Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Diskdriver and Win64Coinminer.CZ infection

coinminer diskdriver virus infection russian

  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Oddly enough the sxs.dll error is gone but the one we were trying to get rid of is still with us.

 

Can you uninstall

Private Internet Access v80

 

It seems to be broken anyway:

 

 
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe (No File)

 

 

 

 

You can reinstall a new copy if it's something you need.

 

Then:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.
 


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

Advertisements


#32
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

VEW log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/06/2018 8:31:10 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/06/2018 6:29:49 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 12/06/2018 6:29:48 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 12/06/2018 6:28:56 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 12/06/2018 6:28:55 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/06/2018 6:26:51 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 12/06/2018 6:26:51 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
 
 
2nd Log:
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 11/06/2018 8:32:40 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Looks like the only remaining errors are these:

 

Log: 'System' Date/Time: 12/06/2018 6:29:49 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

 

 

This is caused when the PC is trying to connect to a secure site and something goes wrong in the handshake.  They seemed to be grouped altogether in time so it looks like something tries a few times then gives up.  My bet is it's a task checking for an update.  Search for

 

task scheduler

 

hit Enter.  That should open the Task Scheduler.  Click on Task Scheduler Library.  Look in the next pane.  You will see a bunch of tasks some with names and some just having numbers.  If we are lucky you will see the same time from the last error in the Last Run column (tho sometimes the hours may be off by your offset from GMT.  Windows is inconsistent and sometimes uses GMT and sometimes local time).  If you see one that seems about right then right click on it an disable.  (I would suspect one of these:

 

 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
 
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
 

Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe [2018-05-22] ()

Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
 
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
 
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit) )
 
 

If you don't see a corresponding time then just right click on each task  in the pane and Disable.  Then repeat the last steps:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.
 

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

 

No need to do Applications this time and you don't need to post.  Just look and see if the errors are gone.  If they are then we are on the right track.  Go back into Task Scheduler and enable 1/2 of the tasks.  reboot and run VEW again.  If they come back it's one of the tasks you just enabled.  Repeat until you isolate it to one or two tasks.  Report which tasks.  If disabling all tasks does not help then re-enable all tasks and look for the problem in the Startups.


  • 0

#34
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

I get a fault saying this no longer exists:

Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => 

 

This fault says "Specified account name is not valid" and can not be modified:

Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit) )

 

Otherwise the rest of them have been disabled.

Do I proceed with the rest of the steps or are you wanting to clear these 2 errors first?

Please advise.


Edited by promithius, 12 June 2018 - 11:21 PM.

  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Let's try to clear them out with FRST:

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1018bytes   10 downloads

Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 


  • 0

#36
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by SkyNet (13-06-2018 15:40:00) Run:5
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet &  (Available Profiles: SkyNet)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {74A5618A-58B9-49F2-8AAE-D60EB9997BDA} - System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {784298BF-2A08-41E5-82FC-C7AB0A863860} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit) )
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
reboot:
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74A5618A-58B9-49F2-8AAE-D60EB9997BDA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74A5618A-58B9-49F2-8AAE-D60EB9997BDA}" => removed successfully
C:\Windows\System32\Tasks\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPSON XP-320 Series Update {9EE9851F-1ACE-4793-8F9F-F6086C9F532B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{784298BF-2A08-41E5-82FC-C7AB0A863860}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{784298BF-2A08-41E5-82FC-C7AB0A863860}" => removed successfully
C:\Windows\System32\Tasks\Driver Booster Scheduler => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => removed successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:40:20 ====
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by SkyNet (administrator) on SKYNET-SYSTEMS (13-06-2018 17:31:24)
Running from C:\Users\SkyNet\Desktop
Loaded Profiles: SkyNet (Available Profiles: SkyNet)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Kinetic Jump Software, LLC) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINBE.EXE
(Epic Privacy Browser) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Application\epic.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9246656 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1505728 2018-05-27] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\ecmds.exe [178496 2018-04-19] (ESET)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-06-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4001848 2016-12-16] (Tonec Inc.)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINBE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-05-18] (Epic Privacy Browser)
HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\MountPoints2: {e08f94a0-81e1-11e7-9180-7c5cf8efb1df} - O:\VerizonSWUpgradeAssistantLauncher.exe
Startup: C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\privateinternetaccess - Shortcut.lnk [2016-11-01]
ShortcutTarget: privateinternetaccess - Shortcut.lnk -> C:\Program Files\pia_manager\privateinternetaccess.exe (No File)
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{0106C499-AACA-48BE-AF96-B40332427A56}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{7197BA45-B061-4503-A707-3ED2DFF23F36}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{7D8893E0-C1FA-44BA-B6A2-3CD6574C780F}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{BDF7F6CA-FCE0-463B-8573-872A301D511B}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{C3273B72-6137-46B4-B56D-6577F37FD1CE}: [DhcpNameServer] 192.168.86.1
 
Internet Explorer:
==================
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.yahoo.com/?fr=fp-comodo&type=42_25050004005_1.13.424807.562_u_hp
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> DefaultScope {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-407761387-3444271927-348064540-1000 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=42_25050004005_1.13.424807.562_u_ds&p={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\SkyNet\AppData\Roaming\IDM\idmmzcc5 [2018-06-13] [Legacy] [not signed]
FF HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-407761387-3444271927-348064540-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-05-18] (Epic Privacy Browser)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default [2018-06-09]
CHR Extension: (YouTube) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Adblock Plus) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-05-16]
CHR Extension: (Google Search) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-10-10]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-05-02]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2018-06-09]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-24]
CHR Extension: (uBlock) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2018-05-12]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-10-10]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-02-21]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2018-05-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-407761387-3444271927-348064540-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1356624 2016-11-15] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-06-04] (Dropbox, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249312 2017-12-20] (DTS, Inc)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2240264 2018-04-19] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [183568 2017-06-30] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 KjsUpdateService2; C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [12800 2012-04-18] (Kinetic Jump Software, LLC) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-06-13] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-06-13] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2016-07-12] (Advanced Micro Devices Inc.)
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [37200 2016-09-23] (Paragon Software Group)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [83792 2015-06-17] (Asmedia Technology)
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [51264 2016-07-12] (IVT Corporation.)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-11-05] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-05-12] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1560552 2017-12-20] (Motorola Solutions, Inc.)
S3 csvol; C:\Windows\System32\DRIVERS\csvol.sys [32080 2016-09-23] (Paragon Software Group)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137928 2018-04-12] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [110432 2018-04-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-04-12] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50136 2018-04-12] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-04-12] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61520 2018-04-12] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [108320 2018-04-12] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152184 2018-06-08] (Malwarebytes)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [69456 2016-09-23] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [213840 2016-09-23] (Paragon Software Group)
R3 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [23888 2016-09-23] (Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-07-12] (REALiX™)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [206344 2017-12-20] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112872 2018-06-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-06-13] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [94840 2018-06-13] (Malwarebytes)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [50512 2016-09-23] (Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3427848 2017-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50808 2017-12-20] (NVIDIA Corporation)
S3 Revoflt; C:\Windows\SysWOW64\DRIVERS\revoflt.sys [40240 2016-12-21] (VS Revo Group)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-12-20] (Samsung Electronics Co., Ltd.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-13 17:31 - 2018-06-13 17:31 - 000026061 _____ C:\Users\SkyNet\Desktop\FRST.txt
2018-06-13 15:40 - 2018-06-13 15:40 - 000002089 _____ C:\Users\SkyNet\Desktop\Fixlog.txt
2018-06-12 06:45 - 2018-06-13 16:56 - 000094840 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-06-12 06:45 - 2018-06-13 15:43 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-12 06:45 - 2018-06-13 15:43 - 000112872 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-06-12 06:45 - 2018-06-13 15:43 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-06-12 06:45 - 2018-06-12 06:45 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-06 21:06 - 2018-06-06 21:06 - 000000000 ____D C:\Windows\CheckSur
2018-06-05 21:16 - 2018-06-05 21:16 - 000000207 _____ C:\Windows\tweaking.com-regbackup-SKYNET-SYSTEMS-Windows-7-Ultimate-(64-bit).dat
2018-06-05 21:16 - 2018-06-05 21:16 - 000000000 ____D C:\RegBackup
2018-06-05 21:15 - 2018-06-05 21:15 - 000003668 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-06-05 21:15 - 2018-06-05 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-06-05 21:15 - 2018-06-05 21:15 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-06-05 21:14 - 2018-06-05 21:15 - 000194324 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2018-06-05 15:33 - 2018-06-05 15:33 - 000000910 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reinstall TAP Driver.lnk
2018-06-05 15:33 - 2018-06-05 15:33 - 000000878 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2018-06-05 15:33 - 2018-06-05 15:33 - 000000863 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall Private Internet Access.lnk
2018-06-05 15:33 - 2018-06-05 15:33 - 000000000 ____D C:\Users\SkyNet\AppData\Local\PrivateInternetAccess
2018-06-05 15:01 - 2018-06-05 15:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-04 00:18 - 2018-06-04 00:18 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-06-04 00:18 - 2018-06-04 00:18 - 000050232 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-06-04 00:18 - 2018-06-04 00:18 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-06-04 00:18 - 2018-06-04 00:18 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-06-03 16:37 - 2018-06-03 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2018-06-03 16:37 - 2018-06-03 16:37 - 000000000 ____D C:\Program Files\Speccy
2018-06-02 14:53 - 2018-06-02 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2018-06-02 14:53 - 2018-06-02 14:53 - 000000000 ____D C:\Program Files (x86)\DiskCheckup
2018-06-02 13:02 - 2018-06-13 15:39 - 000000000 ____D C:\Users\SkyNet\Desktop\New folder
2018-06-02 12:56 - 2018-06-11 20:32 - 000000467 _____ C:\VEW.txt
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\windfn.exe
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\StartupCheckLibrary.dll
2018-06-02 12:36 - 2018-06-02 12:36 - 000000000 ____D C:\Windows\system32\diskdriver.exe
2018-06-01 20:04 - 2018-06-01 20:04 - 000000000 ____D C:\Users\SkyNet\Desktop\save3dmgames
2018-06-01 17:20 - 2018-06-07 20:23 - 002413056 _____ (Farbar) C:\Users\SkyNet\Desktop\FRST64.exe
2018-05-30 17:01 - 2018-06-08 17:16 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-05-30 17:01 - 2018-05-30 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\ProgramData\MB2Migration
2018-05-30 17:00 - 2018-05-30 17:00 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-30 16:35 - 2018-06-13 17:31 - 000000000 ____D C:\FRST
2018-05-30 16:34 - 2018-05-30 16:34 - 000000000 ____D C:\ProgramData\GridinSoft
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2018-05-29 17:21 - 2018-05-29 17:21 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2018-05-28 15:54 - 2018-05-28 15:54 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-05-28 13:12 - 2018-05-28 13:12 - 000000000 ____D C:\Program Files\ESET
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 __SHD C:\ProgramData\DSS
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\Users\SkyNet\Documents\EA Games
2018-05-27 18:23 - 2018-05-27 18:23 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-05-27 17:47 - 2018-05-27 17:47 - 015211584 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007178432 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 007101704 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006463128 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006270152 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 006105024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-05-27 17:47 - 2018-05-27 17:47 - 005938872 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005593576 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 005346960 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003571504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003509160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003410288 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003299776 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003205568 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003145872 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 003121080 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002992144 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002922944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002444648 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 002190944 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001971328 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001965120 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001780584 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001591016 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001544216 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001508896 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001435104 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001382200 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001372352 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001353280 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001337600 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001259688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001242440 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001159144 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001154912 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001105920 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001009544 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 001003816 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000986960 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000973568 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000964984 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000899488 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000873424 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000852096 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000743928 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000727400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000708272 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000691640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000688936 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000604752 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000532336 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000504272 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000467120 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000453240 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000447144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000445360 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000441224 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000416472 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000406416 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000392832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000381368 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000378344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000367576 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000366080 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000360304 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000343672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000341112 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000332976 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000327232 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000315936 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000278232 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000258824 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253864 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000253824 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000252840 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000231880 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000221928 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000220352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000209496 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000203800 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000192944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000190896 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000179560 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000166160 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000158656 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000157304 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000154328 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000139720 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000122280 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000118552 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000116504 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000105272 _____ C:\Windows\system32\audioLibVc.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000093864 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090880 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000090136 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000088280 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000083584 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000075504 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-05-27 17:47 - 2018-05-27 17:47 - 000023656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-05-27 17:46 - 2018-05-27 17:46 - 072520672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-05-27 17:46 - 2018-05-27 17:46 - 015464151 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-05-27 17:46 - 2018-05-27 17:46 - 003677120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-05-27 17:42 - 2018-05-27 17:42 - 000226280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-05-27 17:42 - 2018-05-27 17:42 - 000046064 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-05-27 17:40 - 2018-05-27 17:41 - 000000000 ____D C:\Windows\system32\unknown
2018-05-27 17:40 - 2018-05-27 17:40 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 038468128 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 031271232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 030741024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 025984920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 020264848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 019009672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 017776824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 016973216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2018-05-27 17:40 - 2018-05-27 17:40 - 015619736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 015189168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 004046088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003962272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 003495000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001561536 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001417304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001215424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 001091616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000904712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000626592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000544472 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000518176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000462648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000420184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000182776 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000165136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000159896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000142632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000669 _____ C:\Windows\system32\nv-vk64.json
2018-05-27 17:40 - 2018-05-27 17:40 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-27 13:45 - 2015-07-18 03:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-05-27 13:45 - 2015-07-18 03:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-05-27 13:32 - 2018-04-29 05:27 - 000024512 _____ C:\Windows\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
2018-05-27 13:32 - 2018-01-28 13:09 - 000000000 _____ C:\Windows\system32\setup4.2.6.tmp
2018-05-25 17:06 - 2018-05-25 17:06 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\EasyAntiCheat
2018-05-18 16:07 - 2018-05-18 16:08 - 000000000 ____D C:\Users\SkyNet\Documents\Flight Simulator X Files
2018-05-18 09:50 - 2018-05-18 09:50 - 000002384 _____ C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
2018-05-18 09:49 - 2018-05-18 09:50 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Epic Privacy Browser
2018-05-18 09:49 - 2018-05-18 09:49 - 000000000 ____D C:\ProgramData\Epic Privacy Browser
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-13 15:50 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-13 15:50 - 2009-07-13 18:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-13 15:47 - 2009-07-13 19:13 - 000794646 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 15:47 - 2009-07-13 17:20 - 000000000 ____D C:\Windows\inf
2018-06-13 15:42 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-13 15:42 - 2009-07-13 19:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-13 15:40 - 2015-12-29 09:36 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\DMCache
2018-06-13 15:39 - 2015-12-24 08:48 - 000000000 ____D C:\Incoming
2018-06-12 17:41 - 2016-10-10 16:46 - 000002902 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (SkyNet)
2018-06-12 17:40 - 2018-04-30 16:25 - 000003234 _____ C:\Windows\System32\Tasks\klcp_update
2018-06-12 17:40 - 2017-07-11 16:32 - 000003640 _____ C:\Windows\System32\Tasks\HFS+ Updater
2018-06-12 17:40 - 2017-07-11 16:32 - 000003612 _____ C:\Windows\System32\Tasks\HFS+ Activator
2018-06-12 17:40 - 2016-03-20 12:45 - 000003232 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2018-06-12 17:38 - 2017-05-16 11:32 - 000004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-06-12 12:43 - 2015-12-23 09:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-12 11:42 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\brave
2018-06-11 21:47 - 2017-01-12 18:28 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CrashDumps
2018-06-11 21:16 - 2018-05-02 22:08 - 000013824 _____ C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-06-11 20:28 - 2016-03-20 12:45 - 000000000 ____D C:\Program Files\pia_manager
2018-06-10 22:01 - 2015-12-23 21:32 - 000000000 ____D C:\Users\SkyNet\AppData\Roaming\tixati
2018-06-09 10:37 - 2017-09-28 17:26 - 000000000 ____D C:\Users\SkyNet\AppData\Local\brave
2018-06-06 21:04 - 2016-10-10 11:58 - 000416816 _____ C:\Users\SkyNet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-06 21:03 - 2016-04-13 11:05 - 000000398 __RSH C:\ProgramData\ntuser.pol
2018-06-06 21:03 - 2009-07-13 18:45 - 005920168 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-06 20:59 - 2009-07-13 16:34 - 000000514 _____ C:\Windows\win.ini
2018-06-05 17:48 - 2015-12-24 08:31 - 000000000 ___RD C:\Users\SkyNet\Dropbox
2018-06-05 15:01 - 2015-12-24 08:29 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-02 12:49 - 2009-07-13 17:20 - 000000000 ____D C:\Program Files (x86)\Windows NT
2018-06-01 21:45 - 2017-03-18 17:08 - 000000000 ____D C:\Users\SkyNet\AppData\Local\Fallout4
2018-06-01 20:07 - 2016-10-26 17:45 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\ProgramData\XLN Audio
2018-05-31 19:21 - 2018-01-27 17:40 - 000000000 ____D C:\Program Files\XLN Audio
2018-05-31 19:20 - 2018-01-27 17:39 - 000000000 ____D C:\Users\SkyNet\Documents\XLN Online Installer
2018-05-31 18:40 - 2015-12-23 20:04 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-31 18:40 - 2015-12-23 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-31 18:40 - 2015-12-23 19:50 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-31 15:50 - 2015-12-23 20:23 - 001048576 _____ C:\Windows\PE_Rom.dll
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-30 17:00 - 2015-12-24 08:10 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-05-29 17:21 - 2017-01-11 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files\Rockstar Games
2018-05-28 15:37 - 2017-12-28 09:24 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2018-05-27 17:49 - 2009-07-13 19:32 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-27 17:47 - 2016-12-24 19:51 - 000000000 ____D C:\Windows\system32\DAX3
2018-05-27 17:47 - 2016-10-10 16:36 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-27 17:47 - 2016-10-10 11:32 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-27 17:42 - 2017-01-11 19:04 - 001688104 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2018-05-27 17:40 - 2017-01-12 19:12 - 000505928 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 023241960 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 004573960 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-27 17:40 - 2017-01-11 19:04 - 000041598 _____ C:\Windows\system32\nvinfo.pb
2018-05-27 17:30 - 2016-07-12 16:43 - 000000000 ____D C:\ProgramData\ProductData
2018-05-27 13:45 - 2015-12-23 20:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-25 17:07 - 2015-12-28 17:56 - 000000000 ____D C:\Users\SkyNet\Documents\My Games
2018-05-20 12:54 - 2016-07-12 12:45 - 000000000 ____D C:\Users\SkyNet\AppData\Local\ElevatedDiagnostics
2018-05-19 22:14 - 2016-07-05 18:12 - 000000000 ____D C:\Users\SkyNet\AppData\Local\CAPCOM
2018-05-19 09:32 - 2018-05-06 16:15 - 000000000 ____D C:\Users\SkyNet\Desktop\100NCD90
2018-05-18 16:17 - 2015-12-24 08:29 - 000003904 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 16:17 - 2015-12-24 08:29 - 000003652 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 16:07 - 2009-07-13 19:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-18 16:02 - 2016-10-23 18:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2018-05-16 18:37 - 2015-12-23 09:33 - 000003332 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-16 18:37 - 2015-12-23 09:33 - 000003204 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-15 18:38 - 2017-05-16 11:32 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-14 20:18 - 2017-12-21 19:01 - 000000000 ____D C:\Users\SkyNet\Documents\Manuals
2018-05-14 20:18 - 2016-10-18 22:37 - 000000000 ____D C:\Users\SkyNet\Documents\PDFs
 
==================== Files in the root of some directories =======
 
2017-05-06 17:54 - 2017-05-06 17:54 - 000000087 _____ () C:\Users\SkyNet\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2018-01-12 21:12 - 2018-01-12 21:12 - 000000171 _____ () C:\Users\SkyNet\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-01-12 21:12 - 2018-01-12 21:12 - 000000304 _____ () C:\Users\SkyNet\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2018-01-12 21:12 - 2018-01-12 21:12 - 000000175 _____ () C:\Users\SkyNet\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-01-26 17:41 - 2017-01-26 17:42 - 000001456 _____ () C:\Users\SkyNet\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-05-02 22:08 - 2018-06-11 21:16 - 000013824 _____ () C:\Users\SkyNet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-05-30 16:26 - 2018-05-30 16:26 - 000007619 _____ () C:\Users\SkyNet\AppData\Local\Resmon.ResmonCfg
2017-03-02 21:07 - 2017-03-02 21:07 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{86098965-5FBF-4491-9F48-24AD67142EBD}
2017-01-14 12:42 - 2017-01-14 12:42 - 000000000 _____ () C:\Users\SkyNet\AppData\Local\{F371B246-82C8-4076-8EF4-244595164BBE}
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\diskdriver.exe
C:\Windows\System32\StartupCheckLibrary.dll
C:\Windows\System32\windfn.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-08 18:18
 
==================== End of FRST.txt ============================
 
 
Addition Text:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by SkyNet (13-06-2018 17:31:55)
Running from C:\Users\SkyNet\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-10-10 21:58:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-407761387-3444271927-348064540-500 - Administrator - Disabled)
ASPNET (S-1-5-21-407761387-3444271927-348064540-1006 - Limited - Enabled)
Guest (S-1-5-21-407761387-3444271927-348064540-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-407761387-3444271927-348064540-1008 - Limited - Enabled)
SkyNet (S-1-5-21-407761387-3444271927-348064540-1000 - Administrator - Enabled) => C:\Users\SkyNet
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
300 Modpack 2.1 (HKLM-x32\...\300 Modpack 2.1) (Version:  - )
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Age of Mythology Gold Edition 1.00 (HKLM-x32\...\Age of Mythology Gold Edition 1.00) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\Aliens vs. Predator_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.4.0.8 - ASUSTek COMPUTER INC.)
Battlefield 1 v.версия 1.0.u3 (HKLM-x32\...\Battlefield 1_is1) (Version:  - )
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Brave) (Version: 0.22.727 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
CPUID CPU-Z 1.82.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.82.1 - ) <==== ATTENTION
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Crysis version 1.21.0.0 (HKLM-x32\...\Crysis_is1) (Version: 1.21.0.0 - Mr DJ)
Crysis Warhead version 1.1.0.0 (HKLM-x32\...\Crysis Warhead_is1) (Version: 1.1.0.0 - Mr DJ)
CRYZENX 1.00 (HKLM-x32\...\CRYZENX 1.00) (Version:  - )
Dirt.4.v1.04-ENG.repack version 1.04 (HKLM-x32\...\{32FFCB8E-23C9-435F-AFC0-7CE64F696FC2}}_is1) (Version: 1.04 - Ali213.net)
Disk Unlocker (HKLM-x32\...\{AE4DB5AB-CD91-4D63-8AD5-33EBADCCC4F2}) (Version: 2.1.3 - ASUSTek Computer Inc.)
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
Dragon UnPACKer 5 (HKLM-x32\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Booster 4.0 (HKLM-x32\...\Driver Booster_is1) (Version: 4.0.4 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: 1.3.0 - Релиз от R.G. Steamgames)
Easy Photo Scan (HKLM-x32\...\{BB6241FF-8B76-45A5-95B9-888EDE8E47DC}) (Version: 1.00.0010 - Seiko Epson Corporation)
Epic Privacy Browser (HKU\S-1-5-21-407761387-3444271927-348064540-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON XP-320 Series Printer Uninstall (HKLM\...\EPSON XP-320 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-320 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-320 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
HandBrake Nightly (HKLM-x32\...\HandBrake Nightly) (Version: Nightly - )
Hawaiian HI Fonts (HKLM\...\{9128B5D4-6CB4-4090-A09B-D4CF850AD5A1}) (Version: 1.0.3.40 - Hale Kuamoo, University of Hawaii at Hilo)
IDM Crack 6.27 build 1 (HKLM-x32\...\IDM Crack 6.27 build 1) (Version: build 2 - Crackingpatching.com Team)
Ignition (HKLM\...\{50DC22E6-B3C7-4C24-B96C-2939DB5AC0D9}) (Version: 1.50.20324.4505 - Powerteq) Hidden
Ignition (HKLM-x32\...\{e44b92d0-30d5-49aa-950e-a01e2fce0811}) (Version: 1.50.20324.4505 - Powerteq)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Wireless Bluetooth®(patch version 17.1.1531.1764) (HKLM\...\{302600C1-6BDF-4FD1-1507-148929CC1385}) (Version: 17.1.1507.0532 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fd9db181-00fa-4117-82e2-cf920d564253}) (Version: 16.1.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Klingon Academy (HKLM-x32\...\Klingon Academy) (Version:  - )
K-Lite Codec Pack 14.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.1.0 - KLCP)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
Little Nightmares (HKLM-x32\...\Little Nightmares_is1) (Version:  - )
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Halo Custom Edition (HKLM-x32\...\Halo CE) (Version:  - )
Microsoft Hyperlapse Pro (HKLM\...\{33503317-BA83-44C8-873E-581B3D8EB837}) (Version: 1.3.5764 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MKVToolNix 23.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 23.0.0 - Moritz Bunkus)
Mojo Jojo's Pet Project (HKLM-x32\...\{BD09FCE9-9D5F-11D5-9E0F-0050FC0220CE}) (Version:  - )
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.0.0.0 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.2.0 (HKLM-x32\...\Revo Uninstaller Pro 3.2.0) (Version:  - )
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SketchUp 2017 (HKLM\...\{F1E181BD-01D6-4754-92CC-DB8C259B9B28}) (Version: 17.0.18899 - Trimble, Inc.)
Sniper - Ghost Warrior 2 — Repacked by R.G. Revenants (HKLM-x32\...\Sniper - Ghost Warrior 2_R.G. Revenants) (Version: 3.4.1.4621 - City Interactive)
SolveigMM AVI Trimmer+ version 5.0.1509.11 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1509.11 - Solveig Multimedia)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Trek Voyager Elite Force (HKLM-x32\...\Star Trek Voyager Elite Force) (Version:  - )
STAR WARS - The Force Unleashed II (HKLM-x32\...\STAR WARS - The Force Unleashed II_is1) (Version:  - )
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed (HKLM-x32\...\Star Wars: The Force Unleashed_is1) (Version: 1.1 - Aspyr)
STAR WARS® - Knights of the Old Republic™ II - The Sith Lords (HKLM-x32\...\1421404581_is1) (Version: 2.0.0.2 - GOG.com)
Subtitle Edit 3.3.5 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.3.5.1862 - Nikse)
TagScanner 6.0.27 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Lord of the Rings The Battle for Middle-Earth Collection MULTi9 - ElAmigos version 2.01 (HKLM-x32\...\{5EE9E528-FC92-4C4F-AEE4-BCAFA7A2F6CF}_is1) (Version: 2.01 - Electronic Arts)
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version:  - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider GOTY version 1.1.748.0 (HKLM-x32\...\Tomb Raider GOTY_is1) (Version: 1.1.748.0 - Mr DJ)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version:  - )
Tomb Raider: Legend 1.2 (HKLM-x32\...\Tomb Raider: Legend) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.19 - Tweaking.com)
VidCoder 2.31 Beta (x86) (HKLM-x32\...\VidCoder-Beta-x86_is1) (Version: 2.31 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.9.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World in Conflict (HKLM-x32\...\World in Conflict) (Version: 1.011 - Ubisoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers1-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers1-x32: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-21] (Crystal Rich Ltd)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2018-04-19] (ESET)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6-x32: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\Revo Uninstaller Pro\RUExt.dll [2016-12-14] (VS Revo Group)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35A211AB-6D3B-4078-B5B6-9F2E85876676} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\updater\Updater.exe [2016-08-25] (Paragon Software Group)
Task: {3E31366C-E675-44C5-8BC0-6CECADC0704F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-04-11] ()
Task: {40C324BC-D7AD-4882-9673-8F3018FA8405} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {425C10DD-2470-48C2-BE24-5F9771B87385} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe [2016-11-15] (Paragon Software)
Task: {44F446AE-529D-481A-BB08-A900F3A53B41} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe
Task: {574D6353-DED6-45DC-BD0C-0D75768F3630} - System32\Tasks\EPSON XP-320 Series Update {2F5A4C44-C787-4243-BF67-47A7A6576221} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {598F1E22-D974-4931-BA4E-1185077E61C9} - System32\Tasks\Private Internet Access Startup => C:/Program Files/pia_manager/pia_manager.exe
Task: {5A5E1C32-CA20-4DB2-AE5A-C67104C2E8CE} - System32\Tasks\Driver Booster SkipUAC (SkyNet) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
Task: {79C655A7-B86E-480A-A906-6D51938C93AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {B4501B30-6D73-49B8-9145-05858DA45F6E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {BBCD4906-AD2E-4AC3-AF14-89B0ABC94F44} - System32\Tasks\AdobeGCInvoker-1.0-SKYNET-SYSTEMS-SkyNet => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {BE763E74-85F7-4612-B459-06BD2D5EB115} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {CE3C1698-CD65-49E2-AB60-D2231AA5D0E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {DCA0EAAC-887C-433D-BDEB-13FAA45979E0} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {E3942701-4DA4-446F-A47A-4884A026C1B3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {F839542E-ABE6-4270-A40A-8DC32F621586} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-28 22:31 - 2013-03-28 22:31 - 000210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 000748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 13:53 - 2012-09-23 13:53 - 003645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-03-28 22:30 - 2013-03-28 22:30 - 000073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-23 14:55 - 2016-11-15 07:52 - 001356624 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-01-11 19:06 - 2016-08-25 13:28 - 000367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 003611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 000156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2015-12-24 08:31 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2018-05-30 17:01 - 2018-06-08 17:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-30 17:01 - 2018-06-08 17:16 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 002665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 001840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-09 18:08 - 2016-11-17 22:14 - 000730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-01-09 18:08 - 2016-11-17 22:18 - 001981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-01-09 18:08 - 2016-11-17 22:12 - 000237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2013-09-17 00:58 - 2013-09-17 18:58 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2017-01-09 18:08 - 2016-11-17 22:16 - 000805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-01-09 18:08 - 2016-11-17 22:11 - 000247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-01-09 18:08 - 2016-11-17 22:10 - 000203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2017-01-09 18:08 - 2016-11-17 22:09 - 000336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-01-09 18:08 - 2016-11-17 22:11 - 000213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-01-09 18:08 - 2016-11-17 22:07 - 000229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-01-09 18:08 - 2016-11-17 22:06 - 000211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-01-09 18:08 - 2016-11-17 22:08 - 000219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 000087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 001242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-11 19:06 - 2016-08-25 13:28 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-12-24 08:31 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2018-06-05 15:01 - 2018-06-04 00:18 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-06-05 15:01 - 2018-06-04 00:18 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-24 08:30 - 2018-06-04 00:21 - 000106816 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000025408 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000042312 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000700736 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000137032 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000123200 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-24 08:30 - 2018-06-04 00:20 - 000112448 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 18:18 - 2018-06-04 00:21 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000031040 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000399168 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-24 08:30 - 2018-06-04 00:21 - 000049984 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000027456 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000131392 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000120648 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-05 18:18 - 2018-06-04 00:21 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000182080 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000036672 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-21 10:59 - 2018-06-04 00:20 - 000032576 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000055104 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000064320 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-08 12:35 - 2018-06-04 00:21 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 15:33 - 2018-06-04 00:21 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000152384 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-24 08:30 - 2018-06-04 00:20 - 000091448 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000035136 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000067392 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 15:01 - 2018-06-04 00:21 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000030528 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-20 09:53 - 2018-06-04 00:21 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 09:53 - 2018-06-04 00:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 09:53 - 2018-06-04 00:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 09:53 - 2018-06-04 00:21 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-24 08:30 - 2018-06-04 00:21 - 000355648 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-18 19:36 - 2018-06-04 00:21 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-06-05 15:01 - 2018-06-04 00:18 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 15:36 - 2018-06-04 00:21 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-11 14:11 - 2018-06-04 00:21 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-06-05 15:01 - 2018-06-04 00:19 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-06-05 15:01 - 2018-06-04 00:19 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-05 18:18 - 2018-06-04 00:21 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-06-05 15:01 - 2018-06-04 00:20 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-23 20:04 - 2018-06-13 15:45 - 000035840 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-23 20:04 - 2010-06-29 10:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-12-25 23:50 - 2018-01-12 11:15 - 000001298 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1 16.217.0.0
127.0.0.1 rosettastone.com
127.0.0.1 launch.rosettastone.com
127.0.0.1 amp.rosettastone.com
127.0.0.1 resources.rosettastone.com
127.0.0.1 updates.rosettastone.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-407761387-3444271927-348064540-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SkyNet\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.200.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: StartCN => "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FB7C27F5-BB80-4ED8-A52E-F204BD37C316}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{9542AAF1-188F-4C71-861A-E752ABC11CFA}] => (Block) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [UDP Query User{1CCE33FB-AEEA-4ED8-AF19-C2B396B5D814}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [TCP Query User{E1342536-15D0-452F-8FF9-EF3578728F2D}C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe] => (Allow) C:\program files\onone software\perfect photo suite 8\perfect photo suite 8.exe
FirewallRules: [{5175D9CD-A3FD-4EF4-A80D-AA46C01BD890}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{6E5EF3EA-31F2-402C-B458-BB016DB34BB0}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{B378563C-33B4-49E2-912D-D7C231DB1E6F}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{AE11614C-C137-4DF6-86D1-F4C76816BD63}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{0452BC5E-4D0C-43D9-9A5E-28F4028CBAF1}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{0ADE0E85-BFE0-482B-A20A-4887E9751D9E}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin64\Crysis.exe
FirewallRules: [{F616906F-6237-47D8-A0C5-AF3BA54D97E4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{99C0B5F5-7B51-4D07-A8D2-0AE91146DB40}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crysis Warhead\Bin32\Crysis.exe
FirewallRules: [{B0C5662F-C649-4A36-8792-48537527A83C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{141273CE-5FDD-402E-B222-9E13759563E7}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{35A350FD-94D7-4440-AAD5-82F0C4ACA246}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{8C3DE5BB-FF61-4E70-9A47-8F85DEE903AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\crysis.exe
FirewallRules: [{007968BD-260C-4DCE-8A9F-1EA6AF72400E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D5685863-D18B-4099-820C-F472BF3D84CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{96E7BE0E-D304-403C-A275-5DCA2FB0302B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{941F3F54-2BD5-4E85-BD36-7BEA0B435FF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DDE5C324-684C-4E79-B3BB-C08BBB124967}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{959BB1F3-A68E-4E0E-A5F2-1DEEB86CC41C}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC 2015\Photoshop.exe
FirewallRules: [{59D8FE2C-0564-4023-8C40-102475C74732}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{8D54B22B-A954-496F-901D-9C08FC8A0D19}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{079FC4F4-FAD0-4813-8938-95AC8E0DE885}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0628F2CA-7F4B-4A6C-ABAB-E88127310AB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1749864-6003-46D3-B48D-FA91635A074D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27FBBF6F-8789-44F7-AF44-DDB719F236E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7D796CF0-0B6B-4123-9EE5-FB3045FDEFB1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{C2106B5E-D166-4C23-A572-00D2114EAF76}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{9DA04F3C-ADD7-4DE9-B271-60981EC6B6A2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{011BAD99-FD9F-4C9D-932A-C3FD26172956}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{C9417F31-5112-40C5-9643-CFB0F537EAA9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe
FirewallRules: [{881B987B-391D-4938-B34E-E74A2D2CBE2A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8D8F7100-8302-4698-A5C6-0EF070A51474}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DBDownloader.exe
FirewallRules: [{8678EAE2-2D5F-45E6-9E2C-DB644A80DF28}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [{2CC957B7-C991-4E8B-B4A4-3B023D395393}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.4\AutoUpdate.exe
FirewallRules: [TCP Query User{BE7382CB-95AE-429A-821A-60400273278C}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [UDP Query User{0044A1D1-3464-42E8-B96E-9BAD626BC7CC}C:\program files (x86)\microsoft games\halo custom edition\haloce.exe] => (Allow) C:\program files (x86)\microsoft games\halo custom edition\haloce.exe
FirewallRules: [TCP Query User{5F9A971F-F2B5-47FB-94CB-2E3C972A5242}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [UDP Query User{2292E954-049F-4D9F-8F1B-4D3B6D27CC33}C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe] => (Allow) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A33F7BB0-D522-4AE5-8DC5-822325B276C9}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{E00F54FA-48A5-4A6D-AA1C-8464791B6010}] => (Block) C:\program files (x86)\raven\star trek voyager elite force\stvoyhm.exe
FirewallRules: [{A895B6AE-F13E-4174-A79E-FD8347F917CA}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{35730279-BF13-4671-8E81-82A1CCB63E1C}] => (Allow) H:\Games\Tomb Raider GOTY\TombRaider.exe
FirewallRules: [{B7D557E8-EF05-4895-9868-C2BE5DEAA4E6}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{D91D1AE7-F21D-426C-83D1-AB43FEBC5502}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{0DA2D116-B31F-44F4-96BC-D5BCCB9D8296}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{B50FF09C-5F9A-47E9-92F3-166A2CFC1570}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BFB25B55-7634-4A79-9B85-238CBDB85E50}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [UDP Query User{D02F7EB6-3E5C-4E37-8347-6FBDAF3D6096}H:\games\age of mythology gold edition\aom.exe] => (Allow) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{35AECB37-E4C5-4F08-B6BE-A6AFF2AA660D}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{E6656235-82B1-4D03-A36F-29703812A191}] => (Block) H:\games\age of mythology gold edition\aom.exe
FirewallRules: [{D0A6F404-E401-460D-8761-283D847FB16C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F5A48009-9391-4A75-82E0-64C42C095BDA}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [UDP Query User{E9AA2D51-8AF4-49CF-92EC-EAB695FE018B}H:\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{F6F0223E-E183-4BFC-9720-E2B9C1867171}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{169B5F1A-E12A-4DD4-9B61-5EAF08F0313C}] => (Block) H:\games\far cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{564BABF5-3AC7-49A0-B215-14B7DC093BA7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0575828A-DA83-4013-94FE-52C030651860}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{388BDF3E-E23C-4484-8E2B-0AAFDEB573C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E4F7CBCA-974E-4DEE-97FA-7AF1D6043384}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F5C4D4BA-DC5D-415E-81C0-4C38D08EA927}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D229850E-8137-47F5-8B6D-6BA99B5728B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1672625E-8396-4437-AFA1-2544812F7448}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{561E2E6D-9290-4365-8807-BAC94A32B0CE}] => (Allow) LPort=2869
FirewallRules: [{6ED08D25-6A52-4ECD-9CEF-889328ED4F63}] => (Allow) LPort=1900
FirewallRules: [{00F530C6-AE3A-442C-962D-CC9C8C54085C}] => (Allow) LPort=2869
FirewallRules: [{60031D35-ED6F-49C7-97A7-58F109F7534D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9F8DFD05-4F5B-4ED3-9C99-5528A983C57A}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [UDP Query User{AA747C07-FD9B-4589-A2A3-9DFE290EAE7F}H:\games\battlefield 1\bf1.exe] => (Block) H:\games\battlefield 1\bf1.exe
FirewallRules: [{8B8D43CC-23C4-4883-9A76-889CBAD0B7C8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{AE899E63-7251-4A22-9243-2B18B09C5785}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [TCP Query User{287CFD38-8173-4AF5-8A11-32591DCC48A2}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [UDP Query User{C342F57F-EDB6-42F1-9BE3-E86F57FF46C9}H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{77EE1476-DCB7-4A85-A781-1B6E945C05A9}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{6773DDC3-60BD-49A5-B978-81AE305A348B}] => (Block) H:\games\call of duty modern warfare remastered\h1_sp64_ship.exe
FirewallRules: [{3A8B1383-5526-44B4-8314-B01CB83DD6F2}] => (Block) LPort=445
FirewallRules: [{3CAA6FC2-FA59-40FF-AD08-369F2AEC17B4}] => (Block) LPort=445
FirewallRules: [{43DD8E92-1050-4FEF-AE3B-46C92AC691AC}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [{381B961A-83D5-42ED-AD65-C80A4FBCF5EB}] => (Allow) H:\Games\Call Of Duty World At War\CoDWaW.exe
FirewallRules: [TCP Query User{4908AA1F-EC3F-42DD-8A96-F114ED067D2A}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [UDP Query User{8C50542A-44EE-4306-A90D-93AB8DB8B74B}H:\games\halo 2\halo 2\halo2.exe] => (Allow) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{834AD21D-8A0E-42A9-874E-2F96D2691D57}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{69AC1BDD-9F1D-4CF0-9EFD-7703A250A674}] => (Block) H:\games\halo 2\halo 2\halo2.exe
FirewallRules: [{A5DE2541-A865-4489-835B-F7152B3E8DAB}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{97625A2F-03C2-4658-9704-4639321E880A}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{1E29B81A-BD2E-49AF-A713-F2C0B358D9B2}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [{F02C1FE6-8E5E-47FE-921E-00192642F714}] => (Allow) H:\Games\Halo 2\halo2.exe
FirewallRules: [TCP Query User{C40DCABF-7228-4B5B-92CB-30E629DB7F9E}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{9D0D49D9-32A3-4EAC-B64B-B21DC60B4156}C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [{F5A98A22-AB34-4F42-8722-0664C26CC0D8}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{C1700217-77DD-4025-BDAC-361288581F78}] => (Allow) H:\Games\Crysis\Bin32\crysis.exe
FirewallRules: [{4665A9A8-260F-4AAE-AFA9-79334C1FF388}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [{BBC7C6C9-A363-4950-897A-BD192F1EE47E}] => (Allow) H:\Games\Crysis\Bin64\Crysis.exe
FirewallRules: [TCP Query User{92078F10-6042-4519-B1B4-26BBFD9ACEF5}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [UDP Query User{F1C038E9-0383-460F-84B2-77C4D534DD9E}H:\games\prey\prey\binaries\danielle\x64\release\prey.exe] => (Allow) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{4D561CC5-30A1-4E9E-96E2-F3EAF3DD9AAC}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{DC245F4A-3DC3-40CE-AFD2-9DD7026F5F6C}] => (Block) H:\games\prey\prey\binaries\danielle\x64\release\prey.exe
FirewallRules: [{0F417FB7-9F17-410B-8960-4DE17AAEB626}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{D55F24A3-EB8B-42FB-8771-31FD56C0F857}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe
FirewallRules: [{284784CA-48D1-4BF7-A81A-529C35A052E9}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [{BDBC5E1C-0C1A-4ABA-B5EB-82B0D54465F4}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe
FirewallRules: [TCP Query User{956666EC-7408-4005-97D3-4458F7A6535D}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [UDP Query User{6ED08CF2-2311-4CD9-B003-D9C78C3B03DD}H:\games\counter strike\hl.exe] => (Allow) H:\games\counter strike\hl.exe
FirewallRules: [{D732A50E-88AA-44B8-BE55-964BD4FB659D}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [{96AE1DED-8908-42B2-B433-90732895E166}] => (Block) H:\games\counter strike\hl.exe
FirewallRules: [TCP Query User{16514BDC-2796-487A-B1A2-1F687775A690}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [UDP Query User{9839D3C7-6CF6-469E-B71C-4EE3D491B333}H:\games\counter strike\hlds.exe] => (Allow) H:\games\counter strike\hlds.exe
FirewallRules: [{C9692BB1-278C-4FA9-B181-A5A8A1EC8927}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [{ED308862-E600-48A2-9A93-932A8CBE1A6D}] => (Block) H:\games\counter strike\hlds.exe
FirewallRules: [TCP Query User{E0C34252-11D0-4CA7-8ED0-A48B8C2CF3BA}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [UDP Query User{A097959E-765B-49CD-9205-08A0DF668759}H:\games\counter strike\hltv.exe] => (Allow) H:\games\counter strike\hltv.exe
FirewallRules: [{4987A6DB-1650-4C11-B488-3FCD3282BB10}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [{6F2A6423-539B-4DD6-AB5A-D77A7A51A8C9}] => (Block) H:\games\counter strike\hltv.exe
FirewallRules: [TCP Query User{090E6C1D-3F2A-439A-A8C7-2D049A9E59CE}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{43D41ECF-63AC-4D38-8A66-DFDDC6CEDEA2}H:\games\call of duty 2\cod2mp_s.exe] => (Allow) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{FC3CDEA3-8B96-4847-A0A5-05A8D06BDC90}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [{8A01975A-BDC8-4198-8AD6-5762D3D6144A}] => (Block) H:\games\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BA0CC5F1-8891-4784-8727-FDD6FEFE9A72}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [UDP Query User{AF5F8BA9-B4C3-4FBB-AF81-DABB907CF037}H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe] => (Allow) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{DE486E41-348B-4867-AD4C-AF539F02A5D3}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{47D0FEEA-A4FC-4D1C-9286-7443E5F0AC10}] => (Block) H:\games\sniper - ghost warrior 2\bin32\sniperghostwarrior2.exe
FirewallRules: [{9C468828-A775-4BD6-9D0C-A062C8A68FED}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{298F078E-DF83-4D6E-BE6F-1F3B0EBEADFD}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{77086B90-99CE-4C7B-99C7-C92B46989ADA}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{F21326C8-627D-4C0D-AA15-F8313BCA9942}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{57AD44DC-9194-42C2-8492-DF0F6A5A785D}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\mounthfs.exe
FirewallRules: [{50C77D90-6314-46DA-922D-1BA9A5199B11}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\apmwinsrv.exe
FirewallRules: [{11AE5B51-3D43-4137-AB1E-B5DBAE22B266}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfsactivator.exe
FirewallRules: [{A1437E5F-4A3D-494B-B95F-EE3917147B2F}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.0\activation\hfshelper.exe
FirewallRules: [{15BFE731-6C42-426C-817A-A1AB2670C275}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{023B99DE-D2C5-4E0F-83BC-14E91FDE9421}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [{C1737EC2-E06B-4CB0-9CBD-E92C68D36362}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{55428380-F572-4B81-B89F-65C7CBF7A512}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\activation\OnlineActivator.exe
FirewallRules: [{08C66253-AB20-4EEB-A2AE-3F41D0AB9EC0}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
FirewallRules: [{0668A9A4-816F-45FC-8FF2-077C44C8A428}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows\mounthfs.exe
FirewallRules: [TCP Query User{84E28F8B-CA08-4DC8-BB8A-9DF711280C7B}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [UDP Query User{ABC15052-4E47-460E-85CC-248154B9CECA}C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe] => (Block) C:\users\skynet\appdata\local\brave\app-0.18.36\brave.exe
FirewallRules: [TCP Query User{D35B6580-F1D8-4196-B6F3-DAED0186E7DC}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{F2E0036E-6785-46F5-AA59-A5C0DCBA15B9}H:\games\far cry primal\bin\fcprimal.exe] => (Block) H:\games\far cry primal\bin\fcprimal.exe
FirewallRules: [TCP Query User{C28438FE-5764-4FA6-865A-ECBA98BCC0CF}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [UDP Query User{AE9A1FCC-2806-47B6-A412-EB50EB01E56C}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe
FirewallRules: [{911084A3-0070-4ADE-A49C-2931D8126CE9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6A60088F-03B3-4F02-8568-BAEA4680A035}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{738E9E66-F20A-4847-B8DC-90CFC2B47F73}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{9AFC4B02-19C5-49F9-888C-950953E2716B}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [UDP Query User{EEC425FC-0A96-45D3-9BF4-83988C9E2B0F}H:\games\klingon academy\ka.exe] => (Block) H:\games\klingon academy\ka.exe
FirewallRules: [{3D7354DA-94D6-4AD0-A028-53D0BEF45007}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7C3713BF-80EC-4E67-B395-B4599CBCC258}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
11-06-2018 10:58:36 Scheduled Checkpoint
11-06-2018 20:21:02 Revo Uninstaller Pro's restore point - Private Internet Access v80
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (06/13/2018 04:46:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/13/2018 04:46:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/13/2018 04:14:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/13/2018 04:14:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/13/2018 03:58:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/13/2018 03:58:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
Error: (06/13/2018 03:50:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (06/13/2018 03:50:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
 
 
CodeIntegrity:
===================================
 
Date: 2018-06-13 17:31:17.296
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2018-06-13 15:42:59.722
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 21%
Total physical RAM: 16283.5 MB
Available physical RAM: 12863.48 MB
Total Virtual: 32565.19 MB
Available Virtual: 28559.33 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:183.99 GB) NTFS
Drive f: (Mars) (Fixed) (Total:465.76 GB) (Free:381.76 GB) NTFS
Drive g: (Pluto) (Fixed) (Total:200 GB) (Free:106.31 GB) NTFS
Drive h: (Hoth) (Fixed) (Total:931.51 GB) (Free:351.67 GB) NTFS
Drive i: (Saturn) (Fixed) (Total:1062.89 GB) (Free:200.65 GB) NTFS
Drive q: (Ryloth) (Fixed) (Total:1953.12 GB) (Free:1718.23 GB) NTFS
Drive r: (Scarif) (Fixed) (Total:1772.77 GB) (Free:583.87 GB) NTFS
Drive s: (Mercury) (Fixed) (Total:600 GB) (Free:57.37 GB) NTFS
 
\\?\Volume{92252ac3-a9cc-11e5-aced-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D6C2710D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: D7729B52)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

That got rid of the broken tasks anyway.

 

Do you still have the other tasks disabled?  If so they are not at fault.  Search for

 

msconfig

 

Under Startup, uncheck everything except egui (ESET)

then under Services, hit Hide Microsoft Services then uncheck all that remain except those that say ESET

 

OK

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after the line).

sfc  /scanfile=c:\windows\system32\sxs.dll

It should say:

 

Windows Resource Protection did not find any integrity violations.

 

 

Does it?
 

Reboot and run VEW again just for System
 

 

 

 

sfc /scanfile=c:\windows\system32\sxs.dll


  • 0

#38
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Okay, I disabled everything requested and ran the Command Prompt.

 

It did return with Windows Resource Protection did not find any integrity violations. 

 

Rebooted and fired up VEW with just "System" selected but it wants a list type selection.

 

Any one in particular I should select?


  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 


  • 0

#40
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

VEW Log:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/06/2018 8:14:01 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/06/2018 1:28:14 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 15/06/2018 1:28:14 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 5:58:07 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 5:58:06 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 3:50:06 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 3:50:06 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 2:46:05 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 2:46:05 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 2:14:04 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 2:14:04 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 1:58:03 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 1:58:03 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 1:50:02 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 1:50:02 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 1:46:02 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 1:46:01 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 1:44:01 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 1:44:01 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
Log: 'System' Date/Time: 14/06/2018 1:43:15 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
 
Log: 'System' Date/Time: 14/06/2018 1:43:15 AM
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/06/2018 3:48:30 AM
Type: Warning Category: 0
Event: 52 Source: Disk
The driver has detected that device \Device\Harddisk2\DR2 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
 
Log: 'System' Date/Time: 15/06/2018 1:49:12 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 15/06/2018 1:49:12 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 14/06/2018 2:42:34 AM
Type: Warning Category: 0
Event: 52 Source: Disk
The driver has detected that device \Device\Harddisk2\DR2 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
 
Log: 'System' Date/Time: 14/06/2018 1:40:48 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 14/06/2018 1:40:48 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

I have been reading up on this schannel error.  As I thought it's some process trying to call home.  The first time it tries to connect the protocol that it uses is no longer recognized by the home server and it has to start over.  Since we aren't getting any complaints about it not connecting the assumption is that the second time works.  The error can be ignored.  You can even tell Windows to ignore the error but it requires a registry edit

Open the registry editor:

Search for

regedit

hit Enter

Change EventLogging in the right pane of

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

from 1 to 0

 

If you really want to find what is causing it you can change it to 7

This turns on tracing and will fill the logs with information about the process.  Hopefully it will also reveal what process is doing it.  Wouldn't leave it set to 7 very long.

 

Windows is also concerned about your Seagate:

 

 
Type: Warning Category: 0
Event: 52 Source: Disk
The driver has detected that device \Device\Harddisk2\DR2 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.

 

 

 

 

These two:

 

Log: 'System' Date/Time: 14/06/2018 1:40:48 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 14/06/2018 1:40:48 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll

 

 

 
Should rightly be classified as Informational and not Warning so can be ignored.

  • 0

#42
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Okay, I have set HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL

from 1 to 0.

 

The Seagate will be replaced as soon as the Amazon order arrives.

 

Is there anything else I need to do?


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

If you still have tasks disabled you might want to re-enable them.  Otherwise if it is running OK we can stop and clean up:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.


If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video. 

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!
 


  • 0

#44
promithius

promithius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Alright, I've taken care most of those.

I do not use Facebook so I was able to skip that part.

I did uninstall Driver Booster updating software.

What would be the best alternative to updating drivers on my system?


  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,893 posts
  • MVP

Just leave the drivers alone.  This is Win 7 so there won't be many changes especially not from Microsoft who are trying to forget they ever made it (not because it's a bad operating system but because they want everyone on Win 10). 


  • 0






Similar Topics


Also tagged with one or more of these keywords: coinminer, diskdriver, virus, infection, russian

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP