SpaciousName Posted February 16, 2017 ID:1102208 Share Posted February 16, 2017 Hi, today i woke up and saw that my SONY Playstation account login details had been changed. I managed to get them back to what they were previously and set up 2-Step Authentification on the account, but while i was setting up the 2-step authentification my account was activated on another PS4 once again. I'm worried about this because the only way someone could have gotten my new password is if they had access to my PC, which is where i changed it. I tried scanning with malwarebytes and webroot but nothing came up, and i'm currently running a scan with ESET online scanner. I did download a program recently from a domain that was listed as 'not secure', but it's a fairly reputable program so i wasn't too worried about it at the time. I'm at a bit of a loss with what to do now but any help would be appreciated Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2017 ID:1102262 Share Posted February 16, 2017 Hello SpaciousName and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs... Thank you, Kevin.. Link to post Share on other sites More sharing options...
SpaciousName Posted February 16, 2017 Author ID:1102356 Share Posted February 16, 2017 5 hours ago, kevinf80 said: Hello SpaciousName and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs... Thank you, Kevin.. hi Kevin, thanks for the reply. I changed the download path and ran the tool as you said. here are the logs that came with the scan: Spoiler Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02 Ran by David (administrator) on DAVID-PC (16-02-2017 22:30:06) Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-06-03] (Webroot) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.) HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\MountPoints2: {63c8786b-7256-11e5-b532-fcaa14b159d5} - E:\SetupWi-Fi.exe HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot) ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] () CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{786E3148-8588-4260-9790-65EB2BEEC91F}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B2CCDEB8-F262-47C0-8D0B-8C53495654DE}: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-03-10] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-28] (Webroot) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-03-10] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-28] (Webroot) BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation) Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-28] (Webroot) Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-28] (Webroot) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2015-03-10] () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2015-03-10] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems) Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll => No File CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2017-02-16] CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-15] CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-15] CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-09] CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-15] CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Webroot Filtering Extension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-01-26] CHR Extension: (Webroot Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-02-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-15] CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-05-04] (Adobe Systems) [File not signed] S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed] S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-16] (BitRaider, LLC) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2016-12-21] (EasyAntiCheat Ltd) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation) S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-03-18] (RaMMicHaeL) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-06-03] (Webroot) S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X] S2 RalinkRegistryWriter64; "C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe" [X] S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] () S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-09-16] (BitRaider) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation ) S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] () R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2016-09-17] (Windows (R) Win 7 DDK provider) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-17] (Webroot) S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-10] (Webroot) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 netr28ux; system32\DRIVERS\netr28ux.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-16 22:30 - 2017-02-16 22:30 - 00018667 _____ C:\Users\David\Desktop\FRST.txt 2017-02-16 22:29 - 2017-02-16 22:30 - 00000000 ____D C:\FRST 2017-02-16 22:26 - 2017-02-16 22:26 - 02422272 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe 2017-02-15 21:51 - 2017-02-15 22:05 - 00000000 ____D C:\Users\David\Documents\unpacked 2017-02-15 21:24 - 2017-02-15 21:24 - 00000000 ____D C:\Users\David\AppData\Local\Nem's Tools 2017-02-09 22:41 - 2017-02-09 22:41 - 01615343 _____ C:\Users\David\Documents\american politics.psd 2017-02-09 21:53 - 2017-02-14 19:30 - 03204887 _____ C:\Users\David\Documents\junior cert doctor no poster mockup.psd 2017-02-09 13:22 - 2017-02-15 21:53 - 00000000 ____D C:\Users\David\Documents\decompiled 2017-02-05 22:04 - 2017-02-06 13:42 - 00046313 _____ C:\Users\David\Documents\too many heavies tf2.hfp 2017-02-04 20:06 - 2017-02-04 20:38 - 00000006 _____ C:\Users\David\Desktop\New Text Document.txt 2017-02-03 19:17 - 2017-02-03 19:17 - 05375635 _____ C:\Users\David\Documents\SFM SPIES.psd 2017-01-31 17:17 - 2017-01-31 17:17 - 04067128 _____ (Jagex Ltd ) C:\Users\David\Downloads\RuneScape-Setup.exe 2017-01-29 16:53 - 2017-01-29 17:09 - 00943197 _____ C:\Users\David\Documents\sgt peppers.ses 2017-01-29 16:28 - 2017-01-29 16:34 - 00000000 ____D C:\Users\David\Documents\stems 2017-01-29 16:22 - 2017-02-13 23:24 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity 2017-01-29 16:22 - 2017-01-29 16:22 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2017-01-29 16:22 - 2017-01-29 16:22 - 00001007 _____ C:\Users\Public\Desktop\Audacity.lnk 2017-01-29 16:22 - 2017-01-29 16:22 - 00000000 ____D C:\Users\David\AppData\Local\Audacity 2017-01-29 16:22 - 2017-01-29 16:22 - 00000000 ____D C:\Program Files (x86)\Audacity 2017-01-29 16:21 - 2017-01-29 16:21 - 26496761 _____ (Audacity Team ) C:\Users\David\Downloads\audacity-win-2.1.2.exe 2017-01-29 16:18 - 2017-01-29 16:18 - 79804397 _____ C:\Users\David\Downloads\The Beatles - Sgt. Pepper's Lonely Hearts Club Band.mogg 2017-01-29 15:19 - 2017-01-29 15:19 - 01974953 _____ C:\Users\David\AppData\Local\recently-used.xbel 2017-01-29 14:41 - 2017-01-29 15:14 - 00007397 _____ C:\Users\David\Documents\dragonfire shield render.hfp 2017-01-28 22:50 - 2017-01-28 22:50 - 00024359 _____ C:\Users\David\Documents\tf2 micsnobs hightower.hfp 2017-01-28 18:05 - 2017-01-28 19:05 - 01273868 _____ C:\Users\David\Documents\dragonfire shield6.blend 2017-01-28 18:05 - 2017-01-28 18:17 - 00488868 _____ C:\Users\David\Documents\dragonfire shield6.blend1 2017-01-28 00:43 - 2017-01-28 19:04 - 00488924 _____ C:\Users\David\Documents\dragonfire shield5.blend 2017-01-28 00:43 - 2017-01-28 01:32 - 00492932 _____ C:\Users\David\Documents\dragonfire shield5.blend1 2017-01-27 23:54 - 2017-01-20 18:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2017-01-27 23:54 - 2017-01-20 18:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2017-01-27 23:54 - 2017-01-20 18:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2017-01-27 23:54 - 2017-01-20 18:39 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2017-01-27 18:20 - 2017-01-28 18:04 - 00616128 _____ C:\Users\David\Documents\dragonfire shield4.blend 2017-01-27 18:20 - 2017-01-28 17:58 - 00602232 _____ C:\Users\David\Documents\dragonfire shield4.blend1 2017-01-27 17:51 - 2017-01-27 17:51 - 00643141 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.obj 2017-01-27 17:51 - 2017-01-27 17:51 - 00000777 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.mtl 2017-01-27 17:17 - 2017-01-27 18:18 - 00547184 _____ C:\Users\David\Documents\dragonfire shield3.blend1 2017-01-27 17:17 - 2017-01-27 18:18 - 00547184 _____ C:\Users\David\Documents\dragonfire shield3.blend 2017-01-27 17:15 - 2017-01-27 18:08 - 00000000 ____D C:\Users\David\Documents\blender textures 2017-01-26 22:44 - 2017-01-27 17:03 - 00591716 _____ C:\Users\David\Documents\dragonfire shield2.blend 2017-01-26 22:44 - 2017-01-26 23:40 - 00497780 _____ C:\Users\David\Documents\dragonfire shield2.blend1 2017-01-25 20:08 - 2017-01-30 20:36 - 17594987 _____ C:\Users\David\Documents\white snoop dog.psd 2017-01-25 19:43 - 2017-01-26 01:04 - 00516572 _____ C:\Users\David\Documents\dragonfire shield1.blend 2017-01-25 19:43 - 2017-01-25 23:59 - 00511424 _____ C:\Users\David\Documents\dragonfire shield1.blend1 2017-01-25 01:20 - 2017-01-25 01:20 - 00549040 _____ C:\Users\David\Documents\dragonfire shield.blend 2017-01-25 00:38 - 2017-01-28 16:46 - 00000000 ____D C:\Users\David\Documents\Dragonfire shield 2017-01-23 14:32 - 2017-01-23 19:41 - 00020145 _____ C:\Users\David\Documents\unfortunate engie encounter tf2.hfp 2017-01-22 19:35 - 2017-01-24 18:04 - 00008021 _____ C:\Users\David\Documents\armadyl godsword render.hfp 2017-01-22 15:29 - 2017-01-22 16:35 - 01708392 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.blend 2017-01-22 15:29 - 2017-01-22 16:26 - 01708392 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.blend1 2017-01-22 15:05 - 2017-01-22 15:05 - 00687456 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)16.blend 2017-01-21 21:37 - 2017-01-21 21:38 - 00687512 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)15.blend 2017-01-21 21:37 - 2017-01-21 21:37 - 00691720 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)15.blend1 2017-01-21 19:32 - 2017-01-21 21:35 - 00690264 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)14.blend 2017-01-21 19:32 - 2017-01-21 21:26 - 00690224 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)14.blend1 2017-01-18 22:39 - 2017-01-18 22:43 - 00000000 ____D C:\Users\David\AppData\Local\Skyrim 2017-01-18 22:27 - 2017-01-18 22:36 - 00762572 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)13.blend 2017-01-18 22:27 - 2017-01-18 22:27 - 00760108 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)13.blend1 2017-01-18 20:51 - 2017-01-18 20:51 - 00000221 _____ C:\Users\David\Desktop\The Elder Scrolls V Skyrim.url 2017-01-18 00:42 - 2017-01-18 00:42 - 00046386 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)10.obj 2017-01-18 00:42 - 2017-01-18 00:42 - 00000520 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)10.mtl 2017-01-17 16:50 - 2017-01-17 18:27 - 00674260 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)12.blend 2017-01-17 16:50 - 2017-01-17 17:09 - 00674260 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)12.blend1 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-16 22:29 - 2015-03-10 14:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-16 22:10 - 2017-01-13 14:00 - 00000000 ____D C:\Users\David\Documents\blender saves 2017-02-16 21:33 - 2015-10-04 10:04 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-16 20:47 - 2016-05-04 16:16 - 00000000 ____D C:\tmp 2017-02-16 18:05 - 2015-09-15 19:40 - 00007621 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg 2017-02-16 15:27 - 2015-09-15 15:17 - 00000024 _____ C:\Users\David\jagexappletviewer.preferences 2017-02-16 15:26 - 2015-10-12 15:05 - 00000044 _____ C:\Users\David\jagex_cl_oldschool_LIVE.dat 2017-02-16 14:29 - 2016-08-02 12:00 - 06771840 _____ (ESET spol. s r.o.) C:\Users\David\Downloads\esetonlinescanner_enu.exe 2017-02-16 13:42 - 2015-09-17 11:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-02-16 13:04 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-02-16 13:04 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-02-16 13:03 - 2015-03-11 19:31 - 00000000 ____D C:\ProgramData\NVIDIA 2017-02-16 12:53 - 2016-09-20 17:41 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-02-16 12:53 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-16 02:00 - 2015-09-28 12:13 - 00000000 ____D C:\Users\David\AppData\Local\Adobe 2017-02-15 21:18 - 2015-11-09 21:34 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps 2017-02-14 13:23 - 2015-09-22 15:14 - 00000000 ____D C:\Users\David\AppData\LocalLow\Temp 2017-02-11 22:13 - 2015-10-21 17:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype 2017-02-11 14:00 - 2016-02-28 10:17 - 00000000 ____D C:\ProgramData\WRData 2017-02-09 22:53 - 2015-09-15 15:59 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft 2017-02-09 22:51 - 2016-05-19 21:56 - 00001003 _____ C:\Users\David\Desktop\nativelog.txt 2017-02-09 22:51 - 2015-09-15 19:31 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-02-09 12:32 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-09 12:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf 2017-02-07 17:13 - 2017-01-08 18:37 - 00000000 ____D C:\Users\David\Documents\OSRS MODELS 2017-02-02 22:44 - 2015-09-15 14:59 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-02 22:44 - 2015-09-15 14:59 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-31 18:05 - 2016-04-16 19:47 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-01-31 17:18 - 2016-04-18 10:49 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url 2017-01-31 17:18 - 2016-04-18 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex 2017-01-31 17:18 - 2016-04-15 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Jagex 2017-01-31 17:18 - 2016-04-15 16:39 - 00000000 ____D C:\ProgramData\Jagex 2017-01-29 15:29 - 2015-11-18 20:01 - 00000000 ____D C:\Users\David\.gimp-2.8 2017-01-29 15:19 - 2015-11-18 20:07 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0 2017-01-29 11:19 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-28 18:17 - 2017-01-08 17:26 - 00000125 _____ C:\Users\David\Documents\settings.dat 2017-01-27 23:57 - 2015-09-15 14:43 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA Corporation 2017-01-27 23:56 - 2016-10-01 15:06 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-01-27 23:56 - 2015-03-11 19:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-01-27 23:55 - 2016-12-18 20:13 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-11-09 18:22 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-10-01 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-10-01 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-10-01 15:05 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-10-01 15:05 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2016-10-01 15:05 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-01-27 23:55 - 2015-03-11 19:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-01-27 23:55 - 2015-03-11 19:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-01-27 02:18 - 2016-12-18 20:14 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1 2017-01-21 00:04 - 2016-08-06 15:56 - 00000000 ____D C:\Users\David\AppData\Roaming\obs-studio 2017-01-20 18:39 - 2016-10-01 15:06 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2017-01-20 18:39 - 2016-10-01 15:06 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2017-01-20 18:39 - 2016-10-01 15:06 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2017-01-20 18:39 - 2016-10-01 15:06 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2017-01-20 18:39 - 2016-10-01 15:06 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll 2017-01-20 14:07 - 2016-10-01 15:05 - 00001951 _____ C:\Windows\NvContainerRecovery.bat 2017-01-20 13:36 - 2016-12-18 20:12 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2017-01-18 22:36 - 2016-09-20 17:46 - 00000000 ____D C:\Users\David\Documents\My Games 2017-01-18 21:15 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Files in the root of some directories ======= 2016-02-28 10:18 - 2016-02-28 10:18 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2015-10-04 10:53 - 2015-10-04 11:00 - 0002072 _____ () C:\Users\David\AppData\Roaming\SpeedRunnersLog.txt 2016-04-25 19:20 - 2016-04-25 19:21 - 2128896 _____ () C:\Users\David\AppData\Local\file__0.localstorage 2017-01-29 15:19 - 2017-01-29 15:19 - 1974953 _____ () C:\Users\David\AppData\Local\recently-used.xbel 2015-09-15 19:40 - 2017-02-16 18:05 - 0007621 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg 2015-03-10 09:19 - 2015-03-10 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-18 20:14 - 2017-01-27 23:55 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-18 20:14 - 2017-01-27 02:18 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 Some files in TEMP: ==================== 2017-02-13 14:57 - 2017-02-13 14:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10914422.exe 2017-02-15 16:07 - 2017-02-15 16:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10945903.exe 2017-02-12 15:05 - 2017-02-12 15:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10994045.exe 2017-02-14 11:48 - 2017-02-14 11:48 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate1182487.exe 2017-02-14 11:48 - 2017-02-14 11:48 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate1182783.exe 2017-02-13 15:57 - 2017-02-13 15:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14523521.exe 2017-02-15 17:08 - 2017-02-15 17:08 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14555049.exe 2017-02-12 16:05 - 2017-02-12 16:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14606139.exe 2017-02-12 19:09 - 2017-02-12 19:09 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate25672959.exe 2017-02-12 19:09 - 2017-02-12 19:09 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate25676313.exe 2017-02-13 12:01 - 2017-02-13 12:01 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate345807.exe 2017-02-12 12:07 - 2017-02-12 12:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate354933.exe 2017-02-12 12:07 - 2017-02-12 12:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate358240.exe 2017-02-15 13:11 - 2017-02-15 13:11 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate359535.exe 2017-02-15 13:11 - 2017-02-15 13:11 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate362858.exe 2017-02-13 12:57 - 2017-02-13 12:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3697176.exe 2017-02-15 14:07 - 2017-02-15 14:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3727503.exe 2017-02-12 13:04 - 2017-02-12 13:04 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3778796.exe 2017-02-13 12:02 - 2017-02-13 12:02 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate391219.exe 2017-02-16 13:00 - 2017-02-16 13:00 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate490264.exe 2017-02-16 13:01 - 2017-02-16 13:01 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate547594.exe 2017-02-13 13:57 - 2017-02-13 13:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7306650.exe 2017-02-15 15:07 - 2017-02-15 15:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7336305.exe 2017-02-12 14:05 - 2017-02-12 14:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7386569.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-12 15:34 ==================== End of FRST.txt ============================ Spoiler Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02 Ran by David (16-02-2017 22:31:23) Running from C:\Users\David\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 14:43:29) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2540591498-2717392123-333389616-500 - Administrator - Disabled) David (S-1-5-21-2540591498-2717392123-333389616-1001 - Administrator - Enabled) => C:\Users\David Guest (S-1-5-21-2540591498-2717392123-333389616-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2540591498-2717392123-333389616-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A} AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7} AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.) Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated) Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated) Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Ansel (Version: 375.86 - NVIDIA Corporation) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation) Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation) CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Discord (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden f.lux (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Flux) (Version: - ) Gang Beasts Online Beta (HKLM\...\Steam App 459960) (Version: - ) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) HitFilm 4 Express (HKLM\...\{40EFEABF-B463-417A-B96D-CFDA42E1A70A}) (Version: 4.0.5609.10802 - FXHOME) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metasequoia Ver3.1 (HKLM-x32\...\Metasequoia Ver3.1) (Version: - ) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation) NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project) OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd) ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE) ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios) ph (x32 Version: 1.0.0 - Your Company Name) Hidden Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.) RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd) RuneScape Launcher 2.2.3 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.3 - Jagex Ltd) SeaTools for Windows 1.3.0.15 (HKLM-x32\...\SeaTools for Windows) (Version: 1.3.0.15 - Seagate Technology) SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version: - The SKSE Team) Source Filmmaker (HKLM\...\Steam App 1840) (Version: - Valve) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.28 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version: - Ubisoft) TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK) Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL) Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft) VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Vodafone Wi-Fi (HKLM-x32\...\{4C897612-87C1-4084-88B3-A9505DC17A77}) (Version: 2.0.9.48121 - Vodafone) VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.9.78 - Webroot) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) XMind 7.5 Update 1 (v3.6.51) (HKLM-x32\...\XMind_is1) (Version: 3.6.51.201607142338 - XMind Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\ChromeHTML: -> <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2540591498-2717392123-333389616-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2F6CA1A8-33A3-4CDB-907C-2D4745F0D43A} - System32\Tasks\{5986A8D0-CC64-40D0-A14D-714DC67F2852} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated) Task: {34DB0C6D-DE70-4A88-961F-795CEE8BA0BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-10] (Adobe Systems Incorporated) Task: {362AE0A9-6242-436A-AE86-9022B2B8224B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation) Task: {3694AC4E-5D6A-4985-B72F-DBC6AD07E407} - System32\Tasks\{99B22D9D-B60D-4735-BC9D-A4D8E1D0397A} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated) Task: {4567B2DB-9E7E-4F5C-A288-A880846FB20A} - System32\Tasks\AdobeAAMUpdater-1.0-David-PC-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated) Task: {4E9848EB-A785-4857-88D4-8DD1FA37B6DD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation) Task: {5C064AB3-3E80-48C8-93CE-202B2E87768B} - System32\Tasks\{4FAD9023-CA25-4CF1-AC92-5E4FE5CAF5B2} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated) Task: {62D2CBF8-78FA-443E-924D-119FFF7CD0A9} - System32\Tasks\{7D514921-7AE4-4F68-B8FC-1ED32A1768F5} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated) Task: {6B2AD87C-A2B0-4581-B34C-73E744259E71} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation) Task: {80FB916A-985A-4441-8E69-CA2FA8FE4B35} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation) Task: {86D6AFDE-0DDC-447B-AAC7-B7189E1683EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.) Task: {913DD2BF-C4B2-4E8E-8573-EB74B6BD44A7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation) Task: {93E063D3-511D-47C3-BD7B-3D9F26865EB4} - System32\Tasks\{BCD83D00-71A9-48A4-A100-0009A898451E} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated) Task: {BD61605E-EE76-4137-8AA5-C31D2CBD5A8D} - System32\Tasks\{65FE22B0-AB60-4B7F-9586-AAB5ECDBD00C} => C:\Program Files (x86)\Steam\Steam.exe [2017-01-19] (Valve Corporation) Task: {BFFDC1F1-5DAF-4F28-BEF8-E9D32A114B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.) Task: {D335950A-74CF-4B2C-9F7B-8B07DB332E52} - System32\Tasks\{0DA80FF4-757D-40AA-9A9F-F3244E46F8B9} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe" Task: {D8F8E3B3-76ED-4259-A8A5-0376F97CC411} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation) Task: {F1ED8DEB-A5D7-453D-8FA0-D1CA76E65A01} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-10-01 15:05 - 2017-01-20 18:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-01 15:05 - 2017-01-20 18:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll 2015-03-11 19:31 - 2016-11-10 22:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-01 22:18 - 2016-04-01 22:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2017-02-02 22:44 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-02 22:44 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00123168 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe 2016-10-01 15:05 - 2017-01-20 18:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-10-01 15:05 - 2017-01-20 18:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-10-01 15:05 - 2017-01-20 18:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll 2016-10-01 15:06 - 2017-01-20 18:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2016-10-01 15:05 - 2017-01-20 13:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-01 15:05 - 2017-01-20 13:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-01 15:05 - 2017-01-20 13:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-01 15:05 - 2017-01-20 13:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-01 15:05 - 2017-01-20 13:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node 2016-10-01 15:05 - 2017-01-20 13:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-01 15:05 - 2017-01-20 13:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node 2016-12-18 20:13 - 2017-01-20 13:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node 2017-01-11 21:01 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 14:22 - 2017-01-12 14:22 - 01082880 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 14:22 - 2017-01-12 14:22 - 03750400 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 14:22 - 2017-01-12 14:22 - 00914432 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-11 21:01 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-11 21:01 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-16 12:57 - 2017-02-16 12:57 - 00148992 _____ () \\?\C:\Users\David\AppData\Local\Temp\E417.tmp.node 2017-01-12 14:22 - 2017-01-12 14:22 - 02658304 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 14:23 - 2017-01-12 14:23 - 02130432 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2015-10-04 10:05 - 2016-12-23 18:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-10-04 10:05 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-10-04 10:05 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-10-04 10:05 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-10-04 10:05 - 2017-01-19 01:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-10-04 10:05 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-10-04 10:05 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-10-04 10:05 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-10-04 10:05 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-10-04 10:05 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-10-04 10:05 - 2017-01-19 01:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 10:19 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-13 11:37 - 2017-01-05 03:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-10-04 10:05 - 2017-01-19 01:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00173856 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\launcher.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00294688 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\tier0.dll 2016-03-31 13:12 - 2017-02-14 20:41 - 00193824 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vstdlib.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00692512 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\filesystem_stdio.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 04311328 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\engine.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00136992 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\inputsystem.dll 2016-03-31 12:33 - 2016-03-31 13:12 - 00774656 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\SDL2.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 01294624 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\materialsystem.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00255776 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\datacache.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00518944 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\studiorender.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00895776 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vphysics.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00112416 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\video_services.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 01379104 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vguimatsurface.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00386336 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vgui2.dll 2016-03-31 13:12 - 2017-02-14 20:41 - 00152864 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\sourcevr.dll 2016-03-31 13:11 - 2016-03-31 13:11 - 00058368 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\openvr_api.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 01628960 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\shaderapidx9.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00131872 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\video_quicktime.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00124192 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\video_bink.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00161568 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dbg.dll 2016-03-31 13:12 - 2017-02-14 20:41 - 00244000 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx6.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00176416 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx7.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00356128 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx8.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00566560 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx9.dll 2016-03-31 13:12 - 2017-02-14 20:41 - 00088352 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\unicode.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 15063328 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\bin\client.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 10625312 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\bin\server.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00146208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\soundemittersystem.dll 2016-03-31 13:11 - 2017-02-14 20:41 - 00111392 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\scenefilecache.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 01820448 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\replay.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 00980768 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\ServerBrowser.dll 2016-03-31 12:33 - 2017-02-14 20:41 - 02063648 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\GameUI.dll 2016-03-31 13:12 - 2017-02-14 20:41 - 00093472 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vaudio_miles.dll 2016-03-31 13:11 - 2016-03-31 13:11 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssmp3.asi 2016-03-31 13:11 - 2016-03-31 13:11 - 00153088 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssvoice.asi 2016-03-31 13:11 - 2016-03-31 13:11 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssds3d.flt 2016-03-31 13:11 - 2016-03-31 13:11 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\msseax.flt 2016-03-31 13:11 - 2017-02-14 20:41 - 00122656 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\bugreporter_public.dll 2016-11-19 01:31 - 2017-02-14 20:41 - 00183072 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vaudio_celt.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.192.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMD FUEL Service => 2 MSCONFIG\Services: BRSptStub => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Unchecky => 2 MSCONFIG\Services: WRSVC => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CheVolume.lnk => C:\Windows\pss\CheVolume.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup MSCONFIG\startupreg: ${_APP_NAME} => C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7B8B84CA-1BAD-4839-AF4A-2C145F6C137C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{EDDC186D-DBF2-4B28-8350-BD2E306D1177}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe FirewallRules: [{1E66CF61-C9ED-4A0B-B591-1CEF3BA5BD20}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{9313DF91-AB74-4995-A706-F85725528465}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [TCP Query User{DB1C5A72-7071-4154-86E3-230E4720A83D}C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{B8252243-DBD5-4347-BA27-01864CAFD447}C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{BF3092F6-0D6F-4EE4-AC39-782AA1F58917}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{D963C7CF-5904-421F-B2EE-5EF34A07F581}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{59220C62-9841-4E50-8E46-F05BE82639D8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{9C873243-10F4-443B-94C3-0FD73B9678A4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{75A38778-A343-4FA8-8512-C391D1508435}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{0C8E142B-27CD-44F4-A726-292FF5AD9A2B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe FirewallRules: [{3505E844-0A8B-476F-BF47-603B51FC51FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DAFA3A52-F4EB-4EAD-94E0-1C1C2E318A64}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{751D32B7-9EC2-4A45-ACEA-EB11014831BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{02B5F15E-E764-405E-859C-B49169188F62}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{80E7613D-95C5-474D-9FD2-7BC33F218B47}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe FirewallRules: [{479A4147-6E32-468A-9DFC-84209D4170A2}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe FirewallRules: [{D083DD47-227E-4B2E-B4A6-40609B78BF78}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{BE3FBDA4-D9DC-4B03-99B5-E1E5F55C4A1B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{07116CFF-3DDF-42B5-A40B-C6F3CF89CB74}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{C1A0ECDC-01BC-4ED3-A1A5-7A5BAA958F19}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{E20AF7B0-E295-487A-A00B-92751E7A713B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{ED47CA92-3D80-4F33-A6AD-0E2D1C952435}] => (Allow) LPort=8317 FirewallRules: [{8053F73B-D01C-4ED6-98F5-935B8BA41818}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{62726A01-029F-41DA-A499-8FB613A35D26}] => (Allow) LPort=2869 FirewallRules: [{0D83FE2D-77A0-4490-8AD5-449D7113AFD8}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{D0229830-C9D7-4B58-AD0B-825594769795}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [UDP Query User{69A64220-453C-4EAF-BF07-091964CB635A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe FirewallRules: [TCP Query User{AB601DB9-4BAE-4F5D-BF4C-F82E682F84A6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [UDP Query User{F6839606-36F8-45D5-AE4A-44AE44FDF585}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe FirewallRules: [{906E0050-788A-4D67-A93E-38C2A6969E42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{F5E240E4-7013-4C27-ABFE-F93D8811F457}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{7BFFAD94-99EE-4B56-BDE8-513E94577445}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{7E2D8198-A962-4347-9E97-D8F11111D24A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe FirewallRules: [{B09694EE-57D7-40E5-92FE-F9D7C1A9BDFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe FirewallRules: [{EF413F39-EF7C-48C3-9334-AF5E359612B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe FirewallRules: [{F32FEAA6-D599-4049-AD91-9BE9B120D9F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe FirewallRules: [{93FF1061-AF27-44D8-B425-B9331D2F694E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe FirewallRules: [{7A675AB2-F12B-48C6-A445-8397C937B165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe FirewallRules: [TCP Query User{D6F4B86E-1693-4B65-86CA-3E41957CA8D2}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe FirewallRules: [UDP Query User{28D01F4E-4BA0-4785-84F9-62C542CDDB3B}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe FirewallRules: [TCP Query User{A27F3C1E-AB8D-42EB-9455-33E4ABC1CDF3}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe FirewallRules: [UDP Query User{4F30B215-F441-40C4-BAC3-8D822193DAE5}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe FirewallRules: [{0CB0F828-D926-4C25-83C3-389EF7198E24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [{CE9BA848-8F0E-42FD-97C3-EC8A2602538F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe FirewallRules: [TCP Query User{79899BE4-5FFD-4693-8B2C-35E693CB4CF6}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [UDP Query User{DEF9CBBC-4F0E-4625-92F8-8838FDC1E62B}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe FirewallRules: [{BB7897AD-5753-4294-8A21-FF54676EE9F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{49AFF4F3-464E-47E2-B608-C68C4083F943}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{8BFA8E8F-EF4D-43CC-BA63-91E49A75B7A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{DB5E635F-FE80-492A-8DFC-85B1631AFB44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{DCC1F738-E13B-429C-9FD2-DCC5E3860341}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{DE10B753-9F63-41BA-8306-73DA11D3F2FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4AEED87F-51A4-4E44-8347-ACA8856F1940}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{09E93143-FED8-4789-B4B2-5836DC63FCC7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe FirewallRules: [{90D5E55F-B91E-4EDC-A762-D0DBC4043B6D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe FirewallRules: [{4EBAEBDE-7BBC-4D57-8324-3F494AD61AD9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{BCC4C621-12FF-4403-94E8-A6C064913F6A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe FirewallRules: [{716D1BF1-2936-48FE-BF5A-B1D7DF8782EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{1C215BEC-019C-4DF1-AC5D-BDBC85C35A9F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe FirewallRules: [{952ABC19-2532-4C98-9F71-E5B9CA4D1013}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E8E343A0-19F5-4420-AEC4-13BD9D3BC4E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{E7D8B719-F9EF-4491-AC68-A34ADAB0E713}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B69C1314-4FF9-4FF2-937C-8C53D39896EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [TCP Query User{9BA1AD8E-D946-4C20-A5B8-6BE686B8C002}C:\eve\sharedcache\tq\bin\exefile.exe] => (Block) C:\eve\sharedcache\tq\bin\exefile.exe FirewallRules: [UDP Query User{750160C2-0D65-4FDA-BDF8-83F547280B1A}C:\eve\sharedcache\tq\bin\exefile.exe] => (Block) C:\eve\sharedcache\tq\bin\exefile.exe FirewallRules: [{770A68AF-9C7C-4C0A-96EA-6D45D1D3FDBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{C421A257-AAA0-4EF2-8EC7-513ED8684FB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe FirewallRules: [{7D70B427-8E82-4D22-A1DD-F8234960B36D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe FirewallRules: [{037DAF98-C4CE-4238-AC46-AA10F9929E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe FirewallRules: [{6B6E915D-82BB-4E2D-B841-6F1263834772}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe FirewallRules: [{7C01FB95-B3AE-4F99-9DC6-5FD9FA8D2D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe FirewallRules: [{65E486C1-E954-4170-805D-CFF8031DF66C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 10-02-2017 12:45:37 Windows Update 12-02-2017 19:00:05 Windows Backup 14-02-2017 11:40:22 Windows Update 15-02-2017 21:20:27 15 feb 2016 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/16/2017 12:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/15/2017 09:18:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257 Faulting module name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257 Exception code: 0xc0000005 Fault offset: 0x00017577 Faulting process id: 0x1c54 Faulting application start time: 0x01d287d1055d38b5 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe Report Id: 443bc809-f3c4-11e6-a9c0-fcaa14b159d5 Error: (02/15/2017 09:17:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257 Faulting module name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257 Exception code: 0xc0000005 Fault offset: 0x000241a1 Faulting process id: 0xbec Faulting application start time: 0x01d287d0f28f4188 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe Report Id: 378e3433-f3c4-11e6-a9c0-fcaa14b159d5 Error: (02/15/2017 09:17:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x20202020 Faulting process id: 0xbec Faulting application start time: 0x01d287d0f28f4188 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe Faulting module path: unknown Report Id: 31896f94-f3c4-11e6-a9c0-fcaa14b159d5 Error: (02/15/2017 01:07:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/15/2017 12:58:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/14/2017 11:30:47 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/14/2017 11:27:37 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/13/2017 11:57:45 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (02/13/2017 11:55:00 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (02/16/2017 02:33:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/16/2017 02:33:26 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/16/2017 02:33:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (02/16/2017 02:33:24 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. ==================== Memory info =========================== Processor: AMD FX(tm)-6350 Six-Core Processor Percentage of memory in use: 72% Total physical RAM: 8173.55 MB Available physical RAM: 2229.81 MB Total Virtual: 16345.29 MB Available Virtual: 9782.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:927.51 GB) (Free:527.75 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1CE59DCA) Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=927.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ i also attached the addition.txt file to the post in case. thanks again, i appreciate it Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2017 ID:1102363 Share Posted February 16, 2017 Thanks for those logs SpaciousName, continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Clean install Malwarebytes from version 2 to version 3... Please download MBAM-clean and save it to your desktop. Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool. It will ask you to reboot the machine - please do so. Run the cleaner tool again, re-boot when complete. <<<---do not miss this step If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop. Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how Right click on and select "Run as Administrator" In the new Window accept the terms of service In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings" In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan" In the new Window new virus database signatures will download, Do Not Select Stop The Window will progress showing the scan in action.... In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply... If threats are found the following Window will open: Click on "Select All" then "Save to Text file" name and save that file, attach to your reply. Now select "Do not clean" and then close out.... Let me see those logs, also tell me if there are any remaining issues or concerns.... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102577 Share Posted February 17, 2017 Spoiler Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02 Ran by David (17-02-2017 13:24:40) Run:1 Running from C:\Users\David\Desktop Loaded Profiles: David (Available Profiles: David) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\MountPoints2: {63c8786b-7256-11e5-b532-fcaa14b159d5} - E:\SetupWi-Fi.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION Tcpip\..\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}: [DhcpNameServer] 192.168.1.1 0.0.0.0 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02] S2 RalinkRegistryWriter64; "C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe" [X] S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [X] S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 netr28ux; system32\DRIVERS\netr28ux.sys [X] HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\ChromeHTML: -> <==== ATTENTION HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION FirewallRules: [{ED47CA92-3D80-4F33-A6AD-0E2D1C952435}] => (Allow) LPort=8317 FirewallRules: [{62726A01-029F-41DA-A499-8FB613A35D26}] => (Allow) LPort=2869 FirewallRules: [{0D83FE2D-77A0-4490-8AD5-449D7113AFD8}] => (Allow) LPort=1900 CMD: ipconfig /flushDNS EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKU\S-1-5-21-2540591498-2717392123-333389616-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63c8786b-7256-11e5-b532-fcaa14b159d5} => key removed successfully HKCR\CLSID\{63c8786b-7256-11e5-b532-fcaa14b159d5} => key not found. HKLM\SOFTWARE\Policies\Google => key removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}\\DhcpNameServer => value removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}\\DhcpNameServer => value removed successfully HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully HKLM\System\CurrentControlSet\Services\RalinkRegistryWriter64 => key removed successfully RalinkRegistryWriter64 => service removed successfully HKLM\System\CurrentControlSet\Services\RaMediaServer => key removed successfully RaMediaServer => service removed successfully HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully gdrv => service removed successfully HKLM\System\CurrentControlSet\Services\netr28ux => key removed successfully netr28ux => service removed successfully HKU\S-1-5-21-2540591498-2717392123-333389616-1001_Classes\ChromeHTML => key removed successfully HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile => key removed successfully HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED47CA92-3D80-4F33-A6AD-0E2D1C952435} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62726A01-029F-41DA-A499-8FB613A35D26} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D83FE2D-77A0-4490-8AD5-449D7113AFD8} => value removed successfully ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53093300 B Java, Flash, Steam htmlcache => 793630348 B Windows/system/drivers => 504879527 B Edge => 0 B Chrome => 888227484 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 11492062 B David => 2438934605 B OVRLibraryService => 0 B RecycleBin => 52084925491 B EmptyTemp: => 52.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 13:30:37 ==== Spoiler Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/17/17 Scan Time: 2:10 PM Logfile: malware scan report.txt Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.50 Update Package Version: 1.0.1286 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: David-PC\David -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 391584 Time Elapsed: 17 min, 15 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Spoiler # AdwCleaner v6.043 - Logfile created 17/02/2017 at 14:34:48 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : David - DAVID-PC # Running from : C:\Users\David\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1452 Bytes] - [17/02/2017 14:34:48] C:\AdwCleaner\AdwCleaner[S0].txt - [1749 Bytes] - [17/02/2017 14:33:23] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1598 Bytes] ########## Hi Kevin, i followed these steps and added the logs in the spoilers above. if i've missed anything please let me know the ESET scan detected nothing, and i deleted the application's data on close like you said. no log was produced. I did also have my real-time protection turned off so it wouldn't interfere with the scan. thanks Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2017 ID:1102580 Share Posted February 17, 2017 Any remaining issues or concerns...? Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102582 Share Posted February 17, 2017 (edited) Not really, my only other issue would be that sometimes my PC will take a very long time to start up, around 5-10 minutes after which i have to restart it again or else it will run very slowly. i have tried following some guides on speeding up my PC and looking at my BIOS but it didn't resolve the issue. although this might have been solved by the help you've given me already, i haven't checked yet. another thing is that i have 2 installations of webroot secure anywhere on my PC, because when i start up my PC i will get a notification asking for permission from the program to start up again even though it's already running. besides that i don't have any issues, and thanks very much for your help. i really appreciate it Edited February 17, 2017 by SpaciousName Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2017 ID:1102587 Share Posted February 17, 2017 Set your system up to run in "Clean Boot" mode, basically this is all none MS services disabled, obviously if network or security issues are listed keep those active... Full instructions at the following link:https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows Does clean boot make any difference... Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102603 Share Posted February 17, 2017 I'll try that now, but usually when I restart my PC it will restart fairly quickly. It's just when I start it up or restart it after having it on for a long period of time that it will take a very long time to boot up. I'll get back to you with another reply after I try a clean boot however Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102605 Share Posted February 17, 2017 i just restarted my pc in clean boot mode, it seems to be running okay and everything. like I said though the slow startup doesn't happen all the time, only every now and again and usually after i start up my PC after having it on for a long time. sorry for making 2 posts in a short space of time, i probably should have just waited and made one. Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2017 ID:1102610 Share Posted February 17, 2017 The idea of Clean Boot is to see if a 3rd party service is causing issues at boot, slowing down the startup procedure. If clean boot makes your system boot up faster and more responsive then it is safe to assume that a 3rd party service(s) is causing the problem.... Has clean boot made a big difference..? Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102613 Share Posted February 17, 2017 it did make a slight difference in the startup time compared to how fast my PC usually starts up, but it is a lot faster than when it takes a long time to start up. i don't really know what causes the slow startups though as they are inconsistent with how often they happen Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2017 ID:1102616 Share Posted February 17, 2017 If clean boot has not that much difference then just go back to normal mode, the instructions are in the link provided for clean boot... Your system is not being affected by malware or infection. If the issue is sporadic and only happens when you reboot after the PC has been in use for an extended period maybe is worthwhile logging system temperatures, maybe give the PC a spring clean inside specifically heat sink around CPU etc.... To remove tools we have used run the following: Download "Delfix by Xplode" and save it to your desktop. (This link is down at present, use the following mirror link) Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
SpaciousName Posted February 17, 2017 Author ID:1102632 Share Posted February 17, 2017 I tried both of the delfix links but the first site was down and the second site didn't start the download after i clicked the download button. Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2017 ID:1102633 Share Posted February 17, 2017 Try this one at Bleeping Computers: https://www.bleepingcomputer.com/download/delfix/ Link to post Share on other sites More sharing options...
SpaciousName Posted February 18, 2017 Author ID:1102636 Share Posted February 18, 2017 The download worked and I ran it with the settings you specified, thanks! i appreciate all the help a lot Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2017 ID:1102754 Share Posted February 18, 2017 You`re very welcome, comeback anytime... Regards, Kevin.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2017 Root Admin ID:1103245 Share Posted February 21, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts