Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random Shutdown

Windows 7 blue screen shutdown virus malware

  • This topic is locked This topic is locked

#1
Sirius Black

Sirius Black

    Member

  • Member
  • PipPip
  • 77 posts

I have a Windows 7 64 bit desktop.

Since yesterday I get the blue screen of death and it shuts down.

This has happened twice now.

Please help.

 

Thank you


  • 0

Advertisements


#2
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

Blue Screen problems are generally caused by faulting drivers, and are outside the remit of the "Virus, Spyware, Malware Removal" forum unless you have a specific reason to believe that they are being caused by Malware.

 

Have you any particular reason to believe that yours have a Malware related cause ?


  • 0

#3
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

Possibly.

This started suddenly.

I have many of the malware programs used the last time I came here for help and update and run them once a month.

This is my work computer so I need it functioning without problems.

I'll be in the middle of something and all of a sudden it will flash the blue screen of death and shut down.

I have already backed up my important documents.


  • 0

#4
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts
The fact that the blue screens started suddenly really is not particularly indicative of malware, blue screens are by their very nature something that generally occur suddenly.
 
However, we'll run some scans of your machine, and see if that tells us anything, or gives us some indication of what might be causing them. It may be something I can help with, if not I'll refer you to someone who has more experience of dealing with blue screen problems than I do.
 
So ..... depending on whether you have a 32 bit or 64 bit system ....
  • Download FRST to your Desktop.
  • Download FRST64 to your Desktop.
  • If you don't know, then download both, only one of them will run on your machine.
  • Double click Frst.exe or Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
  • Please post them in your next reply.
Frst logs are generally pretty long, so you may have to post each separately.
  • 0

#5
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts

This is a Windows 7 64 bit machine.

 

 

First Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.03.2019 01
Ran by SkyNet 002 (administrator) on SKYNET002-PC (03-03-2019 15:34:16)
Running from C:\Incoming
Loaded Profiles: SkyNet 002 (Available Profiles: SkyNet 002)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe
() [File not signed] C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Hengyida Information Technology CO.,LTD. -> ) C:\Program Files (x86)\GiliSoft\File Lock Pro\FLClient.exe
(Nalpeiron Inc -> Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
() [File not signed] C:\Program Files (x86)\RocketDock\RocketDock.exe
(Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Lexmark International, Inc. -> ) C:\Program Files (x86)\Lexmark\ErrorApp\lmab1err.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-client.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions Inc. -> Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Gigabyte Technology CO.) C:\Program Files\Gigabyte\SmartRecovery2\RPMDaemon.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(London Trust Media Incorporated -> The OpenVPN Project) C:\Program Files\Private Internet Access\pia-openvpn.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
(Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.5\apmwinsrv.exe [66768 2015-06-22] (Paragon Software GmbH -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2018-09-07] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [5549152 2018-09-05] (Intel Corporation -> Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7822648 2014-10-28] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-02-16] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4190016 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\Gigabyte\SmartRecovery2\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [File not signed]
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\sivro.exe [12096 2015-07-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () [File not signed]
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2018-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIPAE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-430 Series" /EF "HKCU"
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [LMab1err] => C:\Program Files (x86)\Lexmark\ErrorApp\LMab1err.exe [645736 2013-07-11] (Lexmark International, Inc. -> )
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [LMADVmon] => "C:\Program Files (x86)\Lexmark MX310 Series\LMADVmon.exe"
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Run: [Private Internet Access] => C:\Program Files\Private Internet Access\pia-client.exe [4330976 2019-02-15] (London Trust Media Incorporated -> )
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\MountPoints2: {a0def22d-30fa-11e7-9ebf-7c5cf8c67f09} - K:\setup.exe
HKLM\...\Drivers32: [VIDC.LAGS] => c:\windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => c:\windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => c:\windows\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => c:\windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => c:\windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.l3codecp] => c:\windows\system32\l3codecp.acm [182272 2009-07-13] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [VIDC.LAGS] => c:\windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => c:\windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => c:\windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => c:\windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.l3codecp] => c:\windows\SysWOW64\l3codecp.acm [220672 2009-07-13] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.119\Installer\chrmstp.exe [2019-02-21] (Google LLC -> Google Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\72.0.60.47\Installer\chrmstp.exe [2019-03-01] (Brave Software, Inc.) [File not signed]
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{25B4A593-E2E1-444F-AC32-E81C2CBF03C0}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{CED556DB-E41F-4675-AEE7-861BD83B1FC1}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{D69F1D6D-CFD1-4A44-80DB-D3A8D1684DA0}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{F4E0C9AC-75FE-4126-85DA-737274627340}: [DhcpNameServer] 192.168.0.1 205.171.2.65
 
Internet Explorer:
==================
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: FLockObj Class -> {34EDF7FD-FD9B-420F-A701-CC2C081FB26C} -> C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin64.dll [2015-08-05] () [File not signed]
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> c:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-06-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2018-09-07] (Logitech Inc -> Logitech, Inc.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - c:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2017-12-31] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2017-12-31] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2017-12-31] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2017-12-31] (Microsoft Windows -> Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2018-12-19] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] (Apple Inc. -> )
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2018-12-29] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3459869835-1368644105-640081114-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
FF Plugin HKU\S-1-5-21-3459869835-1368644105-640081114-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2018-10-26] (Google Inc (TEST) -> Epic Privacy Browser) [File not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://drudgereport.com/
CHR StartupUrls: Default -> "hxxps://drudgereport.com/"
CHR Profile: C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default [2019-03-03]
CHR Extension: (Slides) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-03]
CHR Extension: (DuckDuckGo) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2019-01-07]
CHR Extension: (YouTube) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-01-23]
CHR Extension: (Notifier for Gmail™) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2018-12-21]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2019-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-12]
CHR Extension: (uBlock) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2019-03-01]
CHR Extension: (Sheets) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-26]
CHR Extension: (Kindle Cloud Reader) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2017-05-03]
CHR Extension: (Morpheon Dark) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-10-26]
CHR Extension: (IDM Integration Module) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2019-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-18]
CHR Extension: (Gmail) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
CHR Extension: (AdNauseam) - C:\Users\SkyNet 002\Documents\adnauseam.chromium [2019-03-01] [UpdateUrl:hxxps://rednoise.org/adnauseam/updates.xml] <==== ATTENTION
CHR Profile: C:\Users\SkyNet 002\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [160200 2018-12-29] (Brave Software, Inc. -> BraveSoftware Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-03] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-08-08] (ESET, spol. s r.o. -> ESET)
R2 FLService; C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe [110592 2014-01-07] () [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S4 GCloud; C:\Program Files (x86)\GIGABYTE\CloudStation\HomeCloud\GCloud.exe [19264 2014-06-18] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2015-07-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [131312 2015-03-19] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-08-10] (Intel Corporation - pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-05-23] (Power Admin LLC -> Power Admin LLC)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [908288 2019-02-15] (London Trust Media Incorporated -> )
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
S3 BraveElevationService; "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\71.0.58.21\elevation_service.exe" [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [142136 2015-01-13] (Motorola Solutions Inc. -> Motorola Solutions, Inc.)
S2 csvol; C:\Windows\System32\DRIVERS\csvol.sys [23760 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132824 2017-08-08] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET, spol. s r.o. -> ESET)
R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77224 2017-03-09] (ESET, spol. s r.o. -> ESET)
S3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [32840 2017-10-14] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Giga-Byte Technology CO., LTD.)
R0 FileLock; C:\Windows\System32\drivers\FileLock.sys [54264 2018-02-13] (Hengyida Information Technology CO.,LTD. -> Gili Soft Inc.)
R3 gdrv; C:\Windows\gdrv.sys [26192 2019-03-03] (Giga-Byte Technology -> Windows ® Server 2003 DDK provider)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [205520 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-05-04] (Martin Malik - REALiX -> REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2017-10-14] (Intel® Rapid Storage Technology -> Intel Corporation)
S3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\DRIVERS\e2xw7x64.sys [134296 2017-05-04] (Rivet Networks LLC -> Qualcomm Atheros, Inc.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-03-03] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [201296 2018-02-21] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42704 2015-06-22] (Paragon Software GmbH -> Paragon Software Group)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3486288 2018-09-26] (Intel Corporation -> Intel Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) [File not signed]
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [420832 2018-02-21] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 tap-pia-0901; C:\Windows\System32\DRIVERS\tap-pia-0901.sys [29416 2018-08-27] (WDKTestCert kim,131775960494491927 -> The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2017-05-04] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 btmhsf; system32\DRIVERS\btmhsf.sys [X]
S3 ibtusb; system32\DRIVERS\ibtusb.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-03 15:33 - 2019-03-03 15:34 - 000000000 ____D C:\FRST
2019-03-03 14:54 - 2019-03-03 14:54 - 000000000 ____D C:\Users\SkyNet 002\Desktop\Internet Download Manager 6.32 Build 6
2019-03-03 14:35 - 2019-02-12 00:02 - 011957045 _____ (lrepacks.ru ) C:\Users\SkyNet 002\Desktop\Internet Download Manager 6.32.6.exe
2019-03-03 14:23 - 2019-03-03 14:32 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2019-03-03 14:20 - 2019-03-03 14:20 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-03-01 15:19 - 2019-03-01 17:58 - 000001261 _____ C:\Users\SkyNet 002\Desktop\Croft Holster.txt
2019-03-01 12:02 - 2019-03-01 12:02 - 955249657 _____ C:\Windows\MEMORY.DMP
2019-03-01 12:02 - 2019-03-01 12:02 - 000262144 _____ C:\Windows\Minidump\030119-5740-01.dmp
2019-02-28 16:18 - 2019-03-01 13:01 - 000000000 ____D C:\Users\SkyNet 002\Documents\adnauseam.chromium
2019-02-21 17:11 - 2019-02-21 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-02-21 09:41 - 2019-02-21 09:41 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2019-02-21 09:41 - 2019-02-21 09:41 - 000000000 ____D C:\Users\SkyNet 002\AppData\Local\Private Internet Access
2019-02-21 09:41 - 2019-02-21 09:41 - 000000000 ____D C:\Program Files\Private Internet Access
2019-02-21 09:41 - 2018-08-27 11:29 - 000029416 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap-pia-0901.sys
2019-02-19 16:19 - 2019-02-19 16:19 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-02-19 16:19 - 2019-02-19 16:19 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-02-19 16:19 - 2019-02-19 16:19 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-02-19 16:19 - 2019-02-19 16:19 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-02-16 14:02 - 2019-02-16 14:02 - 000000000 ____D C:\Users\SkyNet 002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
2019-02-06 10:23 - 2019-02-06 10:45 - 000000000 ____D C:\Users\SkyNet 002\Documents\Windows Operating System Files
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-03 15:34 - 2016-09-12 13:44 - 000000000 ____D C:\Incoming
2019-03-03 15:33 - 2018-02-13 16:45 - 000000000 _____ C:\Windows\FileLock.bin
2019-03-03 15:30 - 2017-10-14 16:29 - 000000000 ____D C:\Users\SkyNet 002\AppData\Roaming\brave
2019-03-03 15:30 - 2017-05-05 15:26 - 000000000 ____D C:\Users\SkyNet 002\AppData\Roaming\tixati
2019-03-03 15:30 - 2017-05-02 09:48 - 000000000 ____D C:\Users\SkyNet 002
2019-03-03 15:02 - 2009-07-13 21:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-03-03 15:02 - 2009-07-13 21:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-03-03 14:50 - 2017-05-03 15:09 - 000000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-03 14:50 - 2017-05-03 15:09 - 000000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-03 14:26 - 2009-07-13 22:13 - 000783606 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-03 14:26 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf
2019-03-03 14:22 - 2017-05-02 13:08 - 000000000 __SHD C:\Users\SkyNet 002\IntelGraphicsProfiles
2019-03-03 14:22 - 2017-05-02 10:47 - 000026192 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2019-03-03 14:20 - 2017-05-23 18:50 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-03 14:20 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-03 13:34 - 2018-06-04 10:26 - 000000000 ____D C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser
2019-03-02 20:29 - 2009-07-13 21:45 - 005147888 _____ C:\Windows\system32\FNTCACHE.DAT
2019-03-01 17:05 - 2017-05-02 10:29 - 000129240 _____ C:\Users\SkyNet 002\AppData\Local\GDIPFONTCACHEV1.DAT
2019-03-01 13:51 - 2017-05-03 15:14 - 000000000 ___RD C:\Users\SkyNet 002\Dropbox
2019-03-01 13:01 - 2018-02-07 04:16 - 000000000 ____D C:\Users\SkyNet 002\AppData\Roaming\BleachBit
2019-03-01 13:01 - 2017-08-04 17:53 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2019-03-01 13:01 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\registration
2019-03-01 13:01 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\AppCompat
2019-03-01 12:35 - 2018-12-29 10:15 - 000002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-03-01 12:02 - 2017-07-18 10:33 - 000000000 ____D C:\Windows\Minidump
2019-02-27 14:34 - 2019-01-07 16:44 - 000000000 ____D C:\Users\SkyNet 002\Documents\CO4A Files
2019-02-27 14:14 - 2018-12-14 10:17 - 000000000 ____D C:\Users\SkyNet 002\Documents\CO4A Pdfs
2019-02-25 09:59 - 2017-05-12 10:57 - 000000000 ____D C:\Users\SkyNet 002\AppData\Local\CrashDumps
2019-02-22 11:01 - 2017-05-12 10:56 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 17:11 - 2017-05-03 15:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-02-21 16:30 - 2017-05-03 11:49 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-02-16 14:02 - 2018-02-07 04:16 - 000000000 ____D C:\Program Files (x86)\BleachBit
2019-02-14 13:37 - 2017-05-12 10:56 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-02-13 14:45 - 2017-05-03 15:09 - 000003912 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-13 14:45 - 2017-05-03 15:09 - 000003660 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2019-02-13 13:18 - 2019-01-12 14:37 - 000000000 ____D C:\Users\SkyNet 002\Documents\Vehicle Logs
2019-02-12 13:57 - 2017-05-03 15:02 - 000000000 ____D C:\Users\SkyNet 002\AppData\Roaming\Adobe
2019-02-12 09:25 - 2017-05-04 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2019-02-12 09:25 - 2017-05-04 14:29 - 000000000 ____D C:\Program Files (x86)\TagScanner
2019-02-06 09:59 - 2017-08-21 18:27 - 000014848 _____ C:\Users\SkyNet 002\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2017-08-02 14:14 - 2018-01-20 18:31 - 000001456 _____ () C:\Users\SkyNet 002\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-21 18:27 - 2019-02-06 09:59 - 000014848 _____ () C:\Users\SkyNet 002\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-05-02 10:27 - 2017-05-02 10:27 - 000000000 _____ () C:\Users\SkyNet 002\AppData\Local\Driver_LOM_8161Present.flag
2019-01-13 13:19 - 2019-01-13 13:19 - 000004096 ____H () C:\Users\SkyNet 002\AppData\Local\keyfile3.drm
2018-10-26 15:33 - 2018-10-26 15:33 - 000000000 _____ () C:\Users\SkyNet 002\AppData\Local\oobelibMkey.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2019-02-22 11:11
 
==================== End of FRST.txt ============================
 
 
 
 
Second Log:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by SkyNet 002 (03-03-2019 15:34:47)
Running from C:\Incoming
Windows 7 Ultimate Service Pack 1 (X64) (2017-05-02 16:48:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3459869835-1368644105-640081114-500 - Administrator - Disabled)
Guest (S-1-5-21-3459869835-1368644105-640081114-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3459869835-1368644105-640081114-1002 - Limited - Enabled)
SkyNet 002 (S-1-5-21-3459869835-1368644105-640081114-1000 - Administrator - Enabled) => C:\Users\SkyNet 002
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS B15.0630.1 (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE) Hidden
@BIOS B15.0630.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 3.00.0000 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 30 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (32 Bit) (HKLM-x32\...\{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.33 - NVIDIA Corporation) Hidden
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0712 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0712 - Gigabyte)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BleachBit (HKLM-x32\...\BleachBit) (Version: 2.0 - BleachBit)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 72.0.60.47 - Brave Software Inc)
Brave (HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Brave) (Version: 0.25.304 - Brave Software)
Bridge Commander MW (HKLM-x32\...\{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision) Hidden
Bridge Commander MW (HKLM-x32\...\InstallShield_{304D46E1-364B-45AB-9170-53E200DB4E85}) (Version: 1.1.0000 - Activision)
BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.14.0819.1 -  GIGABYTE)
Call of Duty Modern Warfare Remastered (HKLM-x32\...\Call of Duty Modern Warfare Remastered_is1) (Version:  - )
Call Of Duty World At War version 1.7.1263.0 (HKLM-x32\...\Call Of Duty World At War_is1) (Version: 1.7.1263.0 - Mr DJ)
Cloud Station Server (HKLM-x32\...\{41B20CB6-32EE-468B-982C-4864E2135BD0}) (Version: 1.00.1507.2901 - GIGABYTE) Hidden
Cloud Station Server (HKLM-x32\...\InstallShield_{41B20CB6-32EE-468B-982C-4864E2135BD0}) (Version: 1.00.1507.2901 - GIGABYTE)
CloudStation (HKLM-x32\...\{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0018 - GIGABYTE) Hidden
CloudStation (HKLM-x32\...\InstallShield_{6D8DA122-A40A-421B-9D95-FE4C806BCDBE}) (Version: 1.00.0018 - GIGABYTE)
Crysis (HKLM-x32\...\1809223221_is1) (Version: 2.0.0.7 - GOG.com)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 67.4.83 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
DxO OpticsPro 10 (HKLM\...\{2E080E23-CE87-477B-8AD6-08F0D40B0047}) (Version: 10.5.3 - DxO)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: 1.3.0 - Релиз от R.G. Steamgames)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.0626 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.15.0626 - GIGABYTE)
Epic Privacy Browser (HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Epic Privacy Browser) (Version: 71.0.3578.98 - Epic)
ESET NOD32 Antivirus (HKLM\...\{1B473FF0-3F56-47A9-BAA1-91EAF871FD29}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
EZSetup B15.0811.1 (HKLM-x32\...\{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE) Hidden
EZSetup B15.0811.1 (HKLM-x32\...\InstallShield_{9EAB60B6-70FE-4EC7-8DF4-54773E4EAC05}) (Version: 1.00.0000 - GIGABYTE)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Far Cry 3 (HKLM-x32\...\Far Cry 3_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Far Cry 4 version 1.10.0.0 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.10.0.0 - Mr DJ)
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.15.0626 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.15.0626 - GIGABYTE)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
GameCtrl B15.0803.1 (HKLM-x32\...\{6BBE6CF2-84B2-4ECA-9ECA-C56925C1CCE2}) (Version: 1.00.0000 - GIGABYTE) Hidden
GameCtrl B15.0803.1 (HKLM-x32\...\InstallShield_{6BBE6CF2-84B2-4ECA-9ECA-C56925C1CCE2}) (Version: 1.00.0000 - GIGABYTE)
GIGABYTE OC_GURU II (HKLM-x32\...\{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.90.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.90.0000 - GIGABYTE Technology Co.,Ltd.)
GiliSoft File Lock Pro 10.6.0 (HKLM-x32\...\{30AB2FCD-FBF2-4bed-AC6A-13E6A1468621}_is1) (Version: 10.6.0 - GiliSoft International LLC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.119 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Halo 2 for Windows Vista (HKLM-x32\...\Halo 2) (Version:  - Microsoft Game Studios)
Halo Combat Evolved (HKLM-x32\...\Halo Combat Evolved) (Version:  - )
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
IDM Crack 6.25 build 20 (HKLM-x32\...\IDM Crack 6.25 build 20) (Version: build 20 - SandySeedings Team)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1512.771) (HKLM\...\{302600C1-6BDF-4FD1-1501-148929CC1385}) (Version: 17.1.1501.0514 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
K-Lite Mega Codec Pack 13.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.4.5 - KLCP)
Kodi (HKU\S-1-5-21-3459869835-1368644105-640081114-1000\...\Kodi) (Version:  - XBMC-Foundation)
Lexmark MX310 Series Uninstaller (HKLM\...\Lexmark MX310 Series) (Version:  - Lexmark International, Inc.)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.114 - Logitech)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.10.6 (HKLM-x32\...\MakeMKV) (Version: v1.10.6 - GuinpinSoft inc)
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
MKVToolNix 7.8.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.8.0 - Moritz Bunkus)
Monkey for Winamp 2x (remove only) (HKLM-x32\...\vis_monkey.dllWinamp) (Version:  - )
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge 2 B14.0217.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
Paragon HFS+ for Windows™ 10.5 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
Perfect Photo Suite 8 (HKLM-x32\...\{54F3375C-5F19-4DE6-957B-EDE4EFEA5F23}) (Version: 8.0.0 - onOne Software)
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 1.0.2+02363 - London Trust Media, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Resident Evil 0 HD Remaster (HKLM-x32\...\Resident Evil 0 HD Remaster_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Resident Evil 2 (HKLM-x32\...\Resident Evil 2_is1) (Version:  - )
Revo Uninstaller Pro 3.2.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.0 - VS Revo Group, Ltd.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.0701 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.15.0701 - GIGABYTE)
Smart Recovery 2 B15.0812.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0003 - GIGABYTE)
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.1.1611.7) (Version: 6.1.1611.7 - Solveig Multimedia)
Star wars Battlefront II version 1.3 (HKLM-x32\...\{2EF34761-F147-4984-8AF1-BB9F8DA76CDD}_is1) (Version: 1.3 - )
Subtitle Edit 3.4.12 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.4.12.1 - Nikse)
Subtitle Edit 3.5.4 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.4.0 - Nikse)
TagScanner 6.0.33 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
The Forest (HKLM-x32\...\The Forest_is1) (Version:  - )
This War of Mine (HKLM-x32\...\This War of Mine_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Tomb Raider: Underworld 1.1 (HKLM-x32\...\Tomb Raider: Underworld) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VTuner (HKLM-x32\...\{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.15.0626 - GIGABYTE) Hidden
VTuner (HKLM-x32\...\InstallShield_{C381226E-C402-4976-9411-54282F1396D3}) (Version: 1.15.0626 - GIGABYTE)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZAR X (HKLM\...\{85DA9B81-D7F9-4165-8E62-F776B57213F8}_is1) (Version:  - www.z-a-recovery.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1-x32: [Gili FileLock Pro] -> {58264032-9730-4ab3-BEA2-A6CE3EEF6080} => C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell.dll [2016-12-03] () [File not signed]
ContextMenuHandlers1: [Gili soft64] -> {70DB8E3E-05F6-404D-856B-A47C556A53CE} => C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell64.dll [2016-12-03] () [File not signed]
ContextMenuHandlers1: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-22] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] () [File not signed]
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-22] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell1.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [LockHunterShellExt] -> {0BB27CDA-7029-4C0E-9C56-D922B229F0EB} => C:\Program Files\LockHunter\LHShellExt64.dll [2013-11-22] (Crystal Rich Ltd -> Crystal Rich Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] () [File not signed]
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-19] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-11] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-08] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6-x32: [Gili FileLock Pro] -> {58264032-9730-4ab3-BEA2-A6CE3EEF6080} => C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell.dll [2016-12-03] () [File not signed]
ContextMenuHandlers6: [Gili soft64] -> {70DB8E3E-05F6-404D-856B-A47C556A53CE} => C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell64.dll [2016-12-03] () [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] () [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01BD542A-96FA-4744-B0DA-09139B7BA806} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_pepper.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0D152FDC-DBCF-4C85-A152-736A1752D38E} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {27A57803-CC37-40B2-8300-5061A18A700C} - System32\Tasks\OC GURU II Auto Run => C:\Program [Argument = Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe]
Task: {294A7EFB-0FD1-4E1D-805F-58B720263C67} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe (Brave Software, Inc. -> BraveSoftware Inc.) <==== ATTENTION
Task: {3EEB4ED7-C43D-4679-B3A2-4FF163531097} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {64767019-E345-4ABE-9456-363F46FEC584} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {6752C586-28C8-4B08-9EFB-D25E316B6725} - System32\Tasks\{3BC29356-1BE2-44E7-BED4-1232902EF67A} => C:\Windows\system32\pcalua.exe -a C:\Users\SKYNET~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {6BB5BF90-DB1E-47D9-AAD0-784CF56D7859} - System32\Tasks\AdobeGCInvoker-1.0-SkyNet002-PC-SkyNet 002 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {9512A3DF-9308-4212-B2DA-7B67EB6A0583} - System32\Tasks\AdobeAAMUpdater-1.0-SkyNet002-PC-SkyNet 002 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe () [File not signed]
Task: {B151DBC8-360F-4042-970A-E10A865E9D54} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {E8E31507-33F2-4B2D-925F-D0602C0D4F16} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {F125A6E0-8223-4C68-9964-D955D36738EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-04 14:47 - 2011-03-02 15:40 - 000164864 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2018-02-13 16:39 - 2016-12-03 20:15 - 000314368 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell64.dll
2018-02-13 16:39 - 2016-12-03 20:01 - 001183232 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\KernalUI64.dll
2018-02-13 16:39 - 2014-01-07 19:19 - 000110592 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\FLService.exe
2015-04-14 18:27 - 2015-04-14 18:27 - 000016896 _____ () [File not signed] C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2013-08-08 17:30 - 2013-08-08 17:30 - 000343040 _____ (Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
2018-02-13 16:39 - 2015-08-05 20:16 - 000355328 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin64.dll
2017-05-02 10:41 - 2017-05-02 10:41 - 000008704 _____ () [File not signed] C:\Windows\assembly\GAC_64\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll
2017-05-02 10:41 - 2017-05-02 10:41 - 000131072 _____ ( ) [File not signed] C:\Windows\assembly\GAC_MSIL\SHDocVw\1.1.0.0__1b4e890f49261012\SHDocVw.dll
2017-05-04 14:46 - 2007-09-02 16:58 - 000495616 _____ () [File not signed] C:\Program Files (x86)\RocketDock\RocketDock.exe
2018-10-26 11:42 - 2018-10-26 12:03 - 000509096 ____T (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
2017-05-02 10:41 - 2013-03-08 14:28 - 000187392 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files\Gigabyte\SmartRecovery2\RescuePlan.dll
2017-05-02 10:41 - 2014-09-15 19:52 - 000705536 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files\Gigabyte\SmartRecovery2\srpCore.dll
2018-10-26 11:43 - 2019-01-09 09:19 - 001476096 _____ (Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\epic.exe
2018-02-13 16:39 - 2016-06-17 15:11 - 000247296 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\CommonDll.dll
2018-02-13 16:39 - 2016-12-07 13:24 - 000579072 _____ (winfilelock) [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\FileLock.dll
2018-02-13 16:39 - 2011-06-25 01:51 - 000241664 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\DirMon.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2017-07-20 14:31 - 2019-01-29 13:06 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-10-26 12:25 - 2019-01-29 13:07 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2018-10-26 12:25 - 2019-01-29 13:07 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-01-29 13:07 - 2019-01-29 13:06 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-01-29 13:07 - 2019-01-29 13:06 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2017-07-20 14:31 - 2019-01-29 13:07 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-01-29 13:07 - 2019-01-29 13:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-01-29 13:07 - 2019-01-29 13:07 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-29 13:07 - 2019-01-29 13:06 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-29 13:07 - 2019-01-29 13:06 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-01-29 13:07 - 2019-01-29 13:07 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-01-29 13:07 - 2019-01-29 13:06 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-01-29 13:07 - 2019-01-29 13:07 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2017-05-04 14:46 - 2007-09-02 16:57 - 000069632 _____ () [File not signed] C:\Program Files (x86)\RocketDock\RocketDock.dll
2017-05-04 14:47 - 2011-03-02 15:40 - 000140288 _____ () [File not signed] C:\Program Files\WinRAR\rarext32.dll
2018-02-13 16:39 - 2016-12-03 19:05 - 000057344 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\GiliFileShell.dll
2018-02-13 16:39 - 2016-12-03 20:00 - 000950272 _____ () [File not signed] C:\Program Files (x86)\GiliSoft\File Lock Pro\KernalUI.dll
2018-10-26 11:42 - 2018-10-26 12:03 - 004748456 ____T (Google Inc (TEST) -> Epic Privacy Browser) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\goopdate.dll
2018-12-17 13:17 - 2013-07-11 04:22 - 000217088 _____ () [File not signed] C:\Program Files (x86)\Lexmark\ErrorApp\lmab1err.dll
2018-12-17 13:17 - 2013-07-11 23:44 - 000335872 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Lexmark\ErrorApp\NpaParser.dll
2018-12-17 13:17 - 2013-07-31 00:21 - 000598016 _____ ( ) [File not signed] C:\Program Files (x86)\Lexmark\ErrorApp\lm__ac.dll
2017-05-02 10:35 - 2015-02-16 23:53 - 000074240 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2015-04-14 17:05 - 2015-04-14 17:05 - 001974272 _____ () [File not signed] C:\Program Files (x86)\Gigabyte\SIV\MFCCPU.dll
2015-02-16 13:47 - 2015-02-16 13:47 - 000105472 _____ () [File not signed] C:\Program Files (x86)\Gigabyte\SIV\ycc.dll
2015-06-23 19:00 - 2015-06-23 19:00 - 000285696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2015-06-23 19:00 - 2015-06-23 19:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2019-01-10 15:09 - 2019-01-09 09:19 - 000479232 _____ (Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\71.0.3578.98\chrome_elf.dll
2019-01-10 15:09 - 2019-01-09 09:19 - 047533568 _____ (Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\71.0.3578.98\chrome.dll
2019-01-10 15:09 - 2019-01-09 09:19 - 066022912 _____ (Hidden Reflex Authors) [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\71.0.3578.98\chrome_child.dll
2019-01-10 15:09 - 2019-01-09 09:19 - 002252800 _____ () [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\71.0.3578.98\swiftshader\libglesv2.dll
2019-01-10 15:09 - 2019-01-09 09:19 - 000117248 _____ () [File not signed] C:\Users\SkyNet 002\AppData\Local\Epic Privacy Browser\Application\71.0.3578.98\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-08-18 00:40 - 2018-02-13 16:41 - 000001255 _____ C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com                                                                       127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com                                                          
127.0.0.1 activate.adobe.com
127.0.0.1  gilisoft.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;c:\programdata\oracle\java\javapath;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3459869835-1368644105-640081114-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: GCloud => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk => C:\Windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeGCInvoker-1.0 => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Gili File Lock Helper => "C:\Program Files (x86)\GiliSoft\File Lock Pro\WinFLockerHelp.exe" CheckLockedFolder
MSCONFIG\startupreg: HFS Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.5\activation\hfsactivator.exe /autostart
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D5A19639-3738-425C-829B-026B0941815B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0470102E-6335-4024-B83A-F1673ED03FD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D80853C3-C2FC-4E7E-B769-DD42A31F567D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{682F0AE3-C263-4B08-A80F-88321F5C3B80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D624683-362F-4394-A6C9-0441FCCD98C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27295786-A4ED-45CD-93E4-D3360A1848FE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12B92DD6-EEA5-4AFB-95B4-C77CD811B5A9}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.5\apmwinsrv.exe No File
FirewallRules: [{E3867745-B820-45A9-AE1C-9953E12D2411}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.5\mounthfs.exe No File
FirewallRules: [{CEBC2FFD-7442-4A2A-9693-1AF59FCDBEC6}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.5\apmwinsrv.exe No File
FirewallRules: [{FD53E10C-CBD6-4655-A9D2-2911FA723BAB}] => (Block) %ProgramFiles% (x86)\Paragon Software\HFS+ for Windows  10.5\mounthfs.exe No File
FirewallRules: [TCP Query User{9B0B7403-B199-4503-989B-7600D69250B2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{1D05E73D-4E49-4F9C-A2E2-2C1866BE8BF9}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{778904CE-6285-4AD0-AD0D-66C6BD8B8BE8}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC 2014 (32 Bit)\Photoshop.exe No File
FirewallRules: [{CBFCF3E3-D796-4481-9D27-B61643A11411}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC 2014 (32 Bit)\Photoshop.exe No File
FirewallRules: [{942F0C47-1719-4451-8BA5-E24D8E1D7782}] => (Block) LPort=445
FirewallRules: [{1CC03A27-40D9-4E27-A6A1-087554E66EF8}] => (Block) LPort=445
FirewallRules: [{B115249B-6586-4C50-8345-062DA18D87BD}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\HomeCloud\HCLOUD.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
FirewallRules: [{F8387977-E16A-4C45-BC4A-C79E6E223973}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\RemoteOC\ubssrv_oc_only.exe () [File not signed]
FirewallRules: [{1F139FDB-12BD-4879-91C3-FA90F8A7F7CF}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation\RemoteControl\grckm.exe () [File not signed]
FirewallRules: [{71C415F8-C6B2-4437-A4D3-2539A50A64D0}] => (Allow) LPort=1980
FirewallRules: [{0FDB61BF-84F2-4C3D-8C09-C92DD7D8E951}] => (Allow) LPort=1900
FirewallRules: [{CFF38DA6-405C-41F1-BF24-6CF5D97FC314}] => (Allow) LPort=1900
FirewallRules: [{AEF6FC84-46A5-44C6-B087-A9EE64941D36}] => (Allow) LPort=8138
FirewallRules: [{DBFFA307-7614-4DA8-AEFB-F40D87BDA115}] => (Block) %ProgramFiles%\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe No File
FirewallRules: [TCP Query User{1C427FE4-7A24-4E13-A7F1-403C1BDB2582}X:\game installation directory\call of duty black ops\blackops.exe] => (Block) X:\game installation directory\call of duty black ops\blackops.exe (Valve Corporation -> ) [File not signed]
FirewallRules: [UDP Query User{90D4D20A-D13C-4039-8CD3-DAEA4A2DC476}X:\game installation directory\call of duty black ops\blackops.exe] => (Block) X:\game installation directory\call of duty black ops\blackops.exe (Valve Corporation -> ) [File not signed]
FirewallRules: [TCP Query User{6B8325A0-4442-4334-BCBA-DE62DD1C4277}X:\game installation directory\driver - san francisco\driver.exe] => (Block) X:\game installation directory\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [UDP Query User{B54BB744-3677-4AD9-93F6-5EB9A4E2ADE2}X:\game installation directory\driver - san francisco\driver.exe] => (Block) X:\game installation directory\driver - san francisco\driver.exe (Ubisoft Entertainment -> )
FirewallRules: [{1541E25E-AA67-4597-958E-2052D00ED037}] => (Allow) X:\Game Installation Directory\Halo 2\halo2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BC4C15F-D92F-499B-B2E1-C4CE3F147A22}] => (Allow) X:\Game Installation Directory\Halo 2\halo2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F827F28C-F922-480D-A79D-0F6C9C6F0590}X:\game installation directory\battlefield 1\bf1.exe] => (Allow) X:\game installation directory\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [UDP Query User{32061653-C95C-4467-AD3D-5D30F8D93D7A}X:\game installation directory\battlefield 1\bf1.exe] => (Allow) X:\game installation directory\battlefield 1\bf1.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{7ECD47BF-2B57-4460-B930-7156BFE0A11A}X:\game installation directory\halo spartan assault\halospartanassault.exe] => (Allow) X:\game installation directory\halo spartan assault\halospartanassault.exe No File
FirewallRules: [UDP Query User{1CF6C81A-653B-4FD4-AB0E-C42F706854E8}X:\game installation directory\halo spartan assault\halospartanassault.exe] => (Allow) X:\game installation directory\halo spartan assault\halospartanassault.exe No File
FirewallRules: [TCP Query User{E79C1F0F-2566-4862-96F7-2D5E785E8BA0}X:\game installation directory\far cry 3\bin\farcry3_d3d11.exe] => (Allow) X:\game installation directory\far cry 3\bin\farcry3_d3d11.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{6EDF71AC-44F1-49AD-B8CB-858285741F2D}X:\game installation directory\far cry 3\bin\farcry3_d3d11.exe] => (Allow) X:\game installation directory\far cry 3\bin\farcry3_d3d11.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{6A86E580-20C3-46A2-AB0C-A1A7E0ECF67E}X:\game installation directory\far cry 3\bin\farcry3.exe] => (Allow) X:\game installation directory\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{CBAEE0C1-4E29-4C33-B316-66B7E1BFE6BF}X:\game installation directory\far cry 3\bin\farcry3.exe] => (Allow) X:\game installation directory\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{2B96056A-74A6-4FFB-B10C-96F1DF206013}] => (Block) X:\game installation directory\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{40C75AA5-B06D-49FE-8ED4-8405C48D0D7C}] => (Block) X:\game installation directory\far cry 3\bin\farcry3.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{42E865FD-1242-425F-8F4E-4623EDDD26A6}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe No File
FirewallRules: [{9CDC892F-6D95-40D7-9F48-BD10BFFF1852}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMMVSplitter_Business.exe No File
FirewallRules: [{454F524E-F4A9-484E-A2BB-125F87DBFC92}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe No File
FirewallRules: [{5ABB97F7-B40C-4D7A-A0AB-F165AC9ED3DC}] => (Block) %ProgramFiles% (x86)\Solveig Multimedia\SolveigMM Video Splitter Business Edition\SMM_BatchSplit.exe No File
FirewallRules: [TCP Query User{C46AC873-E519-4ACF-9C9F-35B31AE15489}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{854CF8AF-1951-4AB3-A124-249EC8E0E35E}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{AF1DA87A-4D73-4B61-AAFE-68A0559EE3F2}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe No File
FirewallRules: [{A8D1E618-642F-4924-A400-7FECFF93CBC4}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CC 2015\Adobe Premiere Pro.exe No File
FirewallRules: [{E03FCA9F-85A4-44D6-BDD5-D6BB18C12F2A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{B89D5A51-C218-4495-8D41-3A0689804FA7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{A93D692E-CF5F-4D0C-91C6-8AA8FA332C13}] => (Block) %ProgramFiles%\onOne Software\Perfect Photo Suite 8\Perfect Photo Suite 8.exe No File
FirewallRules: [{4382D6D6-0C0D-4989-96E2-D55BD823D5C5}] => (Block) %ProgramFiles%\onOne Software\Perfect Photo Suite 8\License Manager.exe No File
FirewallRules: [{18622E39-FE37-46D9-87D1-6D8E4FC6A234}] => (Block) %ProgramFiles%\onOne Software\Perfect Photo Suite 8\License Manager.exe No File
FirewallRules: [{6D8302BC-6010-4052-97F5-B701690BA88B}] => (Block) %ProgramFiles%\onOne Software\Perfect Photo Suite 8\License Manager.exe No File
FirewallRules: [{AB1EBD91-5ED2-4676-8A97-65EA97472763}] => (Allow) X:\Far Cry 4\bin\FarCry4.exe No File
FirewallRules: [{DA62B4E0-0FDD-4C59-A26B-D528EE109FEF}] => (Allow) X:\Far Cry 4\bin\FarCry4.exe No File
FirewallRules: [TCP Query User{9D80305D-185E-431A-BE60-74B1F8D64137}X:\game installation directory\far cry 4\bin\farcry4.exe] => (Block) X:\game installation directory\far cry 4\bin\farcry4.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{91ABEE4E-0890-4B51-AE13-4CA2A8C0173C}X:\game installation directory\far cry 4\bin\farcry4.exe] => (Block) X:\game installation directory\far cry 4\bin\farcry4.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [TCP Query User{8F5A1ED7-C5D4-4EB9-BC5F-DD73C77F86B6}X:\game installation directory\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) X:\game installation directory\call of duty modern warfare remastered\h1_sp64_ship.exe (Activision Publishing -> Activision) [File not signed]
FirewallRules: [UDP Query User{E0BE0C39-4675-4B59-8FD3-F93770548520}X:\game installation directory\call of duty modern warfare remastered\h1_sp64_ship.exe] => (Allow) X:\game installation directory\call of duty modern warfare remastered\h1_sp64_ship.exe (Activision Publishing -> Activision) [File not signed]
FirewallRules: [TCP Query User{00D4734B-D386-45BE-AB19-CD95B781DC9B}C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe] => (Allow) C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe No File
FirewallRules: [UDP Query User{E0E3FE18-D1C7-4228-970E-B6E49B9882E6}C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe] => (Allow) C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe No File
FirewallRules: [{4FD6FDE5-4218-48CE-AFAD-52BD8CC6E3CF}] => (Block) C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe No File
FirewallRules: [{F3313C21-E15A-4D1C-897A-56FF2824D528}] => (Block) C:\users\skynet 002\appdata\local\brave\app-0.19.105\brave.exe No File
FirewallRules: [TCP Query User{0C8971E4-D392-440B-AC81-29ACD0297371}X:\game installation directory\far cry 4\bin\farcry4.exe] => (Block) X:\game installation directory\far cry 4\bin\farcry4.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [UDP Query User{099A7653-351F-4B47-B6C5-AA57AD10E71A}X:\game installation directory\far cry 4\bin\farcry4.exe] => (Block) X:\game installation directory\far cry 4\bin\farcry4.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft Entertainment)
FirewallRules: [{0C1F49DF-24CA-44F3-A5C3-14DABD1B6089}] => (Block) %ProgramFiles%\DxO Labs\DxO OpticsPro 10\Dop.ApplicationUpdate.RegistryUpdate.exe No File
FirewallRules: [{B16D251B-9747-4B9B-A0C4-ABEB9758A060}] => (Block) %ProgramFiles%\DxO Labs\DxO OpticsPro 10\DXOOpticsPro.exe No File
FirewallRules: [{1DE30AFA-B7EE-4314-BC06-4B232DDF0964}] => (Block) %ProgramFiles%\DxO Labs\DxO OpticsPro 10\DXOOpticsPro.exe No File
FirewallRules: [{29085A5C-50BC-4979-AC2C-21C688C39D34}] => (Block) %ProgramFiles%\DxO Labs\DxO OpticsPro 10\Dop.ApplicationUpdate.RegistryUpdate.exe No File
FirewallRules: [TCP Query User{6721CDCE-BF16-46E7-BDCF-ADA2CB75A118}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{0B70C541-285D-4087-9C00-C1C78948CAE5}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{FE62F015-CC81-4516-8A0B-A3F76C107FE3}] => (Allow) X:\Game Installation Directory\Call of Duty World at War\CoDWaW.exe (Activision Publishing -> Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{A3089DFD-469C-486F-9CE2-96AEF24206CE}] => (Allow) X:\Game Installation Directory\Call of Duty World at War\CoDWaW.exe (Activision Publishing -> Activision Blizzard, Inc.) [File not signed]
FirewallRules: [{D9F7EC7A-9F9A-499C-9B37-8EA06207565A}] => (Allow) C:\Users\SkyNet 002\AppData\Local\Temp\XP-430\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{0F286EBF-9508-4941-A11C-CFE8F7A2A427}] => (Allow) C:\Users\SkyNet 002\AppData\Local\Temp\XP-430\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{592C06A0-6186-4914-9D8D-7C8DEB0BBAE1}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe (Lexmark International, Inc. ->  )
FirewallRules: [{263AF55B-698C-4C35-AE24-49685474A147}] => (Allow) C:\Program Files\Lexmark\Status Center\lmsmc.exe (Lexmark International, Inc. ->  )
FirewallRules: [{EBEF898C-9722-46FE-8D1B-0B04BCD8CAA0}] => (Allow) C:\Program Files (x86)\Lexmark MX310 Series\LMADVlscn.exe (Lexmark International, Inc. -> )
FirewallRules: [{5A1BD3F7-691A-4D6C-AB0A-FD1756AB13D4}] => (Allow) C:\Program Files (x86)\Lexmark MX310 Series\LMADVlscn.exe (Lexmark International, Inc. -> )
FirewallRules: [{65F8D7D8-30F9-44DE-B128-38B7F14E247A}] => (Allow) C:\Program Files (x86)\Lexmark MX310 Series\LMabscw.dll () [File not signed]
FirewallRules: [{42D4A642-BC75-4353-8550-98491004E59E}] => (Allow) C:\Program Files (x86)\Lexmark MX310 Series\LMabscw.dll () [File not signed]
FirewallRules: [{DFAEED07-86A0-4901-8136-7DB59DB04FBE}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwds.ds () [File not signed]
FirewallRules: [{2343D736-D3FB-404E-A29B-E3B648BAA5E5}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwds.ds () [File not signed]
FirewallRules: [{35835624-D53D-4995-BCAC-02287E4ADE52}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwpro.dll () [File not signed]
FirewallRules: [{5F8F7F51-B081-4382-9618-753105E261E8}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwpro.dll () [File not signed]
FirewallRules: [{81011535-797F-4559-9E37-2CD255C5E1A0}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwui.dll () [File not signed]
FirewallRules: [{2E1B43F9-5C81-4E85-8666-0EEDCEB65921}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabtwui.dll () [File not signed]
FirewallRules: [{50DF2EC7-4A81-4133-A944-5D08E72ACE67}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabdrs.dll (Microsoft Windows Hardware Compatibility Publisher -> )
FirewallRules: [{A8F5DEC6-95A4-426B-8F2B-AB4D56AA4F74}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\LMabdrs.dll (Microsoft Windows Hardware Compatibility Publisher -> )
FirewallRules: [{F2774BB5-79E0-4BCA-8F98-4654B7A87926}] => (Allow) D:\Install\x64\InstallGui.exe No File
FirewallRules: [{3E137C4B-C65A-48E2-B5E5-2CAEAD174581}] => (Allow) D:\Install\x64\InstallGui.exe No File
FirewallRules: [{94DE7FC5-0781-4899-AA38-16003CDE0DA2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{4BA9236B-2553-4781-98F2-F9ED459187CA}C:\users\skynet 002\appdata\local\epic privacy browser\application\epic.exe] => (Block) C:\users\skynet 002\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [UDP Query User{E8373312-0305-4AA8-A5FB-A8E04F5855EC}C:\users\skynet 002\appdata\local\epic privacy browser\application\epic.exe] => (Block) C:\users\skynet 002\appdata\local\epic privacy browser\application\epic.exe (Hidden Reflex Authors) [File not signed]
FirewallRules: [{655E754A-B541-47F3-A6AC-292F08155112}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{5971CB2D-973A-405A-B818-47FED1BF54BB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E90EAF4D-310D-46A0-8057-8BA961398A33}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
 
==================== Restore Points =========================
 
24-02-2019 03:05:28 Windows Update
03-03-2019 14:19:01 Revo Uninstaller Pro's restore point - Internet Download Manager
03-03-2019 14:31:52 Revo Uninstaller Pro's restore point - Internet Download Manager
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2019 02:31:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {315e9323-16f4-465d-a038-52634d348def}
 
Error: (03/03/2019 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/03/2019 02:19:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {61fa0298-e86c-4168-ae48-c762204279c5}
 
Error: (03/03/2019 01:31:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/02/2019 08:29:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/01/2019 07:56:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.0.704, time stamp: 0x5b9acf90
Faulting module name: ntdll.dll, version: 6.1.7601.24000, time stamp: 0x5a499ad2
Exception code: 0xc0000005
Fault offset: 0x0000000000032964
Faulting process id: 0x994
Faulting application start time: 0x01d4d06145526252
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c6bb7a81-3c96-11e9-bf4e-7c5cf8c67f09
 
Error: (03/01/2019 12:02:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (03/01/2019 11:02:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9b0
 
Start Time: 01d4d04d71927dfe
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 090b86ed-3c4c-11e9-a199-7c5cf8c67f09
 
 
System errors:
=============
Error: (03/03/2019 02:22:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (03/03/2019 02:22:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Private Internet Access Service service hung on starting.
 
Error: (03/03/2019 02:20:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Core Storage Volumes Driver service failed to start due to the following error: 
A device attached to the system is not functioning.
 
Error: (03/03/2019 02:20:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/03/2019 01:33:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger
 
Error: (03/03/2019 01:33:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Private Internet Access Service service hung on starting.
 
Error: (03/03/2019 01:31:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Core Storage Volumes Driver service failed to start due to the following error: 
A device attached to the system is not functioning.
 
Error: (03/03/2019 01:31:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Windows Defender:
===================================
Date: 2019-03-01 12:05:35.763
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
Date: 2019-02-28 15:42:29.517
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0
 
CodeIntegrity:
===================================
 
Date: 2017-05-15 13:08:29.102
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-15 13:08:29.102
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-14 13:28:22.941
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-14 13:28:22.940
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-14 13:26:35.364
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-14 13:26:35.363
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-12 11:54:26.300
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2017-05-12 11:54:26.299
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 39%
Total physical RAM: 16235.35 MB
Available physical RAM: 9868.89 MB
Total Virtual: 32468.87 MB
Available Virtual: 25628.94 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.42 GB) (Free:186.42 GB) NTFS
Drive j: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive x: (Gemini) (Fixed) (Total:1862.89 GB) (Free:489.06 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 98CF5525)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#6
Gary R

Gary R

    Trusted Helper

  • Malware Removal
  • 445 posts

May I bring your attention to the forum rules for G2G ...

http://www.geekstogo...tion=boardrules

We will NOT help anyone we suspect of having obtained their software or services illegally.


There are clear indications in your FRST logs that you are using illegal software, so I'm afraid that until that illegal software is removed I cannot help you further.

This topic will now be closed.

If you wish to be helped further, then you need to remove your illegal software, then start a new help topic, and wait for a new helper.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Windows 7, blue screen, shutdown, virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP