152 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:32, Info                  CSI    00000153 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:34, Info                  CSI    00000155 [SR] Verify complete
2018-06-02 12:46:34, Info                  CSI    00000156 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:34, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:36, Info                  CSI    0000015a [SR] Verify complete
2018-06-02 12:46:36, Info                  CSI    0000015b [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:36, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:37, Info                  CSI    0000015e [SR] Verify complete
2018-06-02 12:46:37, Info                  CSI    0000015f [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:37, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:40, Info                  CSI    00000163 [SR] Verify complete
2018-06-02 12:46:40, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:40, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:42, Info                  CSI    00000167 [SR] Verify complete
2018-06-02 12:46:42, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:42, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:44, Info                  CSI    0000016d [SR] Verify complete
2018-06-02 12:46:44, Info                  CSI    0000016e [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:44, Info                  CSI    0000016f [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:47, Info                  CSI    00000171 [SR] Verify complete
2018-06-02 12:46:47, Info                  CSI    00000172 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:47, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:49, Info                  CSI    00000176 [SR] Verify complete
2018-06-02 12:46:50, Info                  CSI    00000177 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:50, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:51, Info                  CSI    0000017a [SR] Verify complete
2018-06-02 12:46:51, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:51, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:52, Info                  CSI    0000017e [SR] Verify complete
2018-06-02 12:46:52, Info                  CSI    0000017f [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:52, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:54, Info                  CSI    00000182 [SR] Verify complete
2018-06-02 12:46:54, Info                  CSI    00000183 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:54, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:55, Info                  CSI    00000186 [SR] Verify complete
2018-06-02 12:46:55, Info                  CSI    00000187 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:55, Info                  CSI    00000188 [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:57, Info                  CSI    0000018a [SR] Verify complete
2018-06-02 12:46:57, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:57, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2018-06-02 12:46:59, Info                  CSI    0000018e [SR] Verify complete
2018-06-02 12:46:59, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:46:59, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:00, Info                  CSI    00000192 [SR] Verify complete
2018-06-02 12:47:00, Info                  CSI    00000193 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:00, Info                  CSI    00000194 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:03, Info                  CSI    00000196 [SR] Verify complete
2018-06-02 12:47:03, Info                  CSI    00000197 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:03, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:10, Info                  CSI    0000019a [SR] Verify complete
2018-06-02 12:47:10, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:10, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:12, Info                  CSI    0000019e [SR] Verify complete
2018-06-02 12:47:12, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:12, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:14, Info                  CSI    000001a2 [SR] Verify complete
2018-06-02 12:47:14, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:14, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:15, Info                  CSI    000001a6 [SR] Verify complete
2018-06-02 12:47:15, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:15, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:16, Info                  CSI    000001aa [SR] Verify complete
2018-06-02 12:47:16, Info                  CSI    000001ab [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:16, Info                  CSI    000001ac [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:17, Info                  CSI    000001ae [SR] Verify complete
2018-06-02 12:47:18, Info                  CSI    000001af [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:18, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:21, Info                  CSI    000001b8 [SR] Verify complete
2018-06-02 12:47:21, Info                  CSI    000001b9 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:21, Info                  CSI    000001ba [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:22, Info                  CSI    000001bc [SR] Verify complete
2018-06-02 12:47:22, Info                  CSI    000001bd [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:22, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:23, Info                  CSI    000001c0 [SR] Verify complete
2018-06-02 12:47:23, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:23, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:24, Info                  CSI    000001c4 [SR] Verify complete
2018-06-02 12:47:24, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:24, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:25, Info                  CSI    000001c8 [SR] Verify complete
2018-06-02 12:47:26, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:26, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:28, Info                  CSI    000001cd [SR] Verify complete
2018-06-02 12:47:28, Info                  CSI    000001ce [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:28, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:31, Info                  CSI    000001d1 [SR] Verify complete
2018-06-02 12:47:31, Info                  CSI    000001d2 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:31, Info                  CSI    000001d3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:32, Info                  CSI    000001d5 [SR] Verify complete
2018-06-02 12:47:32, Info                  CSI    000001d6 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:32, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:34, Info                  CSI    000001d9 [SR] Verify complete
2018-06-02 12:47:34, Info                  CSI    000001da [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:34, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:39, Info                  CSI    000001e0 [SR] Verify complete
2018-06-02 12:47:40, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:40, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:42, Info                  CSI    000001e7 [SR] Verify complete
2018-06-02 12:47:42, Info                  CSI    000001e8 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:42, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:45, Info                  CSI    000001ec [SR] Verify complete
2018-06-02 12:47:45, Info                  CSI    000001ed [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:45, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:47, Info                  CSI    000001f9 [SR] Verify complete
2018-06-02 12:47:47, Info                  CSI    000001fa [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:47, Info                  CSI    000001fb [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:49, Info                  CSI    000001fd [SR] Repairing corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files (x86)\Windows NT\Accessories"\[l:22{11}]"wordpad.exe" from store
2018-06-02 12:47:49, Info                  CSI    000001fe [SR] Repairing corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files (x86)\Windows NT\Accessories"\[l:34{17}]"WordpadFilter.dll" from store
2018-06-02 12:47:50, Info                  CSI    00000203 [SR] Verify complete
2018-06-02 12:47:50, Info                  CSI    00000204 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:50, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:51, Info                  CSI    00000207 [SR] Verify complete
2018-06-02 12:47:52, Info                  CSI    00000208 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:52, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:53, Info                  CSI    0000020d [SR] Verify complete
2018-06-02 12:47:53, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:53, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:54, Info                  CSI    00000211 [SR] Verify complete
2018-06-02 12:47:54, Info                  CSI    00000212 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:54, Info                  CSI    00000213 [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:57, Info                  CSI    00000238 [SR] Verify complete
2018-06-02 12:47:57, Info                  CSI    00000239 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:57, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2018-06-02 12:47:59, Info                  CSI    0000023c [SR] Verify complete
2018-06-02 12:47:59, Info                  CSI    0000023d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:47:59, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:00, Info                  CSI    00000240 [SR] Verify complete
2018-06-02 12:48:01, Info                  CSI    00000241 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:01, Info                  CSI    00000242 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:02, Info                  CSI    00000250 [SR] Verify complete
2018-06-02 12:48:02, Info                  CSI    00000251 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:02, Info                  CSI    00000252 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:04, Info                  CSI    00000254 [SR] Verify complete
2018-06-02 12:48:04, Info                  CSI    00000255 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:04, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:07, Info                  CSI    0000025f [SR] Verify complete
2018-06-02 12:48:08, Info                  CSI    00000260 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:08, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:10, Info                  CSI    00000268 [SR] Verify complete
2018-06-02 12:48:10, Info                  CSI    00000269 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:10, Info                  CSI    0000026a [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:11, Info                  CSI    0000026c [SR] Verify complete
2018-06-02 12:48:11, Info                  CSI    0000026d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:11, Info                  CSI    0000026e [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:13, Info                  CSI    00000270 [SR] Verify complete
2018-06-02 12:48:13, Info                  CSI    00000271 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:13, Info                  CSI    00000272 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:14, Info                  CSI    00000274 [SR] Verify complete
2018-06-02 12:48:14, Info                  CSI    00000275 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:14, Info                  CSI    00000276 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:16, Info                  CSI    00000278 [SR] Verify complete
2018-06-02 12:48:16, Info                  CSI    00000279 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:16, Info                  CSI    0000027a [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:17, Info                  CSI    0000027c [SR] Verify complete
2018-06-02 12:48:18, Info                  CSI    0000027d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:18, Info                  CSI    0000027e [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:19, Info                  CSI    00000280 [SR] Verify complete
2018-06-02 12:48:19, Info                  CSI    00000281 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:19, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:23, Info                  CSI    0000029c [SR] Verify complete
2018-06-02 12:48:23, Info                  CSI    0000029d [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:23, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:31, Info                  CSI    000002a0 [SR] Verify complete
2018-06-02 12:48:31, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:31, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:33, Info                  CSI    000002a4 [SR] Verify complete
2018-06-02 12:48:33, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:33, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:34, Info                  CSI    000002a8 [SR] Verify complete
2018-06-02 12:48:34, Info                  CSI    000002a9 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:34, Info                  CSI    000002aa [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:35, Info                  CSI    000002ae [SR] Verify complete
2018-06-02 12:48:35, Info                  CSI    000002af [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:35, Info                  CSI    000002b0 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:36, Info                  CSI    000002b2 [SR] Verify complete
2018-06-02 12:48:36, Info                  CSI    000002b3 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:36, Info                  CSI    000002b4 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:38, Info                  CSI    000002b6 [SR] Verify complete
2018-06-02 12:48:38, Info                  CSI    000002b7 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:38, Info                  CSI    000002b8 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:39, Info                  CSI    000002ba [SR] Verify complete
2018-06-02 12:48:39, Info                  CSI    000002bb [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:39, Info                  CSI    000002bc [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:41, Info                  CSI    000002bf [SR] Verify complete
2018-06-02 12:48:41, Info                  CSI    000002c0 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:41, Info                  CSI    000002c1 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:42, Info                  CSI    000002c3 [SR] Verify complete
2018-06-02 12:48:42, Info                  CSI    000002c4 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:42, Info                  CSI    000002c5 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:43, Info                  CSI    000002c7 [SR] Verify complete
2018-06-02 12:48:44, Info                  CSI    000002c8 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:44, Info                  CSI    000002c9 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:45, Info                  CSI    000002cb [SR] Verify complete
2018-06-02 12:48:45, Info                  CSI    000002cc [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:45, Info                  CSI    000002cd [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:46, Info                  CSI    000002ce [SR] Repairing corrupted file [ml:520{260},l:110{55}]"\??\C:\Program Files (x86)\Windows NT\Accessories\en-US"\[l:30{15}]"wordpad.exe.mui" from store
2018-06-02 12:48:47, Info                  CSI    000002d1 [SR] Verify complete
2018-06-02 12:48:47, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:47, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:56, Info                  CSI    000002d5 [SR] Verify complete
2018-06-02 12:48:56, Info                  CSI    000002d6 [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:56, Info                  CSI    000002d7 [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:58, Info                  CSI    000002d9 [SR] Verify complete
2018-06-02 12:48:58, Info                  CSI    000002da [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:58, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
2018-06-02 12:48:59, Info                  CSI    000002dd [SR] Verify complete
2018-06-02 12:48:59, Info                  CSI    000002de [SR] Verifying 100 (0x0000000000000064) components
2018-06-02 12:48:59, Info                  CSI    000002df [SR] Beginning Verify and Repair transaction
2018-06-02 12:49:01, Info                  CSI    000002e1 [SR] Verify complete
2018-06-02 12:49:01, Info                  CSI    000002e2 [SR] Verifying 17 (0x0000000000000011) components
2018-06-02 12:49:01, Info                  CSI    000002e3 [SR] Beginning Verify and Repair transaction
2018-06-02 12:49:01, Info                  CSI    000002e5 [SR] Verify complete
2018-06-02 12:49:01, Info                  CSI    000002e6 [SR] Repairing 2 components
2018-06-02 12:49:01, Info                  CSI    000002e7 [SR] Beginning Verify and Repair transaction
2018-06-02 12:49:01, Info                  CSI    000002e8 [SR] Repairing corrupted file [ml:520{260},l:110{55}]"\??\C:\Program Files (x86)\Windows NT\Accessories\en-US"\[l:30{15}]"wordpad.exe.mui" from store
2018-06-02 12:49:01, Info                  CSI    000002e9 [SR] Repairing corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files (x86)\Windows NT\Accessories"\[l:22{11}]"wordpad.exe" from store
2018-06-02 12:49:01, Info                  CSI    000002ea [SR] Repairing corrupted file [ml:520{260},l:98{49}]"\??\C:\Program Files (x86)\Windows NT\Accessories"\[l:34{17}]"WordpadFilter.dll" from store
2018-06-02 12:49:01, Info                  CSI    000002ec [SR] Repair complete
2018-06-02 12:49:01, Info                  CSI    000002ed [SR] Committing transaction
2018-06-02 12:49:01, Info                  CSI    000002f1 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 
 
 
 
1st VEW Log:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/06/2018 12:56:18 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/06/2018 10:55:43 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 02/06/2018 10:55:43 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 02/06/2018 10:47:42 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 02/06/2018 10:47:42 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 02/06/2018 10:43:41 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 02/06/2018 10:43:41 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 02/06/2018 10:41:40 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 02/06/2018 10:41:40 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 02/06/2018 10:40:41 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 02/06/2018 10:40:41 PM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 02/06/2018 10:40:22 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Core Storage Volumes Driver service failed to start due to the following error:  A device attached to the system is not functioning.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/06/2018 10:50:18 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.gateway.ht.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 02/06/2018 10:41:16 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name junvjrgtsq.gateway.ht.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 02/06/2018 10:37:04 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 02/06/2018 10:37:04 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
 
 
 
2nd VEW Log:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/06/2018 12:58:26 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/06/2018 10:41:45 PM
Type: Error Category: 0
Event: 4107 Source: Microsoft-Windows-CAPI2
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .
 
Log: 'Application' Date/Time: 02/06/2018 10:40:33 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
The event description cannot be found.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.06.2018
Ran by SkyNet (administrator) on SKYNET-SYSTEMS (02-06-2018 13:00:19)
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINBE.EXE
(Epic Privacy Browser) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe [0 2018-06-02] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-05-18] (Epic Privacy Browser)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\MountPoints2: {e08f94a0-81e1-11e7-9180-7c5cf8efb1df} - O:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{0106C499-AACA-48BE-AF96-B40332427A56}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{7D8893E0-C1FA-44BA-B6A2-3CD6574C780F}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{AC203D52-C6E6-42A8-AD7B-233D446FD834}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{BDF7F6CA-FCE0-463B-8573-872A301D511B}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C3273B72-6137-46B4-B56D-6577F37FD1CE}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050004005_1.13.424807.562_u_hp
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5 [2018-06-02] [Legacy] [not signed]
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default [2018-05-18]
CHR Extension: (YouTube) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Adblock Plus) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (Google Search) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-04-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24]
CHR Extension: (uBlock) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-05-12]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-10]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249312 2017-12-20] (DTS, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183568 2017-06-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2012-04-18] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2016-07-12] (Advanced Micro Devices Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2016-07-12] (IVT Corporation.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1560552 2017-12-20] (Motorola Solutions, Inc.)
S2 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-12] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [206344 2017-12-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-02] (Malwarebytes)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3427848 2017-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-20] (NVIDIA Corporation)
S3 Revoflt; C:\Windows\SysWOW64\DRIVERS\revoflt.sys [40240 2016-12-21] (VS Revo Group)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-02 12:56 - 2018-06-02 12:58 - 000001074 _____ C:\VEW.txt
2018-06-02 12:53 - 2018-06-02 12:53 - 000038017 _____ C:\Users\SkyNet\Desktop\junk.txt
2018-06-02 12:36 - 2018-06-02 12:36 - 000006515 _____ C:\Users\SkyNet\Desktop\Fixlog.txt
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\windfn.exe
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\StartupCheckLibrary.dll
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\diskdriver.exe
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Users\SkyNet\Desktop\FRST-OlderVersion
2018-06-02 05:51 - 2018-06-02 05:51 - 000061440 _____ ( ) C:\Users\SkyNet\Desktop\VEW.exe
2018-06-01 20:04 - 2018-06-01 20:04 - 000000000 ____D C:\Users\SkyNet\Desktop\save3dmgames
2018-06-01 17:22 - 2018-06-01 17:22 - 000088253 _____ C:\Users\SkyNet\Desktop\Addition.txt
2018-06-01 17:21 - 2018-06-02 13:00 - 000027030 _____ C:\Users\SkyNet\Desktop\FRST.txt
2018-06-01 17:20 - 2018-06-02 12:36 - 002413056 _____ (Farbar) C:\Users\SkyNet\Desktop\FRST64.exe
2018-05-30 17:01 - 2018-06-02 12:40 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 17:01 - 2018-06-02 12:40 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 17:01 - 2018-06-02 12:40 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 17:01 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 16:35 - 2018-06-02 13:00 - 000000000 ____D C:\FRST
2018-05-30 16:34 - 2018-05-30 16:34 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-29 17:12 - 2018-05-29 19:27 - 411273012 _____ C:\Users\SkyNet\Desktop\Death Wish (2018).mkv
2018-05-28 15:54 - 2018-05-28 15:54 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-28 13:12 - 2018-05-28 13:12 - 000000000 ____D C:\Program Files\ESET
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 __SHD C:\ProgramData\DSS
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\Users\SkyNet\Documents\EA Games
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 17:47 - 2018-05-27 17:47 - 015211584 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006463128 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006270152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006105024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 17:47 - 2018-05-27 17:47 - 005938872 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005593576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003571504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003410288 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003299776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003145872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002992144 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002190944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001591016 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001382200 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001242440 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001154912 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001105920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001009544 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001003816 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000986960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000973568 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000899488 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000604752 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000441224 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000392832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000366080 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000315936 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000278232 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000166160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000075504 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 17:46 - 2018-05-27 17:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 17:46 - 2018-05-27 17:46 - 015464151 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 17:46 - 2018-05-27 17:46 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 17:42 - 2018-05-27 17:42 - 000226280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 17:42 - 2018-05-27 17:42 - 000046064 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:40 - 2018-05-27 17:41 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:40 - 2018-05-27 17:40 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 038468128 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 031271232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 030741024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 025984920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 020264848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 019009672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 017776824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 016973216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 17:40 - 2018-05-27 17:40 - 015619736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 015189168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 004046088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003962272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003495000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001561536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001417304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001215424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001091616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000182776 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-27 13:45 - 2015-07-18 03:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:32 - 2018-04-29 05:27 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2018-05-27 13:32 - 2018-01-28 13:09 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2018-05-25 17:06 - 2018-05-25 17:06 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\EasyAntiCheat
2018-05-23 11:53 - 2018-05-23 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 07:06 - 2018-05-21 07:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 07:06 - 2018-05-21 07:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-18 16:07 - 2018-05-18 16:08 - 000000000 ____D C:\Users\SkyNet\Documents\Flight Simulator X Files
2018-05-18 09:50 - 2018-05-18 09:50 - 000002384 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
2018-05-18 09:49 - 2018-05-18 09:50 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Epic Privacy Browser
2018-05-18 09:49 - 2018-05-18 09:49 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
2018-05-13 12:24 - 2018-05-13 12:24 - 004642685 _____ C:\Users\SkyNet\Desktop\Millennial Falcon.psd
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Users\SkyNet\AppData\Local\bunkus.org
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 23
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Program Files\MKVToolNix 23
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake Nightly
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\HandBrake
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Program Files\HandBrake Nightly
2018-05-09 20:56 - 2018-05-09 20:56 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-09 20:56 - 2018-05-09 20:56 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-09 19:01 - 2018-05-09 19:01 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 5
2018-05-09 18:57 - 2018-05-09 18:57 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 6
2018-05-09 12:02 - 2018-05-09 12:02 - 000000000 _____ C:\Windows\system32\dir
2018-05-07 19:05 - 2018-05-07 19:06 - 000000000 ____D C:\ffmpeg
2018-05-06 16:15 - 2018-05-19 09:32 - 000000000 ____D C:\Users\SkyNet\Desktop\100NCD90
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\mkvtoolnix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Program Files (x86)\MKVToolNix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-02 12:55 - 2015-12-24 08:48 - 000000000 ____D C:\Incoming
2018-06-02 12:49 - 2009-07-13 17:20 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-06-02 12:47 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-02 12:47 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-02 12:46 - 2009-07-13 19:13 - 000794582 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-02 12:46 - 2009-07-13 17:20 - 000000000 ____D C:\Windows\inf
2018-06-02 12:40 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-02 12:40 - 2009-07-13 19:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-02 12:36 - 2015-12-29 09:36 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\DMCache
2018-06-02 12:36 - 2015-12-23 21:32 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\tixati
2018-06-01 21:45 - 2017-03-18 17:08 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Fallout4
2018-06-01 20:07 - 2016-10-26 17:45 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\ProgramData\XLN Audio
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\Program Files\XLN Audio
2018-05-31 19:20 - 2018-01-27 17:39 - 000000000 ____D C:\Users\SkyNet\Documents\XLN Online Installer
2018-05-31 18:40 - 2015-12-23 20:04 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-31 18:40 - 2015-12-23 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-31 18:40 - 2015-12-23 19:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 17:41 - 2015-12-24 08:31 - 000000000 ___RD C:\Users\SkyNet\Dropbox
2018-05-31 15:50 - 2015-12-23 20:23 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-05-30 17:01 - 2015-12-24 08:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-29 17:22 - 2017-01-12 18:28 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CrashDumps
2018-05-29 17:21 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-29 08:49 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\brave
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files\Rockstar Games
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-05-27 17:50 - 2016-04-13 11:05 - 000000398 __RSH C:\ProgramData\ntuser.pol
2018-05-27 17:49 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-27 17:47 - 2016-12-24 19:51 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 17:47 - 2016-10-10 16:36 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 17:47 - 2016-10-10 11:32 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 17:42 - 2017-01-11 19:04 - 001688104 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-27 17:40 - 2017-01-12 19:12 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 023241960 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 004573960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-27 17:30 - 2016-07-12 16:43 - 000000000 ____D C:\ProgramData\ProductData
2018-05-27 17:29 - 2016-10-10 16:46 - 000002900 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SkyNet)
2018-05-27 13:45 - 2015-12-23 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 17:07 - 2015-12-28 17:56 - 000000000 ____D C:\Users\SkyNet\Documents\My Games
2018-05-24 13:53 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Local\brave
2018-05-23 11:53 - 2015-12-24 08:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-20 12:54 - 2016-07-12 12:45 - 000000000 ____D C:\Users\SkyNet\AppData\Local\ElevatedDiagnostics
2018-05-19 22:14 - 2016-07-05 18:12 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CAPCOM
2018-05-18 16:17 - 2015-12-24 08:29 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 16:17 - 2015-12-24 08:29 - 000003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 16:12 - 2016-10-10 11:58 - 000416816 _____ C:\Users\SkyNet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 16:11 - 2009-07-13 18:45 - 005920168 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-18 16:07 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-18 16:02 - 2016-10-23 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2018-05-17 09:02 - 2015-12-23 09:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 18:37 - 2015-12-23 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 18:37 - 2015-12-23 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 14:26 - 2018-05-02 22:08 - 000011776 _____ C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-15 18:38 - 2017-05-16 11:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 18:38 - 2017-05-16 11:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 20:18 - 2017-12-21 19:01 - 000000000 ____D C:\Users\SkyNet\Documents\Manuals
2018-05-14 20:18 - 2016-10-18 22:37 - 000000000 ____D C:\Users\SkyNet\Documents\PDFs
2018-05-09 20:54 - 2016-10-10 11:34 - 000786820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-07 09:16 - 2017-01-12 19:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-07 09:15 - 2017-01-11 19:05 - 005947976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 001767552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000634952 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000450856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000124384 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
 
==================== Files in the root of some directories =======
 
2017-05-06 17:54 - 2017-05-06 17:54 - 000000087 _____ () C:\Users\SkyNet\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-01-12 21:12 - 2018-01-12 21:12 - 000000171 _____ () C:\Users\SkyNet\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-01-12 21:12 - 2018-01-12 21:12 - 000000304 _____ () C:\Users\SkyNet\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-01-12 21:12 - 2018-01-12 21:12 - 000000175 _____ () C:\Users\SkyNet\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-01-26 17:41 - 2017-01-26 17:42 - 000001456 _____ () C:\Users\SkyNet\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ () C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ () C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2017-03-02 21:07 - 2017-03-02 21:07 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{86098965-5FBF-4491-9F48-24AD67142EBD}
2017-01-14 12:42 - 2017-01-14 12:42 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{F371B246-82C8-4076-8EF4-244595164BBE}
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\diskdriver.exe
C:\Windows\System32\StartupCheckLibrary.dll
C:\Windows\System32\windfn.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 16:30
 
==================== End of FRST.txt ============================
 
 
Addition text:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by SkyNet (02-06-2018 13:00:48)
Running from C:\Users\SkyNet\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-10 21:58:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-407761387-3444271927-348064540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-407761387-3444271927-348064540-1006 - Limited - Enabled)
Guest (S-1-5-21-407761387-3444271927-348064540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-407761387-3444271927-348064540-1008 - Limited - Enabled)
SkyNet (S-1-5-21-407761387-3444271927-348064540-1000 - Administrator - Enabled) => C:\Users\SkyNet
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
300 Modpack 2.1 (HKLM-x32\...\300 Modpack 2.1) (Version:  - )
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\Aliens vs. Predator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Brave) (Version: 0.22.721 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Call of Duty: Ghosts Update 3 (HKLM-x32\...\Q2FsbG9mRHV0eUdob3N0cw==_is1) (Version: 1 - )
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Crysis version 1.21.0.0 (HKLM-x32\...\Crysis_is1) (Version: 1.21.0.0 - Mr DJ)
Crysis Warhead version 1.1.0.0 (HKLM-x32\...\Crysis Warhead_is1) (Version: 1.1.0.0 - Mr DJ)
CRYZENX 1.00 (HKLM-x32\...\CRYZENX 1.00) (Version:  - )
Dirt.4.v1.04-ENG.repack version 1.04 (HKLM-x32\...\{32FFCB8E-23C9-435F-AFC0-7CE64F696FC2}}_is1) (Version: 1.04 - Ali213.net)
Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epic Privacy Browser (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Hawaiian HI Fonts (HKLM\...\{9128B5D4-6CB4-4090-A09B-D4CF850AD5A1}) (Version: 1.0.3.40 - Hale Kuamoo, University of Hawaii at Hilo)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Ignition (HKLM\...\{50DC22E6-B3C7-4C24-B96C-2939DB5AC0D9}) (Version: 1.50.20324.4505 - Powerteq) Hidden
Ignition (HKLM-x32\...\{e44b92d0-30d5-49aa-950e-a01e2fce0811}) (Version: 1.50.20324.4505 - Powerteq)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth®(patch version 17.1.1531.1764) (HKLM\...\{302600C1-6BDF-4FD1-1507-148929CC1385}) (Version: 17.1.1507.0532 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Klingon Academy (HKLM-x32\...\Klingon Academy) (Version:  - )
K-Lite Codec Pack 14.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.0 - KLCP)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MKVToolNix 23.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 23.0.0 - Moritz Bunkus)
Mojo Jojo's Pet Project (HKLM-x32\...\{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}) (Version:  - )
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM-x32\...\Revo Uninstaller Pro 3.2.0) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Sniper - Ghost Warrior 2 — Repacked by R.G. Revenants (HKLM-x32\...\Sniper - Ghost Warrior 2_R.G. Revenants) (Version: 3.4.1.4621 - City Interactive)
SolveigMM AVI Trimmer+ version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.1 - Aspyr)
STAR WARS® - Knights of the Old Republic™ II - The Sith Lords (HKLM-x32\...\1421404581_is1) (Version: 2.0.0.2 - GOG.com)
Subtitle Edit 3.3.5 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.5.1862 - Nikse)
TagScanner 6.0.27 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos version 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider GOTY version 1.1.748.0 (HKLM-x32\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
VidCoder 2.31 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 2.31 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World in Conflict (HKLM-x32\...\World in Conflict) (Version: 1.011 - Ubisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-14] (VS Revo Group)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {44F446AE-529D-481A-BB08-A900F3A53B41} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: {574D6353-DED6-45DC-BD0C-0D75768F3630} - System32\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-13] ()
Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit)
Task: {79C655A7-B86E-480A-A906-6D51938C93AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {B4501B30-6D73-49B8-9145-05858DA45F6E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {BBCD4906-AD2E-4AC3-AF14-89B0ABC94F44} - System32\Tasks\AdobeGCInvoker-1.0-SKYNET-SYSTEMS-SkyNet => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {BE763E74-85F7-4612-B459-06BD2D5EB115} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CE3C1698-CD65-49E2-AB60-D2231AA5D0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {DCA0EAAC-887C-433D-BDEB-13FAA45979E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E3942701-4DA4-446F-A47A-4884A026C1B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {F839542E-ABE6-4270-A40A-8DC32F621586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-20 12:45 - 2016-10-13 13:57 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-03-28 22:31 - 2013-03-28 22:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-23 14:55 - 2016-11-15 07:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-01-11 19:06 - 2016-08-25 13:28 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-05-30 17:01 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-30 17:01 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2015-12-26 12:46 - 2011-03-02 12:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-12-24 08:31 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2017-01-09 18:08 - 2016-11-17 22:14 - 000730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-09 18:08 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-09 18:08 - 2016-11-17 22:12 - 000237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2013-09-17 00:58 - 2013-09-17 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-01-09 18:08 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-09 18:08 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-09 18:08 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-24 08:31 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-06-02 12:40 - 2018-06-02 12:40 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\src\rgloader\rgloader193.mswin.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\bin\libffi-6.dll
2018-06-02 12:40 - 2018-06-02 12:40 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr736A.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\src\rgloader\rgloader193.mswin.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000118784 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000069120 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000083968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\bin\zlib1.dll
2018-06-02 12:40 - 2018-06-02 12:40 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000275968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000015360 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000008192 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000023552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000036352 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\bin\libffi-6.dll
2018-06-02 12:40 - 2018-06-02 12:40 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-02 12:40 - 2018-06-02 12:40 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC63B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-10-13 13:57 - 2016-10-13 13:57 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-10-13 13:57 - 2016-10-13 13:57 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 000847688 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 10:59 - 2018-05-21 07:05 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:35 - 2018-05-21 07:10 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 15:33 - 2018-05-21 07:09 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-24 08:30 - 2018-05-21 07:10 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:01 - 2018-05-21 07:10 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 19:36 - 2018-05-21 07:10 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:36 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 14:11 - 2018-05-21 07:09 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-23 11:53 - 2018-05-21 07:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 18:18 - 2018-05-21 07:10 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-23 20:04 - 2018-06-02 12:42 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-23 20:04 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-25 23:50 - 2018-01-12 11:15 - 000001298 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FB7C27F5-BB80-4ED8-A52E-F204BD37C316}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{9542AAF1-188F-4C71-861A-E752ABC11CFA}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{1CCE33FB-AEEA-4ED8-AF19-C2B396B5D814}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{E1342536-15D0-452F-8FF9-EF3578728F2D}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{5175D9CD-A3FD-4EF4-A80D-AA46C01BD890}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6E5EF3EA-31F2-402C-B458-BB016DB34BB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{B378563C-33B4-49E2-912D-D7C231DB1E6F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{AE11614C-C137-4DF6-86D1-F4C76816BD63}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{0452BC5E-4D0C-43D9-9A5E-28F4028CBAF1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{0ADE0E85-BFE0-482B-A20A-4887E9751D9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{F616906F-6237-47D8-A0C5-AF3BA54D97E4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{99C0B5F5-7B51-4D07-A8D2-0AE91146DB40}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{B0C5662F-C649-4A36-8792-48537527A83C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{141273CE-5FDD-402E-B222-9E13759563E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{35A350FD-94D7-4440-AAD5-82F0C4ACA246}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{8C3DE5BB-FF61-4E70-9A47-8F85DEE903AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{007968BD-260C-4DCE-8A9F-1EA6AF72400E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5685863-D18B-4099-820C-F472BF3D84CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{96E7BE0E-D304-403C-A275-5DCA2FB0302B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{941F3F54-2BD5-4E85-BD36-7BEA0B435FF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDE5C324-684C-4E79-B3BB-C08BBB124967}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{959BB1F3-A68E-4E0E-A5F2-1DEEB86CC41C}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59D8FE2C-0564-4023-8C40-102475C74732}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8D54B22B-A954-496F-901D-9C08FC8A0D19}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{079FC4F4-FAD0-4813-8938-95AC8E0DE885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0628F2CA-7F4B-4A6C-ABAB-E88127310AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1749864-6003-46D3-B48D-FA91635A074D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27FBBF6F-8789-44F7-AF44-DDB719F236E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D796CF0-0B6B-4123-9EE5-FB3045FDEFB1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{C2106B5E-D166-4C23-A572-00D2114EAF76}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{9DA04F3C-ADD7-4DE9-B271-60981EC6B6A2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{011BAD99-FD9F-4C9D-932A-C3FD26172956}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{C9417F31-5112-40C5-9643-CFB0F537EAA9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{881B987B-391D-4938-B34E-E74A2D2CBE2A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8D8F7100-8302-4698-A5C6-0EF070A51474}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8678EAE2-2D5F-45E6-9E2C-DB644A80DF28}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{2CC957B7-C991-4E8B-B4A4-3B023D395393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [TCP Query User{BE7382CB-95AE-429A-821A-60400273278C}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [UDP Query User{0044A1D1-3464-42E8-B96E-9BAD626BC7CC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [TCP Query User{5F9A971F-F2B5-47FB-94CB-2E3C972A5242}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [UDP Query User{2292E954-049F-4D9F-8F1B-4D3B6D27CC33}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A33F7BB0-D522-4AE5-8DC5-822325B276C9}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{E00F54FA-48A5-4A6D-AA1C-8464791B6010}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A895B6AE-F13E-4174-A79E-FD8347F917CA}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{35730279-BF13-4671-8E81-82A1CCB63E1C}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{B7D557E8-EF05-4895-9868-C2BE5DEAA4E6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D91D1AE7-F21D-426C-83D1-AB43FEBC5502}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{0DA2D116-B31F-44F4-96BC-D5BCCB9D8296}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B50FF09C-5F9A-47E9-92F3-166A2CFC1570}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BFB25B55-7634-4A79-9B85-238CBDB85E50}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [UDP Query User{D02F7EB6-3E5C-4E37-8347-6FBDAF3D6096}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{35AECB37-E4C5-4F08-B6BE-A6AFF2AA660D}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{E6656235-82B1-4D03-A36F-29703812A191}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{D0A6F404-E401-460D-8761-283D847FB16C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F5A48009-9391-4A75-82E0-64C42C095BDA}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{E9AA2D51-8AF4-49CF-92EC-EAB695FE018B}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F6F0223E-E183-4BFC-9720-E2B9C1867171}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{169B5F1A-E12A-4DD4-9B61-5EAF08F0313C}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{564BABF5-3AC7-49A0-B215-14B7DC093BA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0575828A-DA83-4013-94FE-52C030651860}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{388BDF3E-E23C-4484-8E2B-0AAFDEB573C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F7CBCA-974E-4DEE-97FA-7AF1D6043384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C4D4BA-DC5D-415E-81C0-4C38D08EA927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D229850E-8137-47F5-8B6D-6BA99B5728B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1672625E-8396-4437-AFA1-2544812F7448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{561E2E6D-9290-4365-8807-BAC94A32B0CE}] => (Allow) LPort=2869
FirewallRules: [{6ED08D25-6A52-4ECD-9CEF-889328ED4F63}] => (Allow) LPort=1900
FirewallRules: [{00F530C6-AE3A-442C-962D-CC9C8C54085C}] => (Allow) LPort=2869
FirewallRules: [{60031D35-ED6F-49C7-97A7-58F109F7534D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9F8DFD05-4F5B-4ED3-9C99-5528A983C57A}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{AA747C07-FD9B-4589-A2A3-9DFE290EAE7F}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [{8B8D43CC-23C4-4883-9A76-889CBAD0B7C8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{AE899E63-7251-4A22-9243-2B18B09C5785}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{287CFD38-8173-4AF5-8A11-32591DCC48A2}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C342F57F-EDB6-42F1-9BE3-E86F57FF46C9}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{77EE1476-DCB7-4A85-A781-1B6E945C05A9}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{6773DDC3-60BD-49A5-B978-81AE305A348B}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{3A8B1383-5526-44B4-8314-B01CB83DD6F2}] => (Block) LPort=445
FirewallRules: [{3CAA6FC2-FA59-40FF-AD08-369F2AEC17B4}] => (Block) LPort=445
FirewallRules: [{43DD8E92-1050-4FEF-AE3B-46C92AC691AC}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{381B961A-83D5-42ED-AD65-C80A4FBCF5EB}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{4908AA1F-EC3F-42DD-8A96-F114ED067D2A}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [UDP Query User{8C50542A-44EE-4306-A90D-93AB8DB8B74B}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{834AD21D-8A0E-42A9-874E-2F96D2691D57}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{69AC1BDD-9F1D-4CF0-9EFD-7703A250A674}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{A5DE2541-A865-4489-835B-F7152B3E8DAB}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{97625A2F-03C2-4658-9704-4639321E880A}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{1E29B81A-BD2E-49AF-A713-F2C0B358D9B2}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{F02C1FE6-8E5E-47FE-921E-00192642F714}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [TCP Query User{C40DCABF-7228-4B5B-92CB-30E629DB7F9E}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{9D0D49D9-32A3-4EAC-B64B-B21DC60B4156}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{F5A98A22-AB34-4F42-8722-0664C26CC0D8}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{C1700217-77DD-4025-BDAC-361288581F78}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{4665A9A8-260F-4AAE-AFA9-79334C1FF388}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [{BBC7C6C9-A363-4950-897A-BD192F1EE47E}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [TCP Query User{92078F10-6042-4519-B1B4-26BBFD9ACEF5}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{F1C038E9-0383-460F-84B2-77C4D534DD9E}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{4D561CC5-30A1-4E9E-96E2-F3EAF3DD9AAC}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{DC245F4A-3DC3-40CE-AFD2-9DD7026F5F6C}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{0F417FB7-9F17-410B-8960-4DE17AAEB626}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{D55F24A3-EB8B-42FB-8771-31FD56C0F857}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{284784CA-48D1-4BF7-A81A-529C35A052E9}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [{BDBC5E1C-0C1A-4ABA-B5EB-82B0D54465F4}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [TCP Query User{956666EC-7408-4005-97D3-4458F7A6535D}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [UDP Query User{6ED08CF2-2311-4CD9-B003-D9C78C3B03DD}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [{D732A50E-88AA-44B8-BE55-964BD4FB659D}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [{96AE1DED-8908-42B2-B433-90732895E166}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [TCP Query User{16514BDC-2796-487A-B1A2-1F687775A690}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [UDP Query User{9839D3C7-6CF6-469E-B71C-4EE3D491B333}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [{C9692BB1-278C-4FA9-B181-A5A8A1EC8927}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [{ED308862-E600-48A2-9A93-932A8CBE1A6D}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [TCP Query User{E0C34252-11D0-4CA7-8ED0-A48B8C2CF3BA}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [UDP Query User{A097959E-765B-49CD-9205-08A0DF668759}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [{4987A6DB-1650-4C11-B488-3FCD3282BB10}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [{6F2A6423-539B-4DD6-AB5A-D77A7A51A8C9}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [TCP Query User{090E6C1D-3F2A-439A-A8C7-2D049A9E59CE}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{43D41ECF-63AC-4D38-8A66-DFDDC6CEDEA2}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{FC3CDEA3-8B96-4847-A0A5-05A8D06BDC90}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{8A01975A-BDC8-4198-8AD6-5762D3D6144A}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BA0CC5F1-8891-4784-8727-FDD6FEFE9A72}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{AF5F8BA9-B4C3-4FBB-AF81-DABB907CF037}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{DE486E41-348B-4867-AD4C-AF539F02A5D3}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{47D0FEEA-A4FC-4D1C-9286-7443E5F0AC10}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9C468828-A775-4BD6-9D0C-A062C8A68FED}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{298F078E-DF83-4D6E-BE6F-1F3B0EBEADFD}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{77086B90-99CE-4C7B-99C7-C92B46989ADA}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{F21326C8-627D-4C0D-AA15-F8313BCA9942}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{57AD44DC-9194-42C2-8492-DF0F6A5A785D}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{50C77D90-6314-46DA-922D-1BA9A5199B11}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{11AE5B51-3D43-4137-AB1E-B5DBAE22B266}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{A1437E5F-4A3D-494B-B95F-EE3917147B2F}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{15BFE731-6C42-426C-817A-A1AB2670C275}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{023B99DE-D2C5-4E0F-83BC-14E91FDE9421}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [{C1737EC2-E06B-4CB0-9CBD-E92C68D36362}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{55428380-F572-4B81-B89F-65C7CBF7A512}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{08C66253-AB20-4EEB-A2AE-3F41D0AB9EC0}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{0668A9A4-816F-45FC-8FF2-077C44C8A428}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [TCP Query User{84E28F8B-CA08-4DC8-BB8A-9DF711280C7B}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [UDP Query User{ABC15052-4E47-460E-85CC-248154B9CECA}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [TCP Query User{D35B6580-F1D8-4196-B6F3-DAED0186E7DC}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{F2E0036E-6785-46F5-AA59-A5C0DCBA15B9}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{C28438FE-5764-4FA6-865A-ECBA98BCC0CF}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{AE9A1FCC-2806-47B6-A412-EB50EB01E56C}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{911084A3-0070-4ADE-A49C-2931D8126CE9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A60088F-03B3-4F02-8568-BAEA4680A035}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{738E9E66-F20A-4847-B8DC-90CFC2B47F73}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9AFC4B02-19C5-49F9-888C-950953E2716B}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [UDP Query User{EEC425FC-0A96-45D3-9BF4-83988C9E2B0F}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [{EA7E1592-153E-46ED-A2DA-2D899B0EE5E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31E324FA-D15E-4110-AAB6-DDA46C525E86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
31-05-2018 18:48:11 Revo Uninstaller Pro's restore point - CSR Harmony Wireless Software Stack
31-05-2018 18:48:30 Removed CSR Harmony Wireless Software Stack.
31-05-2018 19:12:54 Revo Uninstaller Pro's restore point - Ableton Live 9 Lite
31-05-2018 19:13:12 Removed Ableton Live 9 Lite
31-05-2018 19:19:35 Revo Uninstaller Pro's restore point - XLN Online Installer
31-05-2018 19:22:56 Revo Uninstaller Pro's restore point - WinX Blu-ray Decrypter 3.2.0
31-05-2018 19:30:40 Revo Uninstaller Pro's restore point - GameRanger
01-06-2018 20:04:26 Revo Uninstaller Pro's restore point - Far Cry 4 version 1.10.0.0
01-06-2018 20:39:43 Revo Uninstaller Pro's restore point - Far Cry 4 version 1.10.0.0
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2018 12:41:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (06/02/2018 12:40:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/02/2018 12:55:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/02/2018 12:55:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/02/2018 12:47:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/02/2018 12:47:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/02/2018 12:43:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/02/2018 12:43:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/02/2018 12:41:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/02/2018 12:41:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-02 12:40:36.192
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 22%
Total physical RAM: 16283.5 MB
Available physical RAM: 12590.39 MB
Total Virtual: 32565.19 MB
Available Virtual: 28240.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:186.69 GB) NTFS
Drive f: (Mars) (Fixed) (Total:465.76 GB) (Free:381.51 GB) NTFS
Drive g: (Pluto) (Fixed) (Total:200 GB) (Free:107.83 GB) NTFS
Drive h: (Hoth) (Fixed) (Total:931.51 GB) (Free:338.89 GB) NTFS
Drive i: (Saturn) (Fixed) (Total:1062.89 GB) (Free:200.65 GB) NTFS
Drive o: (T-600 GOLD) (Removable) (Total:14.87 GB) (Free:14.19 GB) FAT32
Drive q: (Ryloth) (Fixed) (Total:1953.12 GB) (Free:1718.23 GB) NTFS
Drive r: (Scarif) (Fixed) (Total:1772.77 GB) (Free:583.87 GB) NTFS
Drive s: (Mercury) (Fixed) (Total:600 GB) (Free:57.37 GB) NTFS
 
\\?\Volume{92252ac3-a9cc-11e5-aced-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6C2710D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D7729B52)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
 
==================== End of Addition.txt ============================
 

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Do you still see the coin miner?  I had FRST create three folders with the same names as the infections.  This will prevent a reinstall of the infections but might be detected as evil by MBAM or ESET.

 

This error:

Log: 'System' Date/Time: 02/06/2018 10:40:22 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Core Storage Volumes Driver service failed to start due to the following error:  A device attached to the system is not functioning.
 

 

 

 

is caused by Paragon HFS+ for Windows.  Apparently the service isn't really needed and can be turned off.

 

In an Elevated Command Prompt type:

sc  config   CSVol  start=  demand

Hit Enter.  That changes the service start from Automatic to on demand. 

 

 

I hoped the SFC would fix this:

 

Date: 2018-06-02 12:40:36.192
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 

 

 

but it didn't.  Let's let FRST check the file versions on your PC.

 

Start up FRST but don't hit SCAN.  Instead put

sxs.dll

in the Search Box and then Search Files.  You should get one file.  Please post it.

 

Are you still getting Russian Ads?


  • 0

#7
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Thus far the coin miner is no longer being reported by Eset Nod antivirus and I do not see the Russian results in a browser search, I am using the Epic browser by the way.

 

Here are the results from the requested FRST scan:

 

Farbar Recovery Scan Tool (x64) Version: 02.06.2018
Ran by SkyNet (02-06-2018 19:54:05)
Running from C:\Users\SkyNet\Desktop
Boot Mode: Normal
 
================== Search Files: "sxs.dll" =============
 
C:\Windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_b0540607b5e5d445\sxs.dll
[2010-11-20 17:24][2010-11-20 17:24] 000380416 _____ (Microsoft Corporation) 919001D2BB17DF06CA3F8AC16AD039F6 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_0c72a18b6e43457b\sxs.dll
[2010-11-20 17:24][2010-11-20 17:24] 000582656 _____ (Microsoft Corporation) 9CEAD32E79A62150FE9F8557E58E008B [File is digitally signed]
 
C:\Windows\SysWOW64\sxs.dll
[2010-11-20 17:24][2010-11-20 17:24] 000380416 _____ (Microsoft Corporation) 919001D2BB17DF06CA3F8AC16AD039F6 [File is digitally signed]
 
C:\Windows\System32\sxs.dll
[2010-11-20 17:24][2010-11-20 17:24] 000582656 _____ (Microsoft Corporation) 9CEAD32E79A62150FE9F8557E58E008B [File is digitally signed]
 
 
====== End of Search ======

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

I had a typo on the last fixlist so it didn't remove one entry.  Plus even tho sxs.dll seems to be the correct one I want to try replacing it with its backup.  Perhaps that will make Windows happy.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   688bytes   25 downloads

Run FRST and press Fix (System will reboot)
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#9
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Okay here is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by SkyNet (03-06-2018 12:15:07) Run:2
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe [0 2018-06-02] ()
Replace: C:\Windows\winsxs\amd64_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_0c72a18b6e43457b\sxs.dll C:\Windows\System32\sxs.dll 
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\diskdriver" => removed successfully
C:\Windows\System32\sxs.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-sxs_31bf3856ad364e35_6.1.7601.17514_none_0c72a18b6e43457b\sxs.dll copied successfully to C:\Windows\System32\sxs.dll
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:15:24 ====
 
 
FRST Log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by SkyNet (administrator) on SKYNET-SYSTEMS (03-06-2018 12:20:49)
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\DFDWiz.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINBE.EXE
(Epic Privacy Browser) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\bin\rubyw.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(hxxp://www.ruby-lang.org/) C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-05-18] (Epic Privacy Browser)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\MountPoints2: {e08f94a0-81e1-11e7-9180-7c5cf8efb1df} - O:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe ()
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{0106C499-AACA-48BE-AF96-B40332427A56}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{7D8893E0-C1FA-44BA-B6A2-3CD6574C780F}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{AC203D52-C6E6-42A8-AD7B-233D446FD834}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{BDF7F6CA-FCE0-463B-8573-872A301D511B}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C3273B72-6137-46B4-B56D-6577F37FD1CE}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050004005_1.13.424807.562_u_hp
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5 [2018-06-03] [Legacy] [not signed]
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default [2018-05-18]
CHR Extension: (YouTube) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Adblock Plus) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (Google Search) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-04-18]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24]
CHR Extension: (uBlock) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-05-12]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-10]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-05-21] (Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249312 2017-12-20] (DTS, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183568 2017-06-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2012-04-18] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2016-07-12] (Advanced Micro Devices Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2016-07-12] (IVT Corporation.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1560552 2017-12-20] (Motorola Solutions, Inc.)
S3 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-12] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [206344 2017-12-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-05-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-06-03] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94328 2018-06-03] (Malwarebytes)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3427848 2017-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-20] (NVIDIA Corporation)
S3 Revoflt; C:\Windows\SysWOW64\DRIVERS\revoflt.sys [40240 2016-12-21] (VS Revo Group)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-03 12:20 - 2018-06-03 12:21 - 000026988 _____ C:\Users\SkyNet\Desktop\FRST.txt
2018-06-03 12:15 - 2018-06-03 12:15 - 000001173 _____ C:\Users\SkyNet\Desktop\Fixlog.txt
2018-06-03 12:14 - 2018-06-03 12:14 - 000000000 ____D C:\Users\SkyNet\Desktop\FRST-OlderVersion
2018-06-02 14:53 - 2018-06-02 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2018-06-02 14:53 - 2018-06-02 14:53 - 000000000 ____D C:\Program Files (x86)\DiskCheckup
2018-06-02 13:02 - 2018-06-03 12:14 - 000000000 ____D C:\Users\SkyNet\Desktop\New folder
2018-06-02 12:56 - 2018-06-02 12:58 - 000001074 _____ C:\VEW.txt
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\windfn.exe
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\StartupCheckLibrary.dll
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\diskdriver.exe
2018-06-02 05:51 - 2018-06-02 05:51 - 000061440 _____ ( ) C:\Users\SkyNet\Desktop\VEW.exe
2018-06-01 20:04 - 2018-06-01 20:04 - 000000000 ____D C:\Users\SkyNet\Desktop\save3dmgames
2018-06-01 17:20 - 2018-06-03 12:14 - 002413056 _____ (Farbar) C:\Users\SkyNet\Desktop\FRST64.exe
2018-05-30 17:01 - 2018-06-03 12:18 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-30 17:01 - 2018-06-03 12:18 - 000094328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-05-30 17:01 - 2018-06-03 12:18 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 17:01 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 16:35 - 2018-06-03 12:20 - 000000000 ____D C:\FRST
2018-05-30 16:34 - 2018-05-30 16:34 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-28 15:54 - 2018-05-28 15:54 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-28 13:12 - 2018-05-28 13:12 - 000000000 ____D C:\Program Files\ESET
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 __SHD C:\ProgramData\DSS
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\Users\SkyNet\Documents\EA Games
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 17:47 - 2018-05-27 17:47 - 015211584 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006463128 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006270152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006105024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 17:47 - 2018-05-27 17:47 - 005938872 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005593576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003571504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003410288 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003299776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003145872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002992144 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002190944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001591016 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001382200 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001242440 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001154912 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001105920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001009544 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001003816 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000986960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000973568 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000899488 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000604752 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000441224 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000392832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000366080 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000315936 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000278232 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000166160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000075504 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 17:46 - 2018-05-27 17:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 17:46 - 2018-05-27 17:46 - 015464151 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 17:46 - 2018-05-27 17:46 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 17:42 - 2018-05-27 17:42 - 000226280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 17:42 - 2018-05-27 17:42 - 000046064 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:40 - 2018-05-27 17:41 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:40 - 2018-05-27 17:40 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 038468128 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 031271232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 030741024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 025984920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 020264848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 019009672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 017776824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 016973216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 17:40 - 2018-05-27 17:40 - 015619736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 015189168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 004046088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003962272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003495000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001561536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001417304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001215424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001091616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000182776 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-27 13:45 - 2015-07-18 03:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:32 - 2018-04-29 05:27 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2018-05-27 13:32 - 2018-01-28 13:09 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2018-05-25 17:06 - 2018-05-25 17:06 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\EasyAntiCheat
2018-05-23 11:53 - 2018-05-23 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-21 07:06 - 2018-05-21 07:06 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-05-21 07:06 - 2018-05-21 07:06 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-05-21 07:06 - 2018-05-21 07:06 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-05-18 16:07 - 2018-05-18 16:08 - 000000000 ____D C:\Users\SkyNet\Documents\Flight Simulator X Files
2018-05-18 09:50 - 2018-05-18 09:50 - 000002384 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
2018-05-18 09:49 - 2018-05-18 09:50 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Epic Privacy Browser
2018-05-18 09:49 - 2018-05-18 09:49 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Users\SkyNet\AppData\Local\bunkus.org
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix 23
2018-05-09 21:22 - 2018-05-09 21:22 - 000000000 ____D C:\Program Files\MKVToolNix 23
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake Nightly
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\HandBrake
2018-05-09 20:58 - 2018-05-09 20:58 - 000000000 ____D C:\Program Files\HandBrake Nightly
2018-05-09 20:56 - 2018-05-09 20:56 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2018-05-09 20:56 - 2018-05-09 20:56 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2018-05-09 19:01 - 2018-05-09 19:01 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 5
2018-05-09 18:57 - 2018-05-09 18:57 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\iDealshare VideoGo 6
2018-05-09 12:02 - 2018-05-09 12:02 - 000000000 _____ C:\Windows\system32\dir
2018-05-07 19:05 - 2018-05-07 19:06 - 000000000 ____D C:\ffmpeg
2018-05-06 16:15 - 2018-05-19 09:32 - 000000000 ____D C:\Users\SkyNet\Desktop\100NCD90
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\mkvtoolnix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
2018-05-04 08:03 - 2018-05-04 08:03 - 000000000 ____D C:\Program Files (x86)\MKVToolNix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-03 12:20 - 2015-12-24 08:31 - 000000000 ___RD C:\Users\SkyNet\Dropbox
2018-06-03 12:17 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-03 12:17 - 2009-07-13 19:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-03 12:15 - 2015-12-29 09:36 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\DMCache
2018-06-03 12:15 - 2009-07-13 19:13 - 000794582 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-03 12:15 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-03 12:15 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-03 12:15 - 2009-07-13 17:20 - 000000000 ____D C:\Windows\inf
2018-06-03 12:14 - 2015-12-24 08:48 - 000000000 ____D C:\Incoming
2018-06-02 22:01 - 2015-12-23 21:32 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\tixati
2018-06-02 12:49 - 2009-07-13 17:20 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-06-01 21:45 - 2017-03-18 17:08 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Fallout4
2018-06-01 20:07 - 2016-10-26 17:45 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\ProgramData\XLN Audio
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\Program Files\XLN Audio
2018-05-31 19:20 - 2018-01-27 17:39 - 000000000 ____D C:\Users\SkyNet\Documents\XLN Online Installer
2018-05-31 18:40 - 2015-12-23 20:04 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-31 18:40 - 2015-12-23 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-31 18:40 - 2015-12-23 19:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 15:50 - 2015-12-23 20:23 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-05-30 17:01 - 2015-12-24 08:10 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-29 17:22 - 2017-01-12 18:28 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CrashDumps
2018-05-29 17:21 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-29 08:49 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\brave
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files\Rockstar Games
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-05-27 17:50 - 2016-04-13 11:05 - 000000398 __RSH C:\ProgramData\ntuser.pol
2018-05-27 17:49 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-27 17:47 - 2016-12-24 19:51 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 17:47 - 2016-10-10 16:36 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 17:47 - 2016-10-10 11:32 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 17:42 - 2017-01-11 19:04 - 001688104 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-27 17:40 - 2017-01-12 19:12 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 023241960 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 004573960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-27 17:30 - 2016-07-12 16:43 - 000000000 ____D C:\ProgramData\ProductData
2018-05-27 17:29 - 2016-10-10 16:46 - 000002900 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SkyNet)
2018-05-27 13:45 - 2015-12-23 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 17:07 - 2015-12-28 17:56 - 000000000 ____D C:\Users\SkyNet\Documents\My Games
2018-05-24 13:53 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Local\brave
2018-05-23 11:53 - 2015-12-24 08:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-20 12:54 - 2016-07-12 12:45 - 000000000 ____D C:\Users\SkyNet\AppData\Local\ElevatedDiagnostics
2018-05-19 22:14 - 2016-07-05 18:12 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CAPCOM
2018-05-18 16:17 - 2015-12-24 08:29 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 16:17 - 2015-12-24 08:29 - 000003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 16:12 - 2016-10-10 11:58 - 000416816 _____ C:\Users\SkyNet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-05-18 16:11 - 2009-07-13 18:45 - 005920168 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-18 16:07 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-18 16:02 - 2016-10-23 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2018-05-17 09:02 - 2015-12-23 09:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-16 18:37 - 2015-12-23 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 18:37 - 2015-12-23 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-16 14:26 - 2018-05-02 22:08 - 000011776 _____ C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-15 18:38 - 2017-05-16 11:32 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-05-15 18:38 - 2017-05-16 11:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 20:18 - 2017-12-21 19:01 - 000000000 ____D C:\Users\SkyNet\Documents\Manuals
2018-05-14 20:18 - 2016-10-18 22:37 - 000000000 ____D C:\Users\SkyNet\Documents\PDFs
2018-05-09 20:54 - 2016-10-10 11:34 - 000786820 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-05-07 09:16 - 2017-01-12 19:13 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-07 09:15 - 2017-01-11 19:05 - 005947976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 001767552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000634952 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000450856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000124384 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-07 09:15 - 2017-01-11 19:05 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
 
==================== Files in the root of some directories =======
 
2017-05-06 17:54 - 2017-05-06 17:54 - 000000087 _____ () C:\Users\SkyNet\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-01-12 21:12 - 2018-01-12 21:12 - 000000171 _____ () C:\Users\SkyNet\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-01-12 21:12 - 2018-01-12 21:12 - 000000304 _____ () C:\Users\SkyNet\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-01-12 21:12 - 2018-01-12 21:12 - 000000175 _____ () C:\Users\SkyNet\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-01-26 17:41 - 2017-01-26 17:42 - 000001456 _____ () C:\Users\SkyNet\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-02 22:08 - 2018-05-16 14:26 - 000011776 _____ () C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ () C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2017-03-02 21:07 - 2017-03-02 21:07 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{86098965-5FBF-4491-9F48-24AD67142EBD}
2017-01-14 12:42 - 2017-01-14 12:42 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{F371B246-82C8-4076-8EF4-244595164BBE}
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\diskdriver.exe
C:\Windows\System32\StartupCheckLibrary.dll
C:\Windows\System32\windfn.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-28 16:30
 
==================== End of FRST.txt ============================
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by SkyNet (03-06-2018 12:21:19)
Running from C:\Users\SkyNet\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-10 21:58:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-407761387-3444271927-348064540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-407761387-3444271927-348064540-1006 - Limited - Enabled)
Guest (S-1-5-21-407761387-3444271927-348064540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-407761387-3444271927-348064540-1008 - Limited - Enabled)
SkyNet (S-1-5-21-407761387-3444271927-348064540-1000 - Administrator - Enabled) => C:\Users\SkyNet
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
300 Modpack 2.1 (HKLM-x32\...\300 Modpack 2.1) (Version:  - )
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\Aliens vs. Predator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Brave) (Version: 0.22.721 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Crysis version 1.21.0.0 (HKLM-x32\...\Crysis_is1) (Version: 1.21.0.0 - Mr DJ)
Crysis Warhead version 1.1.0.0 (HKLM-x32\...\Crysis Warhead_is1) (Version: 1.1.0.0 - Mr DJ)
CRYZENX 1.00 (HKLM-x32\...\CRYZENX 1.00) (Version:  - )
Dirt.4.v1.04-ENG.repack version 1.04 (HKLM-x32\...\{32FFCB8E-23C9-435F-AFC0-7CE64F696FC2}}_is1) (Version: 1.04 - Ali213.net)
Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.)
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 50.4.71 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epic Privacy Browser (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Hawaiian HI Fonts (HKLM\...\{9128B5D4-6CB4-4090-A09B-D4CF850AD5A1}) (Version: 1.0.3.40 - Hale Kuamoo, University of Hawaii at Hilo)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Ignition (HKLM\...\{50DC22E6-B3C7-4C24-B96C-2939DB5AC0D9}) (Version: 1.50.20324.4505 - Powerteq) Hidden
Ignition (HKLM-x32\...\{e44b92d0-30d5-49aa-950e-a01e2fce0811}) (Version: 1.50.20324.4505 - Powerteq)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth®(patch version 17.1.1531.1764) (HKLM\...\{302600C1-6BDF-4FD1-1507-148929CC1385}) (Version: 17.1.1507.0532 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Klingon Academy (HKLM-x32\...\Klingon Academy) (Version:  - )
K-Lite Codec Pack 14.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.0 - KLCP)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MKVToolNix 23.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 23.0.0 - Moritz Bunkus)
Mojo Jojo's Pet Project (HKLM-x32\...\{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}) (Version:  - )
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM-x32\...\Revo Uninstaller Pro 3.2.0) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Sniper - Ghost Warrior 2 — Repacked by R.G. Revenants (HKLM-x32\...\Sniper - Ghost Warrior 2_R.G. Revenants) (Version: 3.4.1.4621 - City Interactive)
SolveigMM AVI Trimmer+ version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.1 - Aspyr)
STAR WARS® - Knights of the Old Republic™ II - The Sith Lords (HKLM-x32\...\1421404581_is1) (Version: 2.0.0.2 - GOG.com)
Subtitle Edit 3.3.5 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.5.1862 - Nikse)
TagScanner 6.0.27 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos version 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider GOTY version 1.1.748.0 (HKLM-x32\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
VidCoder 2.31 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 2.31 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World in Conflict (HKLM-x32\...\World in Conflict) (Version: 1.011 - Ubisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-05-21] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-14] (VS Revo Group)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {44F446AE-529D-481A-BB08-A900F3A53B41} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: {574D6353-DED6-45DC-BD0C-0D75768F3630} - System32\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-10-13] ()
Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit)
Task: {79C655A7-B86E-480A-A906-6D51938C93AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {B4501B30-6D73-49B8-9145-05858DA45F6E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {BBCD4906-AD2E-4AC3-AF14-89B0ABC94F44} - System32\Tasks\AdobeGCInvoker-1.0-SKYNET-SYSTEMS-SkyNet => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {BE763E74-85F7-4612-B459-06BD2D5EB115} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CE3C1698-CD65-49E2-AB60-D2231AA5D0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {DCA0EAAC-887C-433D-BDEB-13FAA45979E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E3942701-4DA4-446F-A47A-4884A026C1B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {F839542E-ABE6-4270-A40A-8DC32F621586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-20 12:45 - 2016-10-13 13:57 - 007711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2013-03-28 22:31 - 2013-03-28 22:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-23 14:55 - 2016-11-15 07:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-01-11 19:06 - 2016-08-25 13:28 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2015-12-24 08:31 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2018-05-30 17:01 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-30 17:01 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-03-20 12:45 - 2016-10-13 13:57 - 000190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-03-20 12:45 - 2016-10-13 13:57 - 000144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-01-09 18:08 - 2016-11-17 22:14 - 000730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-09 18:08 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-09 18:08 - 2016-11-17 22:12 - 000237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2013-09-17 00:58 - 2013-09-17 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-01-09 18:08 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-09 18:08 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-09 18:08 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-24 08:31 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 000847688 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-05-23 11:53 - 2018-05-21 07:06 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-24 08:30 - 2018-05-21 07:05 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-24 08:30 - 2018-05-21 07:09 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 18:18 - 2018-05-21 07:10 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 10:59 - 2018-05-21 07:05 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 12:35 - 2018-05-21 07:10 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 15:33 - 2018-05-21 07:09 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-24 08:30 - 2018-05-21 07:10 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-05-23 11:53 - 2018-05-21 07:05 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:01 - 2018-05-21 07:10 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 09:53 - 2018-05-21 07:10 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-24 08:30 - 2018-05-21 07:05 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 19:36 - 2018-05-21 07:10 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-23 11:53 - 2018-05-21 07:06 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:36 - 2018-05-21 07:10 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 14:11 - 2018-05-21 07:09 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-05-23 11:53 - 2018-05-21 07:08 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 18:18 - 2018-05-21 07:10 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-05-23 11:53 - 2018-05-21 07:08 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-05-23 11:53 - 2018-05-21 07:09 - 000038216 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2018-06-03 12:17 - 2018-06-03 12:17 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\src\rgloader\rgloader193.mswin.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\bin\libffi-6.dll
2018-06-03 12:17 - 2018-06-03 12:17 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-03 12:17 - 2018-06-03 12:17 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-03 12:17 - 2018-06-03 12:18 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocr61AE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000012800 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000009728 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000014848 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\src\rgloader\rgloader193.mswin.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000094208 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000118784 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000069120 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000083968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\bin\zlib1.dll
2018-06-03 12:18 - 2018-06-03 12:18 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000275968 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000015360 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000008192 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000009216 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000023552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000008704 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000036352 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000126976 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000087552 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000016384 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000127316 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\bin\libffi-6.dll
2018-06-03 12:18 - 2018-06-03 12:18 - 000013312 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000095744 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2018-06-03 12:18 - 2018-06-03 12:18 - 000026624 _____ () C:\Users\SkyNet\AppData\Local\Temp\ocrC2B2.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-10-13 13:57 - 2016-10-13 13:57 - 000939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-10-13 13:57 - 2016-10-13 13:57 - 003115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2015-12-23 20:04 - 2018-06-03 12:19 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-23 20:04 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-25 23:50 - 2018-01-12 11:15 - 000001298 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FB7C27F5-BB80-4ED8-A52E-F204BD37C316}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{9542AAF1-188F-4C71-861A-E752ABC11CFA}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{1CCE33FB-AEEA-4ED8-AF19-C2B396B5D814}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{E1342536-15D0-452F-8FF9-EF3578728F2D}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{5175D9CD-A3FD-4EF4-A80D-AA46C01BD890}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6E5EF3EA-31F2-402C-B458-BB016DB34BB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{B378563C-33B4-49E2-912D-D7C231DB1E6F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{AE11614C-C137-4DF6-86D1-F4C76816BD63}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{0452BC5E-4D0C-43D9-9A5E-28F4028CBAF1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{0ADE0E85-BFE0-482B-A20A-4887E9751D9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{F616906F-6237-47D8-A0C5-AF3BA54D97E4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{99C0B5F5-7B51-4D07-A8D2-0AE91146DB40}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{B0C5662F-C649-4A36-8792-48537527A83C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{141273CE-5FDD-402E-B222-9E13759563E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{35A350FD-94D7-4440-AAD5-82F0C4ACA246}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{8C3DE5BB-FF61-4E70-9A47-8F85DEE903AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{007968BD-260C-4DCE-8A9F-1EA6AF72400E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5685863-D18B-4099-820C-F472BF3D84CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{96E7BE0E-D304-403C-A275-5DCA2FB0302B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{941F3F54-2BD5-4E85-BD36-7BEA0B435FF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDE5C324-684C-4E79-B3BB-C08BBB124967}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{959BB1F3-A68E-4E0E-A5F2-1DEEB86CC41C}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59D8FE2C-0564-4023-8C40-102475C74732}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8D54B22B-A954-496F-901D-9C08FC8A0D19}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{079FC4F4-FAD0-4813-8938-95AC8E0DE885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0628F2CA-7F4B-4A6C-ABAB-E88127310AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1749864-6003-46D3-B48D-FA91635A074D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27FBBF6F-8789-44F7-AF44-DDB719F236E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D796CF0-0B6B-4123-9EE5-FB3045FDEFB1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{C2106B5E-D166-4C23-A572-00D2114EAF76}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{9DA04F3C-ADD7-4DE9-B271-60981EC6B6A2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{011BAD99-FD9F-4C9D-932A-C3FD26172956}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{C9417F31-5112-40C5-9643-CFB0F537EAA9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{881B987B-391D-4938-B34E-E74A2D2CBE2A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8D8F7100-8302-4698-A5C6-0EF070A51474}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8678EAE2-2D5F-45E6-9E2C-DB644A80DF28}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{2CC957B7-C991-4E8B-B4A4-3B023D395393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [TCP Query User{BE7382CB-95AE-429A-821A-60400273278C}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [UDP Query User{0044A1D1-3464-42E8-B96E-9BAD626BC7CC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [TCP Query User{5F9A971F-F2B5-47FB-94CB-2E3C972A5242}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [UDP Query User{2292E954-049F-4D9F-8F1B-4D3B6D27CC33}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A33F7BB0-D522-4AE5-8DC5-822325B276C9}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{E00F54FA-48A5-4A6D-AA1C-8464791B6010}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A895B6AE-F13E-4174-A79E-FD8347F917CA}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{35730279-BF13-4671-8E81-82A1CCB63E1C}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{B7D557E8-EF05-4895-9868-C2BE5DEAA4E6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D91D1AE7-F21D-426C-83D1-AB43FEBC5502}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{0DA2D116-B31F-44F4-96BC-D5BCCB9D8296}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B50FF09C-5F9A-47E9-92F3-166A2CFC1570}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BFB25B55-7634-4A79-9B85-238CBDB85E50}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [UDP Query User{D02F7EB6-3E5C-4E37-8347-6FBDAF3D6096}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{35AECB37-E4C5-4F08-B6BE-A6AFF2AA660D}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{E6656235-82B1-4D03-A36F-29703812A191}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{D0A6F404-E401-460D-8761-283D847FB16C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F5A48009-9391-4A75-82E0-64C42C095BDA}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{E9AA2D51-8AF4-49CF-92EC-EAB695FE018B}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F6F0223E-E183-4BFC-9720-E2B9C1867171}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{169B5F1A-E12A-4DD4-9B61-5EAF08F0313C}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{564BABF5-3AC7-49A0-B215-14B7DC093BA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0575828A-DA83-4013-94FE-52C030651860}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{388BDF3E-E23C-4484-8E2B-0AAFDEB573C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F7CBCA-974E-4DEE-97FA-7AF1D6043384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C4D4BA-DC5D-415E-81C0-4C38D08EA927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D229850E-8137-47F5-8B6D-6BA99B5728B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1672625E-8396-4437-AFA1-2544812F7448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{561E2E6D-9290-4365-8807-BAC94A32B0CE}] => (Allow) LPort=2869
FirewallRules: [{6ED08D25-6A52-4ECD-9CEF-889328ED4F63}] => (Allow) LPort=1900
FirewallRules: [{00F530C6-AE3A-442C-962D-CC9C8C54085C}] => (Allow) LPort=2869
FirewallRules: [{60031D35-ED6F-49C7-97A7-58F109F7534D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9F8DFD05-4F5B-4ED3-9C99-5528A983C57A}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{AA747C07-FD9B-4589-A2A3-9DFE290EAE7F}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [{8B8D43CC-23C4-4883-9A76-889CBAD0B7C8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{AE899E63-7251-4A22-9243-2B18B09C5785}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{287CFD38-8173-4AF5-8A11-32591DCC48A2}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C342F57F-EDB6-42F1-9BE3-E86F57FF46C9}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{77EE1476-DCB7-4A85-A781-1B6E945C05A9}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{6773DDC3-60BD-49A5-B978-81AE305A348B}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{3A8B1383-5526-44B4-8314-B01CB83DD6F2}] => (Block) LPort=445
FirewallRules: [{3CAA6FC2-FA59-40FF-AD08-369F2AEC17B4}] => (Block) LPort=445
FirewallRules: [{43DD8E92-1050-4FEF-AE3B-46C92AC691AC}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{381B961A-83D5-42ED-AD65-C80A4FBCF5EB}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{4908AA1F-EC3F-42DD-8A96-F114ED067D2A}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [UDP Query User{8C50542A-44EE-4306-A90D-93AB8DB8B74B}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{834AD21D-8A0E-42A9-874E-2F96D2691D57}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{69AC1BDD-9F1D-4CF0-9EFD-7703A250A674}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{A5DE2541-A865-4489-835B-F7152B3E8DAB}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{97625A2F-03C2-4658-9704-4639321E880A}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{1E29B81A-BD2E-49AF-A713-F2C0B358D9B2}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{F02C1FE6-8E5E-47FE-921E-00192642F714}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [TCP Query User{C40DCABF-7228-4B5B-92CB-30E629DB7F9E}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{9D0D49D9-32A3-4EAC-B64B-B21DC60B4156}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{F5A98A22-AB34-4F42-8722-0664C26CC0D8}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{C1700217-77DD-4025-BDAC-361288581F78}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{4665A9A8-260F-4AAE-AFA9-79334C1FF388}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [{BBC7C6C9-A363-4950-897A-BD192F1EE47E}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [TCP Query User{92078F10-6042-4519-B1B4-26BBFD9ACEF5}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{F1C038E9-0383-460F-84B2-77C4D534DD9E}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{4D561CC5-30A1-4E9E-96E2-F3EAF3DD9AAC}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{DC245F4A-3DC3-40CE-AFD2-9DD7026F5F6C}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{0F417FB7-9F17-410B-8960-4DE17AAEB626}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{D55F24A3-EB8B-42FB-8771-31FD56C0F857}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{284784CA-48D1-4BF7-A81A-529C35A052E9}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [{BDBC5E1C-0C1A-4ABA-B5EB-82B0D54465F4}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [TCP Query User{956666EC-7408-4005-97D3-4458F7A6535D}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [UDP Query User{6ED08CF2-2311-4CD9-B003-D9C78C3B03DD}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [{D732A50E-88AA-44B8-BE55-964BD4FB659D}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [{96AE1DED-8908-42B2-B433-90732895E166}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [TCP Query User{16514BDC-2796-487A-B1A2-1F687775A690}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [UDP Query User{9839D3C7-6CF6-469E-B71C-4EE3D491B333}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [{C9692BB1-278C-4FA9-B181-A5A8A1EC8927}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [{ED308862-E600-48A2-9A93-932A8CBE1A6D}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [TCP Query User{E0C34252-11D0-4CA7-8ED0-A48B8C2CF3BA}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [UDP Query User{A097959E-765B-49CD-9205-08A0DF668759}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [{4987A6DB-1650-4C11-B488-3FCD3282BB10}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [{6F2A6423-539B-4DD6-AB5A-D77A7A51A8C9}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [TCP Query User{090E6C1D-3F2A-439A-A8C7-2D049A9E59CE}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{43D41ECF-63AC-4D38-8A66-DFDDC6CEDEA2}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{FC3CDEA3-8B96-4847-A0A5-05A8D06BDC90}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{8A01975A-BDC8-4198-8AD6-5762D3D6144A}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BA0CC5F1-8891-4784-8727-FDD6FEFE9A72}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{AF5F8BA9-B4C3-4FBB-AF81-DABB907CF037}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{DE486E41-348B-4867-AD4C-AF539F02A5D3}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{47D0FEEA-A4FC-4D1C-9286-7443E5F0AC10}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9C468828-A775-4BD6-9D0C-A062C8A68FED}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{298F078E-DF83-4D6E-BE6F-1F3B0EBEADFD}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{77086B90-99CE-4C7B-99C7-C92B46989ADA}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{F21326C8-627D-4C0D-AA15-F8313BCA9942}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{57AD44DC-9194-42C2-8492-DF0F6A5A785D}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{50C77D90-6314-46DA-922D-1BA9A5199B11}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{11AE5B51-3D43-4137-AB1E-B5DBAE22B266}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{A1437E5F-4A3D-494B-B95F-EE3917147B2F}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{15BFE731-6C42-426C-817A-A1AB2670C275}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{023B99DE-D2C5-4E0F-83BC-14E91FDE9421}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [{C1737EC2-E06B-4CB0-9CBD-E92C68D36362}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{55428380-F572-4B81-B89F-65C7CBF7A512}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{08C66253-AB20-4EEB-A2AE-3F41D0AB9EC0}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{0668A9A4-816F-45FC-8FF2-077C44C8A428}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [TCP Query User{84E28F8B-CA08-4DC8-BB8A-9DF711280C7B}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [UDP Query User{ABC15052-4E47-460E-85CC-248154B9CECA}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [TCP Query User{D35B6580-F1D8-4196-B6F3-DAED0186E7DC}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{F2E0036E-6785-46F5-AA59-A5C0DCBA15B9}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{C28438FE-5764-4FA6-865A-ECBA98BCC0CF}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{AE9A1FCC-2806-47B6-A412-EB50EB01E56C}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{911084A3-0070-4ADE-A49C-2931D8126CE9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A60088F-03B3-4F02-8568-BAEA4680A035}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{738E9E66-F20A-4847-B8DC-90CFC2B47F73}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9AFC4B02-19C5-49F9-888C-950953E2716B}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [UDP Query User{EEC425FC-0A96-45D3-9BF4-83988C9E2B0F}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [{EA7E1592-153E-46ED-A2DA-2D899B0EE5E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{31E324FA-D15E-4110-AAB6-DDA46C525E86}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
01-06-2018 20:04:26 Revo Uninstaller Pro's restore point - Far Cry 4 version 1.10.0.0
01-06-2018 20:39:43 Revo Uninstaller Pro's restore point - Far Cry 4 version 1.10.0.0
02-06-2018 20:00:59 Revo Uninstaller Pro's restore point - Call of Duty: Ghosts Update 3
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2018 12:17:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (06/03/2018 12:20:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/03/2018 12:20:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/03/2018 12:18:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/03/2018 12:18:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/03/2018 12:18:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/03/2018 12:18:01 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-03 12:17:52.476
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 20%
Total physical RAM: 16283.5 MB
Available physical RAM: 12867.43 MB
Total Virtual: 32565.19 MB
Available Virtual: 28517.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:190.63 GB) NTFS
Drive f: (Mars) (Fixed) (Total:465.76 GB) (Free:381.77 GB) NTFS
Drive g: (Pluto) (Fixed) (Total:200 GB) (Free:107.83 GB) NTFS
Drive h: (Hoth) (Fixed) (Total:931.51 GB) (Free:367.82 GB) NTFS
Drive i: (Saturn) (Fixed) (Total:1062.89 GB) (Free:200.65 GB) NTFS
Drive o: (T-600 GOLD) (Removable) (Total:14.87 GB) (Free:14.19 GB) FAT32
Drive q: (Ryloth) (Fixed) (Total:1953.12 GB) (Free:1718.23 GB) NTFS
Drive r: (Scarif) (Fixed) (Total:1772.77 GB) (Free:583.87 GB) NTFS
Drive s: (Mercury) (Fixed) (Total:600 GB) (Free:57.37 GB) NTFS
 
\\?\Volume{92252ac3-a9cc-11e5-aced-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6C2710D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D7729B52)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
 
==================== End of Addition.txt ============================
 

  • 0

#10
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Something has been causing this computer to not boot correctly since this all began.

The computer will stop at this screen, see attached image, and will not boot until I hit F1 and select "Discard Changes and Exit"
Also, Windows now spits out prompts indicating that there may be a hard drive failing.
Is this why Windows won't boot correctly or is it related to the coinminer/diskdriver infection or possibly the scans to fix the PC?
The hard drive in question is not the one that Windows boots from but rather a drive simply reserved for games.
 
Thank you.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

OK.  The fix got rid of the last visible sign of your coin miner

"Discard Changes and Exit" isn't a Windows error.  Sounds like something the BIOS would do.  Don't see your attached image. 

Try going into you BIOS/CMOS setup.  See if it looks like what you are seeing.  Could just be your 3.3v battery that powers your CMOS is weak.  (If it has such a battery.)  Or perhaps the key that brings up the BIOS is stuck.

 

We can let Speccy look at your hard drives to see if they are failing.

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#12
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Sorry, here is the image for the previous reply.

20180603_120850 (1).jpg

 

Also included is the results from the Speccy scan.

Attached Files


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

The Seagate drive is going bad. 
 

 

ST310005 28AS SATA Disk Device
                    Manufacturer    Seagate
                    Form Factor    3.5"
                    Heads    16
                    Cylinders    121,601
                    Tracks    31,008,255
                    Sectors    1,953,520,065
                    SATA type    SATA-II 3.0Gb/s
                    Device type    Fixed
                    ATA Standard    ATA8-ACS
                    Serial Number    5VP7CN3F
                    Firmware Version Number    CC44
                    LBA Size    48-bit LBA
                    Power On Count    5172 times
                    Power On Time    1311.6 days
                    Speed    7200 RPM
                    Features    S.M.A.R.T., NCQ
                    Max. Transfer Mode    SATA II 3.0Gb/s
                    Used Transfer Mode    SATA II 3.0Gb/s
                    Interface    SATA
                    Capacity    931 GB
                    Real size    1,000,204,886,016 bytes
                    RAID Type    None
                        S.M.A.R.T
                            Status    Bad
                            Temperature    32 °C
                            Temperature Range    OK (less than 50 °C)
                                S.M.A.R.T attributes
                                        01
                                            Attribute name    Read Error Rate
                                            Real value    0
                                            Current    109
                                            Worst    98
                                            Threshold    6
                                            Raw Value    000140970F
                                            Status    Good
                                        03
                                            Attribute name    Spin-Up Time
                                            Real value    0 ms
                                            Current    95
                                            Worst    95
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        04
                                            Attribute name    Start/Stop Count
                                            Real value    5,169
                                            Current    95
                                            Worst    95
                                            Threshold    20
                                            Raw Value    0000001431
                                            Status    Good
                                        05
                                            Attribute name    Reallocated Sectors Count
                                            Real value    3,165
                                            Current    23
                                            Worst    23
                                            Threshold    36
                                            Raw Value    0000000C5D
                                            Status    Bad

                                        07
                                            Attribute name    Seek Error Rate
                                            Real value    0
                                            Current    87
                                            Worst    60
                                            Threshold    30
                                            Raw Value    001E4C6DAD
                                            Status    Good
                                        09
                                            Attribute name    Power-On Hours (POH)
                                            Real value    1311d 14h
                                            Current    65
                                            Worst    65
                                            Threshold    0
                                            Raw Value    0000007AF6
                                            Status    Good
                                        0A
                                            Attribute name    Spin Retry Count
                                            Real value    0
                                            Current    100
                                            Worst    100
                                            Threshold    97
                                            Raw Value    0000000000
                                            Status    Good
                                        0C
                                            Attribute name    Device Power Cycle Count
                                            Real value    5,172
                                            Current    95
                                            Worst    95
                                            Threshold    20
                                            Raw Value    0000001434
                                            Status    Good
                                        B7
                                            Attribute name    SATA Downshift Error Count
                                            Real value    0
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        B8
                                            Attribute name    End-to-End error / IOEDC
                                            Real value    0
                                            Current    100
                                            Worst    100
                                            Threshold    99
                                            Raw Value    0000000000
                                            Status    Good
                                        BB
                                            Attribute name    Reported Uncorrectable Errors
                                            Real value    56
                                            Current    44
                                            Worst    44
                                            Threshold    0
                                            Raw Value    0000000038
                                            Status    Good

                                        BC
                                            Attribute name    Command Timeout
                                            Real value    4,295,032,839
                                            Current    100
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000010007
                                            Status    Good

                                        BD
                                            Attribute name    High Fly Writes (WDC)
                                            Real value    1
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000000001
                                            Status    Good
                                        BE
                                            Attribute name    Airflow Temperature
                                            Real value    32 °C
                                            Current    68
                                            Worst    52
                                            Threshold    45
                                            Raw Value    0021190020
                                            Status    Good
                                        C2
                                            Attribute name    Temperature
                                            Real value    32 °C
                                            Current    32
                                            Worst    48
                                            Threshold    0
                                            Raw Value    0000000020
                                            Status    Good
                                        C3
                                            Attribute name    Hardware ECC Recovered
                                            Real value    0
                                            Current    34
                                            Worst    18
                                            Threshold    0
                                            Raw Value    000140970F
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    67
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000000043
                                            Status    Warning
                                        C6
                                            Attribute name    Uncorrectable Sector Count
                                            Real value    67
                                            Current    99
                                            Worst    99
                                            Threshold    0
                                            Raw Value    0000000043
                                            Status    Warning
                                        C7
                                            Attribute name    UltraDMA CRC Error Count
                                            Real value    0
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000000
                                            Status    Good
                                        F0
                                            Attribute name    Head Flying Hours
                                            Real value    1856d 19h
                                            Current    100
                                            Worst    253
                                            Threshold    0
                                            Raw Value    000000AE13
                                            Status    Good
                                        F1
                                            Attribute name    Total LBAs Written
                                            Real value    2,647,108,114
                                            Current    100
                                            Worst    253
                                            Threshold    0
                                            Raw Value    009DC7AA12
                                            Status    Good
                                        F2
                                            Attribute name    Total LBAs Read
                                            Real value    3,111,607,672
                                            Current    100
                                            Worst    253
                                            Threshold    0
                                            Raw Value    00B9775D78
                                            Status    Good
                        Partition 0
                            Partition ID    Disk #2, Partition #0
                            Disk Letter    H:
                            File System    NTFS
                            Volume Serial Number    52B30D48
                            Size    931 GB
                            Used Space    563 GB (60%)
                            Free Space    367 GB (40%)

 

Reallocated Sectors Count is out of bounds.  There are several others that don't look good.  The drive is failing and needs to be cloned. which is why you are getting the message from the BIOS.   Clone it ASAP as it probably won't last much longer.

 

I would not get another Seagate.  They are junk and never last.  Best choice is a Western Digital Black tho they tend to be a bit more than their Blue (a good drive but with a shorter warranty) but anything is better than a Seagate.  You want a 3.5 SATA 3 drive with at least 1 TB - more is OK but with Win 7 best to stay at 2 TB or less.  You can use the cloning program you can download from your new drive's website or one from Seagate or the free Macrium: https://www.macrium.com/reflectfree Just make sure you are clear on which is the source and which is the destination.


  • 0

#14
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Understood.

The Seagate is an older drive and once it was done I was never going with them again.

I read a report a few years back on a study conducted by Blackblaze concerning failure rates and Seagate was by far the worst of them all.

Anyway, just to clarify, the issue with the PC at startup is due to the failing hard drive correct?

Also, the computer doesn't seem to be exhibiting any of the signs of the coinminer/diskdriver infection.

Are there any further steps that I need to take to complete the infection removal process?

 

Regardless, I just want to say thank you so much for all your help and speedy response.

I do not know how you people look through all them logs and figure this stuff out but you all have saved me numerous times in the past. 

It's been so long since I was here last that I forgot my login information and had to create a new account.

This site is a godsend.


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP
The bad Seagate is definitely the cause of your boot problem.
 
The coin miner had three parts which I suppose made it hard for anti-viruses to remove.  No doubt if one remained it would recreate the other two.
 
There was the standard Run entry:
HKLM\...\Run: [diskdriver] => C:\Windows\system32\diskdriver.exe

 

A service that started automatically:

S2 WinDefendSecurity; C:\Windows\system32\windfn.exe [2218496 2018-05-27] (Microsoft Corporation) [File not signed]

 
and probably the hardest to find a Task:
 
Task: {377718A3-9C49-4F6B-B47E-F4AF82D79B6F} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary
 
Note that it doesn't run a .exe file.  Instead it uses a DLL riding on a standard Windows file and the task itself is buried down in the Microsoft\Windows\Application Experience area.
 
Your PC is still unable to read the sxs.dll file.  This is I think critical for installing new programs so this might be a problem you need to fix.  I would try the
System Update Readiness Tool for Windows 7

This link is for 64 bit:
https://www.microsof...s.aspx?id=20858
Can take a few hours to complete so be patient (or let it run while you sleep)
It leaves a log when done in C:\Windows\Logs\CBS\CheckSUR.log
This is a hidden location so you may need to tell Windows to let you see it:
 

Control Panel, (View By:  Large Icons)  Folder Options, View.

Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK

Please post the log if you can get it to run.
 

  • 0






Similar Topics


Also tagged with one or more of these keywords: coinminer, diskdriver, virus, infection, russian

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP