Jump to content

afraid that i might have been hacked or downloaded an unsafe program


Recommended Posts

Hi, today i woke up and saw that my SONY Playstation account login details had been changed. I managed to get them back to what they were previously and set up 2-Step Authentification on the account, but while i was setting up the 2-step authentification my account was activated on another PS4 once again. 

I'm worried about this because the only way someone could have gotten my new password is if they had access to my PC, which is where i changed it. I tried scanning with malwarebytes and webroot but nothing came up, and i'm currently running a scan with ESET online scanner. 

I did download a program recently from a domain that was listed as 'not secure', but it's a fairly reputable program so i wasn't too worried about it at the time. 

I'm at a bit of a loss with what to do now but any help would be appreciated

Link to post
Share on other sites

Hello SpaciousName and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..

 

Link to post
Share on other sites

5 hours ago, kevinf80 said:
Hello SpaciousName and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..

 

hi Kevin, thanks for the reply. I changed the download path and ran the tool as you said. here are the logs that came with the scan: 

 

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by David (administrator) on DAVID-PC (16-02-2017 22:30:06)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Flux Software LLC) C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\David\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896472 2016-06-03] (Webroot)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Run: [f.lux] => C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\MountPoints2: {63c8786b-7256-11e5-b532-fcaa14b159d5} - E:\SetupWi-Fi.exe
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2016-06-03] (Webroot)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{786E3148-8588-4260-9790-65EB2BEEC91F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B2CCDEB8-F262-47C0-8D0B-8C53495654DE}: [DhcpNameServer] 192.168.192.1
Tcpip\..\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-28] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-28] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-06-10] (Webroot)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-28] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-28] (Webroot)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2015-03-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2015-03-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)

Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll => No File
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2017-02-16]
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-15]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-15]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-09]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-15]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Webroot Filtering Extension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-01-26]
CHR Extension: (Webroot Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-02-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-05-04] (Adobe Systems) [File not signed]
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-16] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395536 2016-12-21] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254904 2016-03-18] (RaMMicHaeL)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WRSVC; C:\Program Files\Webroot\WRSA.exe [896472 2016-06-03] (Webroot)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S2 RalinkRegistryWriter64; "C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe" [X]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-09-16] (BitRaider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2014-04-08] (Realtek Semiconductor Corporation                           )
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2016-09-17] (Windows (R) Win 7 DDK provider)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-06-17] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [54512 2016-06-10] (Webroot)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 22:30 - 2017-02-16 22:30 - 00018667 _____ C:\Users\David\Desktop\FRST.txt
2017-02-16 22:29 - 2017-02-16 22:30 - 00000000 ____D C:\FRST
2017-02-16 22:26 - 2017-02-16 22:26 - 02422272 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2017-02-15 21:51 - 2017-02-15 22:05 - 00000000 ____D C:\Users\David\Documents\unpacked
2017-02-15 21:24 - 2017-02-15 21:24 - 00000000 ____D C:\Users\David\AppData\Local\Nem's Tools
2017-02-09 22:41 - 2017-02-09 22:41 - 01615343 _____ C:\Users\David\Documents\american politics.psd
2017-02-09 21:53 - 2017-02-14 19:30 - 03204887 _____ C:\Users\David\Documents\junior cert doctor no poster mockup.psd
2017-02-09 13:22 - 2017-02-15 21:53 - 00000000 ____D C:\Users\David\Documents\decompiled
2017-02-05 22:04 - 2017-02-06 13:42 - 00046313 _____ C:\Users\David\Documents\too many heavies tf2.hfp
2017-02-04 20:06 - 2017-02-04 20:38 - 00000006 _____ C:\Users\David\Desktop\New Text Document.txt
2017-02-03 19:17 - 2017-02-03 19:17 - 05375635 _____ C:\Users\David\Documents\SFM SPIES.psd
2017-01-31 17:17 - 2017-01-31 17:17 - 04067128 _____ (Jagex Ltd ) C:\Users\David\Downloads\RuneScape-Setup.exe
2017-01-29 16:53 - 2017-01-29 17:09 - 00943197 _____ C:\Users\David\Documents\sgt peppers.ses
2017-01-29 16:28 - 2017-01-29 16:34 - 00000000 ____D C:\Users\David\Documents\stems
2017-01-29 16:22 - 2017-02-13 23:24 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity
2017-01-29 16:22 - 2017-01-29 16:22 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-01-29 16:22 - 2017-01-29 16:22 - 00001007 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-01-29 16:22 - 2017-01-29 16:22 - 00000000 ____D C:\Users\David\AppData\Local\Audacity
2017-01-29 16:22 - 2017-01-29 16:22 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-01-29 16:21 - 2017-01-29 16:21 - 26496761 _____ (Audacity Team ) C:\Users\David\Downloads\audacity-win-2.1.2.exe
2017-01-29 16:18 - 2017-01-29 16:18 - 79804397 _____ C:\Users\David\Downloads\The Beatles - Sgt. Pepper's Lonely Hearts Club Band.mogg
2017-01-29 15:19 - 2017-01-29 15:19 - 01974953 _____ C:\Users\David\AppData\Local\recently-used.xbel
2017-01-29 14:41 - 2017-01-29 15:14 - 00007397 _____ C:\Users\David\Documents\dragonfire shield render.hfp
2017-01-28 22:50 - 2017-01-28 22:50 - 00024359 _____ C:\Users\David\Documents\tf2 micsnobs hightower.hfp
2017-01-28 18:05 - 2017-01-28 19:05 - 01273868 _____ C:\Users\David\Documents\dragonfire shield6.blend
2017-01-28 18:05 - 2017-01-28 18:17 - 00488868 _____ C:\Users\David\Documents\dragonfire shield6.blend1
2017-01-28 00:43 - 2017-01-28 19:04 - 00488924 _____ C:\Users\David\Documents\dragonfire shield5.blend
2017-01-28 00:43 - 2017-01-28 01:32 - 00492932 _____ C:\Users\David\Documents\dragonfire shield5.blend1
2017-01-27 23:54 - 2017-01-20 18:39 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-27 23:54 - 2017-01-20 18:39 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-27 23:54 - 2017-01-20 18:39 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-27 23:54 - 2017-01-20 18:39 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-27 18:20 - 2017-01-28 18:04 - 00616128 _____ C:\Users\David\Documents\dragonfire shield4.blend
2017-01-27 18:20 - 2017-01-28 17:58 - 00602232 _____ C:\Users\David\Documents\dragonfire shield4.blend1
2017-01-27 17:51 - 2017-01-27 17:51 - 00643141 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.obj
2017-01-27 17:51 - 2017-01-27 17:51 - 00000777 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.mtl
2017-01-27 17:17 - 2017-01-27 18:18 - 00547184 _____ C:\Users\David\Documents\dragonfire shield3.blend1
2017-01-27 17:17 - 2017-01-27 18:18 - 00547184 _____ C:\Users\David\Documents\dragonfire shield3.blend
2017-01-27 17:15 - 2017-01-27 18:08 - 00000000 ____D C:\Users\David\Documents\blender textures
2017-01-26 22:44 - 2017-01-27 17:03 - 00591716 _____ C:\Users\David\Documents\dragonfire shield2.blend
2017-01-26 22:44 - 2017-01-26 23:40 - 00497780 _____ C:\Users\David\Documents\dragonfire shield2.blend1
2017-01-25 20:08 - 2017-01-30 20:36 - 17594987 _____ C:\Users\David\Documents\white snoop dog.psd
2017-01-25 19:43 - 2017-01-26 01:04 - 00516572 _____ C:\Users\David\Documents\dragonfire shield1.blend
2017-01-25 19:43 - 2017-01-25 23:59 - 00511424 _____ C:\Users\David\Documents\dragonfire shield1.blend1
2017-01-25 01:20 - 2017-01-25 01:20 - 00549040 _____ C:\Users\David\Documents\dragonfire shield.blend
2017-01-25 00:38 - 2017-01-28 16:46 - 00000000 ____D C:\Users\David\Documents\Dragonfire shield
2017-01-23 14:32 - 2017-01-23 19:41 - 00020145 _____ C:\Users\David\Documents\unfortunate engie encounter tf2.hfp
2017-01-22 19:35 - 2017-01-24 18:04 - 00008021 _____ C:\Users\David\Documents\armadyl godsword render.hfp
2017-01-22 15:29 - 2017-01-22 16:35 - 01708392 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.blend
2017-01-22 15:29 - 2017-01-22 16:26 - 01708392 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)17.blend1
2017-01-22 15:05 - 2017-01-22 15:05 - 00687456 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)16.blend
2017-01-21 21:37 - 2017-01-21 21:38 - 00687512 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)15.blend
2017-01-21 21:37 - 2017-01-21 21:37 - 00691720 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)15.blend1
2017-01-21 19:32 - 2017-01-21 21:35 - 00690264 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)14.blend
2017-01-21 19:32 - 2017-01-21 21:26 - 00690224 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)14.blend1
2017-01-18 22:39 - 2017-01-18 22:43 - 00000000 ____D C:\Users\David\AppData\Local\Skyrim
2017-01-18 22:27 - 2017-01-18 22:36 - 00762572 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)13.blend
2017-01-18 22:27 - 2017-01-18 22:27 - 00760108 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)13.blend1
2017-01-18 20:51 - 2017-01-18 20:51 - 00000221 _____ C:\Users\David\Desktop\The Elder Scrolls V Skyrim.url
2017-01-18 00:42 - 2017-01-18 00:42 - 00046386 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)10.obj
2017-01-18 00:42 - 2017-01-18 00:42 - 00000520 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)10.mtl
2017-01-17 16:50 - 2017-01-17 18:27 - 00674260 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)12.blend
2017-01-17 16:50 - 2017-01-17 17:09 - 00674260 _____ C:\Users\David\Documents\armadyl godsword (smooth shading)12.blend1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-16 22:29 - 2015-03-10 14:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-16 22:10 - 2017-01-13 14:00 - 00000000 ____D C:\Users\David\Documents\blender saves
2017-02-16 21:33 - 2015-10-04 10:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-16 20:47 - 2016-05-04 16:16 - 00000000 ____D C:\tmp
2017-02-16 18:05 - 2015-09-15 19:40 - 00007621 _____ C:\Users\David\AppData\Local\Resmon.ResmonCfg
2017-02-16 15:27 - 2015-09-15 15:17 - 00000024 _____ C:\Users\David\jagexappletviewer.preferences
2017-02-16 15:26 - 2015-10-12 15:05 - 00000044 _____ C:\Users\David\jagex_cl_oldschool_LIVE.dat
2017-02-16 14:29 - 2016-08-02 12:00 - 06771840 _____ (ESET spol. s r.o.) C:\Users\David\Downloads\esetonlinescanner_enu.exe
2017-02-16 13:42 - 2015-09-17 11:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-16 13:04 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-16 13:04 - 2009-07-14 04:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-16 13:03 - 2015-03-11 19:31 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-16 12:53 - 2016-09-20 17:41 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-16 12:53 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-16 02:00 - 2015-09-28 12:13 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2017-02-15 21:18 - 2015-11-09 21:34 - 00000000 ____D C:\Users\David\AppData\Local\CrashDumps
2017-02-14 13:23 - 2015-09-22 15:14 - 00000000 ____D C:\Users\David\AppData\LocalLow\Temp
2017-02-11 22:13 - 2015-10-21 17:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2017-02-11 14:00 - 2016-02-28 10:17 - 00000000 ____D C:\ProgramData\WRData
2017-02-09 22:53 - 2015-09-15 15:59 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2017-02-09 22:51 - 2016-05-19 21:56 - 00001003 _____ C:\Users\David\Desktop\nativelog.txt
2017-02-09 22:51 - 2015-09-15 19:31 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-09 12:32 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-09 12:32 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2017-02-07 17:13 - 2017-01-08 18:37 - 00000000 ____D C:\Users\David\Documents\OSRS MODELS
2017-02-02 22:44 - 2015-09-15 14:59 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 22:44 - 2015-09-15 14:59 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 18:05 - 2016-04-16 19:47 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-31 17:18 - 2016-04-18 10:49 - 00000177 _____ C:\Users\Public\Desktop\RuneScape Launcher.url
2017-01-31 17:18 - 2016-04-18 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2017-01-31 17:18 - 2016-04-15 16:39 - 00000000 ____D C:\Users\David\AppData\Local\Jagex
2017-01-31 17:18 - 2016-04-15 16:39 - 00000000 ____D C:\ProgramData\Jagex
2017-01-29 15:29 - 2015-11-18 20:01 - 00000000 ____D C:\Users\David\.gimp-2.8
2017-01-29 15:19 - 2015-11-18 20:07 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2017-01-29 11:19 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-28 18:17 - 2017-01-08 17:26 - 00000125 _____ C:\Users\David\Documents\settings.dat
2017-01-27 23:57 - 2015-09-15 14:43 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA Corporation
2017-01-27 23:56 - 2016-10-01 15:06 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-27 23:56 - 2015-03-11 19:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-27 23:55 - 2016-12-18 20:13 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-11-09 18:22 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-10-01 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-10-01 15:05 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-10-01 15:05 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-10-01 15:05 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2016-10-01 15:05 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-27 23:55 - 2015-03-11 19:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-27 23:55 - 2015-03-11 19:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 02:18 - 2016-12-18 20:14 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-21 00:04 - 2016-08-06 15:56 - 00000000 ____D C:\Users\David\AppData\Roaming\obs-studio
2017-01-20 18:39 - 2016-10-01 15:06 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-20 18:39 - 2016-10-01 15:06 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-20 18:39 - 2016-10-01 15:06 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-20 18:39 - 2016-10-01 15:06 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-20 18:39 - 2016-10-01 15:06 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-20 14:07 - 2016-10-01 15:05 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-20 13:36 - 2016-12-18 20:12 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-18 22:36 - 2016-09-20 17:46 - 00000000 ____D C:\Users\David\Documents\My Games
2017-01-18 21:15 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2016-02-28 10:18 - 2016-02-28 10:18 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-10-04 10:53 - 2015-10-04 11:00 - 0002072 _____ () C:\Users\David\AppData\Roaming\SpeedRunnersLog.txt
2016-04-25 19:20 - 2016-04-25 19:21 - 2128896 _____ () C:\Users\David\AppData\Local\file__0.localstorage
2017-01-29 15:19 - 2017-01-29 15:19 - 1974953 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2015-09-15 19:40 - 2017-02-16 18:05 - 0007621 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-03-10 09:19 - 2015-03-10 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-18 20:14 - 2017-01-27 23:55 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-18 20:14 - 2017-01-27 02:18 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-13 14:57 - 2017-02-13 14:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10914422.exe
2017-02-15 16:07 - 2017-02-15 16:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10945903.exe
2017-02-12 15:05 - 2017-02-12 15:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate10994045.exe
2017-02-14 11:48 - 2017-02-14 11:48 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate1182487.exe
2017-02-14 11:48 - 2017-02-14 11:48 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate1182783.exe
2017-02-13 15:57 - 2017-02-13 15:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14523521.exe
2017-02-15 17:08 - 2017-02-15 17:08 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14555049.exe
2017-02-12 16:05 - 2017-02-12 16:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate14606139.exe
2017-02-12 19:09 - 2017-02-12 19:09 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate25672959.exe
2017-02-12 19:09 - 2017-02-12 19:09 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate25676313.exe
2017-02-13 12:01 - 2017-02-13 12:01 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate345807.exe
2017-02-12 12:07 - 2017-02-12 12:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate354933.exe
2017-02-12 12:07 - 2017-02-12 12:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate358240.exe
2017-02-15 13:11 - 2017-02-15 13:11 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate359535.exe
2017-02-15 13:11 - 2017-02-15 13:11 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate362858.exe
2017-02-13 12:57 - 2017-02-13 12:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3697176.exe
2017-02-15 14:07 - 2017-02-15 14:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3727503.exe
2017-02-12 13:04 - 2017-02-12 13:04 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate3778796.exe
2017-02-13 12:02 - 2017-02-13 12:02 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate391219.exe
2017-02-16 13:00 - 2017-02-16 13:00 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate490264.exe
2017-02-16 13:01 - 2017-02-16 13:01 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate547594.exe
2017-02-13 13:57 - 2017-02-13 13:57 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7306650.exe
2017-02-15 15:07 - 2017-02-15 15:07 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7336305.exe
2017-02-12 14:05 - 2017-02-12 14:05 - 0992056 _____ (Webroot) C:\Users\David\AppData\Local\Temp\WRupdate7386569.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 15:34

==================== End of FRST.txt ============================

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by David (16-02-2017 22:31:23)
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 14:43:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2540591498-2717392123-333389616-500 - Administrator - Disabled)
David (S-1-5-21-2540591498-2717392123-333389616-1001 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-2540591498-2717392123-333389616-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2540591498-2717392123-333389616-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Webroot SecureAnywhere (Disabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Disabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe After Effects 7.0 (HKLM-x32\...\Adobe After Effects 7.0) (Version: 7.0.0.244 - Adobe Systems, Inc.)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.1.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version:  - Ubisoft)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\Flux) (Version:  - )
Gang Beasts Online Beta (HKLM\...\Steam App 459960) (Version:  - )
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitFilm 4 Express (HKLM\...\{40EFEABF-B463-417A-B96D-CFDA42E1A70A}) (Version: 4.0.5609.10802 - FXHOME)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metasequoia Ver3.1 (HKLM-x32\...\Metasequoia Ver3.1) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.16 (HKLM-x32\...\{8C0C80AA-EA4D-4461-8B73-15A3A27F7D98}) (Version: 1.2.16 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.86 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
RuneScape Launcher 2.2.3 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.3 - Jagex Ltd)
SeaTools for Windows 1.3.0.15 (HKLM-x32\...\SeaTools for Windows) (Version: 1.3.0.15 - Seagate Technology)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Skyrim Script Extender (SKSE) (HKLM\...\Steam App 365720) (Version:  - The SKSE Team)
Source Filmmaker (HKLM\...\Steam App 1840) (Version:  - Valve)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.28 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Splinter Cell (HKLM-x32\...\Uplay Install 109) (Version:  - Ubisoft)
TP-LINK TL-WN821N(C)_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.) <==== ATTENTION
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Wi-Fi (HKLM-x32\...\{4C897612-87C1-4084-88B3-A9505DC17A77}) (Version: 2.0.9.48121 - Vodafone)
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.9.78 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XMind 7.5 Update 1 (v3.6.51) (HKLM-x32\...\XMind_is1) (Version: 3.6.51.201607142338 - XMind Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2540591498-2717392123-333389616-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F6CA1A8-33A3-4CDB-907C-2D4745F0D43A} - System32\Tasks\{5986A8D0-CC64-40D0-A14D-714DC67F2852} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {34DB0C6D-DE70-4A88-961F-795CEE8BA0BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-10] (Adobe Systems Incorporated)
Task: {362AE0A9-6242-436A-AE86-9022B2B8224B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3694AC4E-5D6A-4985-B72F-DBC6AD07E407} - System32\Tasks\{99B22D9D-B60D-4735-BC9D-A4D8E1D0397A} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {4567B2DB-9E7E-4F5C-A288-A880846FB20A} - System32\Tasks\AdobeAAMUpdater-1.0-David-PC-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-03-22] (Adobe Systems Incorporated)
Task: {4E9848EB-A785-4857-88D4-8DD1FA37B6DD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {5C064AB3-3E80-48C8-93CE-202B2E87768B} - System32\Tasks\{4FAD9023-CA25-4CF1-AC92-5E4FE5CAF5B2} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {62D2CBF8-78FA-443E-924D-119FFF7CD0A9} - System32\Tasks\{7D514921-7AE4-4F68-B8FC-1ED32A1768F5} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {6B2AD87C-A2B0-4581-B34C-73E744259E71} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {80FB916A-985A-4441-8E69-CA2FA8FE4B35} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {86D6AFDE-0DDC-447B-AAC7-B7189E1683EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {913DD2BF-C4B2-4E8E-8573-EB74B6BD44A7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {93E063D3-511D-47C3-BD7B-3D9F26865EB4} - System32\Tasks\{BCD83D00-71A9-48A4-A100-0009A898451E} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {BD61605E-EE76-4137-8AA5-C31D2CBD5A8D} - System32\Tasks\{65FE22B0-AB60-4B7F-9586-AAB5ECDBD00C} => C:\Program Files (x86)\Steam\Steam.exe [2017-01-19] (Valve Corporation)
Task: {BFFDC1F1-5DAF-4F28-BEF8-E9D32A114B7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)
Task: {D335950A-74CF-4B2C-9F7B-8B07DB332E52} - System32\Tasks\{0DA80FF4-757D-40AA-9A9F-F3244E46F8B9} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {D8F8E3B3-76ED-4259-A8A5-0376F97CC411} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {F1ED8DEB-A5D7-453D-8FA0-D1CA76E65A01} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-01 15:05 - 2017-01-20 18:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-01 15:05 - 2017-01-20 18:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2015-03-11 19:31 - 2016-11-10 22:38 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-01 22:18 - 2016-04-01 22:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-02 22:44 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-02 22:44 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00123168 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
2016-10-01 15:05 - 2017-01-20 18:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-01 15:05 - 2017-01-20 18:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-01 15:05 - 2017-01-20 18:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-01 15:06 - 2017-01-20 18:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-01 15:05 - 2017-01-20 13:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-01 15:05 - 2017-01-20 13:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-01 15:05 - 2017-01-20 13:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-01 15:05 - 2017-01-20 13:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-01 15:05 - 2017-01-20 13:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-01 15:05 - 2017-01-20 13:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-01 15:05 - 2017-01-20 13:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-18 20:13 - 2017-01-20 13:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-01-11 21:01 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-12 14:22 - 2017-01-12 14:22 - 01082880 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-12 14:22 - 2017-01-12 14:22 - 03750400 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-12 14:22 - 2017-01-12 14:22 - 00914432 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 21:01 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 21:01 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\David\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-16 12:57 - 2017-02-16 12:57 - 00148992 _____ () \\?\C:\Users\David\AppData\Local\Temp\E417.tmp.node
2017-01-12 14:22 - 2017-01-12 14:22 - 02658304 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-12 14:23 - 2017-01-12 14:23 - 02130432 _____ () \\?\C:\Users\David\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2015-10-04 10:05 - 2016-12-23 18:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-04 10:05 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-04 10:05 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-04 10:05 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-04 10:05 - 2017-01-19 01:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-04 10:05 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-04 10:05 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-04 10:05 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-04 10:05 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-04 10:05 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-04 10:05 - 2017-01-19 01:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 10:19 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-13 11:37 - 2017-01-05 03:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-10-04 10:05 - 2017-01-19 01:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00173856 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\launcher.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00294688 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\tier0.dll
2016-03-31 13:12 - 2017-02-14 20:41 - 00193824 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vstdlib.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00692512 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\filesystem_stdio.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 04311328 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\engine.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00136992 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\inputsystem.dll
2016-03-31 12:33 - 2016-03-31 13:12 - 00774656 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\SDL2.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 01294624 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\materialsystem.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00255776 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\datacache.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00518944 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\studiorender.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00895776 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vphysics.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00112416 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\video_services.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 01379104 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vguimatsurface.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00386336 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vgui2.dll
2016-03-31 13:12 - 2017-02-14 20:41 - 00152864 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\sourcevr.dll
2016-03-31 13:11 - 2016-03-31 13:11 - 00058368 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\openvr_api.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 01628960 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\shaderapidx9.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00131872 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\video_quicktime.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00124192 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\video_bink.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00161568 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dbg.dll
2016-03-31 13:12 - 2017-02-14 20:41 - 00244000 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx6.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00176416 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx7.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00356128 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx8.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00566560 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\stdshader_dx9.dll
2016-03-31 13:12 - 2017-02-14 20:41 - 00088352 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\unicode.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 15063328 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\bin\client.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 10625312 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\tf\bin\server.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00146208 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\soundemittersystem.dll
2016-03-31 13:11 - 2017-02-14 20:41 - 00111392 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\scenefilecache.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 01820448 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\replay.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 00980768 _____ () C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\ServerBrowser.dll
2016-03-31 12:33 - 2017-02-14 20:41 - 02063648 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\GameUI.dll
2016-03-31 13:12 - 2017-02-14 20:41 - 00093472 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vaudio_miles.dll
2016-03-31 13:11 - 2016-03-31 13:11 - 00071680 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssmp3.asi
2016-03-31 13:11 - 2016-03-31 13:11 - 00153088 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssvoice.asi
2016-03-31 13:11 - 2016-03-31 13:11 - 00013312 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\mssds3d.flt
2016-03-31 13:11 - 2016-03-31 13:11 - 00055808 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\msseax.flt
2016-03-31 13:11 - 2017-02-14 20:41 - 00122656 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\bugreporter_public.dll
2016-11-19 01:31 - 2017-02-14 20:41 - 00183072 _____ () c:\program files (x86)\steam\steamapps\common\team fortress 2\bin\vaudio_celt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CheVolume.lnk => C:\Windows\pss\CheVolume.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupreg: ${_APP_NAME} => C:\Program Files (x86)\WellWeWeb\CheVolume\CheVolume.exe
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VodafoneMobileWiFi => C:\Program Files (x86)\Vodafone\Vodafone Mobile Wi-Fi\Launcher.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WRSVC => "C:\Program Files\Webroot\WRSA.exe" -ul

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7B8B84CA-1BAD-4839-AF4A-2C145F6C137C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{EDDC186D-DBF2-4B28-8350-BD2E306D1177}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{1E66CF61-C9ED-4A0B-B591-1CEF3BA5BD20}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{9313DF91-AB74-4995-A706-F85725528465}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [TCP Query User{DB1C5A72-7071-4154-86E3-230E4720A83D}C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{B8252243-DBD5-4347-BA27-01864CAFD447}C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\david\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{BF3092F6-0D6F-4EE4-AC39-782AA1F58917}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D963C7CF-5904-421F-B2EE-5EF34A07F581}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{59220C62-9841-4E50-8E46-F05BE82639D8}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{9C873243-10F4-443B-94C3-0FD73B9678A4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{75A38778-A343-4FA8-8512-C391D1508435}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{0C8E142B-27CD-44F4-A726-292FF5AD9A2B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{3505E844-0A8B-476F-BF47-603B51FC51FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DAFA3A52-F4EB-4EAD-94E0-1C1C2E318A64}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{751D32B7-9EC2-4A45-ACEA-EB11014831BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{02B5F15E-E764-405E-859C-B49169188F62}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{80E7613D-95C5-474D-9FD2-7BC33F218B47}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe
FirewallRules: [{479A4147-6E32-468A-9DFC-84209D4170A2}] => (Allow) C:\Program Files (x86)\Ralink\Common\ApUI.exe
FirewallRules: [{D083DD47-227E-4B2E-B4A6-40609B78BF78}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{BE3FBDA4-D9DC-4B03-99B5-E1E5F55C4A1B}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{07116CFF-3DDF-42B5-A40B-C6F3CF89CB74}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{C1A0ECDC-01BC-4ED3-A1A5-7A5BAA958F19}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E20AF7B0-E295-487A-A00B-92751E7A713B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{ED47CA92-3D80-4F33-A6AD-0E2D1C952435}] => (Allow) LPort=8317
FirewallRules: [{8053F73B-D01C-4ED6-98F5-935B8BA41818}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62726A01-029F-41DA-A499-8FB613A35D26}] => (Allow) LPort=2869
FirewallRules: [{0D83FE2D-77A0-4490-8AD5-449D7113AFD8}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{D0229830-C9D7-4B58-AD0B-825594769795}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{69A64220-453C-4EAF-BF07-091964CB635A}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{AB601DB9-4BAE-4F5D-BF4C-F82E682F84A6}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{F6839606-36F8-45D5-AE4A-44AE44FDF585}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{906E0050-788A-4D67-A93E-38C2A6969E42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F5E240E4-7013-4C27-ABFE-F93D8811F457}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7BFFAD94-99EE-4B56-BDE8-513E94577445}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7E2D8198-A962-4347-9E97-D8F11111D24A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{B09694EE-57D7-40E5-92FE-F9D7C1A9BDFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe
FirewallRules: [{EF413F39-EF7C-48C3-9334-AF5E359612B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{F32FEAA6-D599-4049-AD91-9BE9B120D9F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe
FirewallRules: [{93FF1061-AF27-44D8-B425-B9331D2F694E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe
FirewallRules: [{7A675AB2-F12B-48C6-A445-8397C937B165}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gang Beasts Online Beta\Gang Beasts Online Multiplayer Beta.exe
FirewallRules: [TCP Query User{D6F4B86E-1693-4B65-86CA-3E41957CA8D2}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{28D01F4E-4BA0-4785-84F9-62C542CDDB3B}C:\program files\webroot\wrsa.exe] => (Allow) C:\program files\webroot\wrsa.exe
FirewallRules: [TCP Query User{A27F3C1E-AB8D-42EB-9455-33E4ABC1CDF3}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{4F30B215-F441-40C4-BAC3-8D822193DAE5}C:\program files\webroot\wrsa.exe] => (Block) C:\program files\webroot\wrsa.exe
FirewallRules: [{0CB0F828-D926-4C25-83C3-389EF7198E24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{CE9BA848-8F0E-42FD-97C3-EC8A2602538F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{79899BE4-5FFD-4693-8B2C-35E693CB4CF6}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{DEF9CBBC-4F0E-4625-92F8-8838FDC1E62B}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Block) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{BB7897AD-5753-4294-8A21-FF54676EE9F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{49AFF4F3-464E-47E2-B608-C68C4083F943}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8BFA8E8F-EF4D-43CC-BA63-91E49A75B7A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DB5E635F-FE80-492A-8DFC-85B1631AFB44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DCC1F738-E13B-429C-9FD2-DCC5E3860341}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DE10B753-9F63-41BA-8306-73DA11D3F2FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4AEED87F-51A4-4E44-8347-ACA8856F1940}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{09E93143-FED8-4789-B4B2-5836DC63FCC7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{90D5E55F-B91E-4EDC-A762-D0DBC4043B6D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Splinter Cell\system\SplinterCell.exe
FirewallRules: [{4EBAEBDE-7BBC-4D57-8324-3F494AD61AD9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{BCC4C621-12FF-4403-94E8-A6C064913F6A}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3SP.exe
FirewallRules: [{716D1BF1-2936-48FE-BF5A-B1D7DF8782EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{1C215BEC-019C-4DF1-AC5D-BDBC85C35A9F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed III\AC3MP.exe
FirewallRules: [{952ABC19-2532-4C98-9F71-E5B9CA4D1013}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E8E343A0-19F5-4420-AEC4-13BD9D3BC4E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E7D8B719-F9EF-4491-AC68-A34ADAB0E713}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B69C1314-4FF9-4FF2-937C-8C53D39896EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{9BA1AD8E-D946-4C20-A5B8-6BE686B8C002}C:\eve\sharedcache\tq\bin\exefile.exe] => (Block) C:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{750160C2-0D65-4FDA-BDF8-83F547280B1A}C:\eve\sharedcache\tq\bin\exefile.exe] => (Block) C:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [{770A68AF-9C7C-4C0A-96EA-6D45D1D3FDBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C421A257-AAA0-4EF2-8EC7-513ED8684FB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7D70B427-8E82-4D22-A1DD-F8234960B36D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{037DAF98-C4CE-4238-AC46-AA10F9929E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{6B6E915D-82BB-4E2D-B841-6F1263834772}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{7C01FB95-B3AE-4F99-9DC6-5FD9FA8D2D02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe
FirewallRules: [{65E486C1-E954-4170-805D-CFF8031DF66C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-02-2017 12:45:37 Windows Update
12-02-2017 19:00:05 Windows Backup
14-02-2017 11:40:22 Windows Update
15-02-2017 21:20:27 15 feb 2016

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2017 12:54:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/15/2017 09:18:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257
Faulting module name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257
Exception code: 0xc0000005
Fault offset: 0x00017577
Faulting process id: 0x1c54
Faulting application start time: 0x01d287d1055d38b5
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe
Report Id: 443bc809-f3c4-11e6-a9c0-fcaa14b159d5

Error: (02/15/2017 09:17:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257
Faulting module name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257
Exception code: 0xc0000005
Fault offset: 0x000241a1
Faulting process id: 0xbec
Faulting application start time: 0x01d287d0f28f4188
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe
Faulting module path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe
Report Id: 378e3433-f3c4-11e6-a9c0-fcaa14b159d5

Error: (02/15/2017 09:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpk.exe, version: 0.0.0.0, time stamp: 0x58a20257
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x20202020
Faulting process id: 0xbec
Faulting application start time: 0x01d287d0f28f4188
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\bin\vpk.exe
Faulting module path: unknown
Report Id: 31896f94-f3c4-11e6-a9c0-fcaa14b159d5

Error: (02/15/2017 01:07:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/15/2017 12:58:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2017 11:30:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/14/2017 11:27:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2017 11:57:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/13/2017 11:55:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/16/2017 02:33:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/16/2017 02:33:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/16/2017 02:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/16/2017 02:33:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/16/2017 02:33:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (02/16/2017 02:33:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\David\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6350 Six-Core Processor 
Percentage of memory in use: 72%
Total physical RAM: 8173.55 MB
Available physical RAM: 2229.81 MB
Total Virtual: 16345.29 MB
Available Virtual: 9782.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:927.51 GB) (Free:527.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1CE59DCA)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=927.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

i also attached the addition.txt file to the post in case. thanks again, i appreciate it

Addition.txt

Link to post
Share on other sites

Thanks for those logs SpaciousName, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Clean install Malwarebytes from version 2 to version 3...

Please download MBAM-clean and save it to your desktop.
 
  • Right-click on mbam-clean.exe icon and select user posted image Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
  • Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

If you have lost the activation licence key information it can be located here: http://www.cleverbridge.com/342/?scope=cusecolp

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Spoiler

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by David (17-02-2017 13:24:40) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\MountPoints2: {63c8786b-7256-11e5-b532-fcaa14b159d5} - E:\SetupWi-Fi.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
Tcpip\..\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}: [DhcpNameServer] 192.168.1.1 0.0.0.0 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
S2 RalinkRegistryWriter64; "C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe" [X]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [X] 
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X] 
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\...\ChromeHTML: ->  <==== ATTENTION
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION 
FirewallRules: [{ED47CA92-3D80-4F33-A6AD-0E2D1C952435}] => (Allow) LPort=8317
FirewallRules: [{62726A01-029F-41DA-A499-8FB613A35D26}] => (Allow) LPort=2869
FirewallRules: [{0D83FE2D-77A0-4490-8AD5-449D7113AFD8}] => (Allow) LPort=1900
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63c8786b-7256-11e5-b532-fcaa14b159d5} => key removed successfully
HKCR\CLSID\{63c8786b-7256-11e5-b532-fcaa14b159d5} => key not found. 
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4E33CA4-D23F-46C0-84DE-0E2DF251019B}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6CA06FE-DCBC-4B72-8561-C42D57B63360}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\RalinkRegistryWriter64 => key removed successfully
RalinkRegistryWriter64 => service removed successfully
HKLM\System\CurrentControlSet\Services\RaMediaServer => key removed successfully
RaMediaServer => service removed successfully
HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\netr28ux => key removed successfully
netr28ux => service removed successfully
HKU\S-1-5-21-2540591498-2717392123-333389616-1001_Classes\ChromeHTML => key removed successfully
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\exefile => key removed successfully
HKU\S-1-5-21-2540591498-2717392123-333389616-1001\Software\Classes\.exe => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED47CA92-3D80-4F33-A6AD-0E2D1C952435} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62726A01-029F-41DA-A499-8FB613A35D26} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D83FE2D-77A0-4490-8AD5-449D7113AFD8} => value removed successfully

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53093300 B
Java, Flash, Steam htmlcache => 793630348 B
Windows/system/drivers => 504879527 B
Edge => 0 B
Chrome => 888227484 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 11492062 B
David => 2438934605 B
OVRLibraryService => 0 B

RecycleBin => 52084925491 B
EmptyTemp: => 52.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:30:37 ====

Spoiler

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/17
Scan Time: 2:10 PM
Logfile: malware scan report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1286
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David-PC\David

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391584
Time Elapsed: 17 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Spoiler

# AdwCleaner v6.043 - Logfile created 17/02/2017 at 14:34:48
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1452 Bytes] - [17/02/2017 14:34:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1749 Bytes] - [17/02/2017 14:33:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1598 Bytes] ##########
 

Hi Kevin, i followed these steps and added the logs in the spoilers above. if i've missed anything please let me know

the ESET scan detected nothing, and i deleted the application's data on close like you said. no log was produced. I did also have my real-time protection turned off so it wouldn't interfere with the scan.

thanks

Link to post
Share on other sites

Not really, my only other issue would be that sometimes my PC will take a very long time to start up, around 5-10 minutes after which i have to restart it again or else it will run very slowly. i have tried following some guides on speeding up my PC and looking at my BIOS but it didn't resolve the issue. although this might have been solved by the help you've given me already, i haven't checked yet. another thing is that i have 2 installations of webroot secure anywhere on my PC, because when i start up my PC i will get a notification asking for permission from the program to start up again even though it's already running.

besides that i don't have any issues, and thanks very much for your help. i really appreciate it

Edited by SpaciousName
Link to post
Share on other sites

Set your system up to run in "Clean Boot" mode, basically this is all none MS services disabled, obviously if network or security issues are listed keep those active... Full instructions at the following link:https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

Does clean boot make any difference...

Link to post
Share on other sites

i just restarted my pc in clean boot mode, it seems to be running okay and everything. like I said though the slow startup doesn't happen all the time, only every now and again and usually after i start up my PC after having it on for a long time. sorry for making 2 posts in a short space of time, i probably should have just waited and made one.

Link to post
Share on other sites

If clean boot has not that much difference then just go back to normal mode, the instructions are in the link provided for clean boot... Your system is not being affected by malware or infection. If the issue is sporadic and only happens when you reboot after the PC has been in use for an extended period maybe is worthwhile logging system temperatures, maybe give the PC a spring clean inside specifically heat sink around CPU etc....

To remove tools we have used run the following:

Download "Delfix by Xplode" and save it to your desktop. (This link is down at present, use the following mirror link)

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.