Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Registry Change Notification

  1. #1
    Junior Member
    Join Date
    Apr 2017
    Posts
    7

    Default Registry Change Notification

    First and foremost; I understand we are meant to follow a certain procedure. Please continue reading, as I have run in to a few problems with the instructed procedure.

    I have spybot installed and teatimer enabled. Today, I have been receiving registry change notification errors. I do not remember what all of the errors are, but the latest one was this: https://i.imgur.com/lygGRZl.png
    After receiving that I was advised from a friend to post here. This is a brand new computer and it was expensive and I cannot afford to replace it or get it fixed if it's attacked by some malicious virus. After my computer crashed (see below...), I did get a notification from adobe flash to update flash, so I did that.

    Also, I am unable to attach Addition.txt as it says the file exceeds the forums allowed size limit or something of this nature.

    Lastly, I cannot do anything with aswMBR. I get to the Virtualization Technology pop-up, select Yes, and this happens: https://i.imgur.com/evPMNiD.png Once was enough for me, but I stupidly tried again after the crash and it happened again.

    I'm sitting here in tears because I want the help, and I'm trying to follow procedure but it's not working and I don't want to get in trouble, please help!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
    Ran by RAC973 (administrator) on LAPTOP-NTS4PET1 (07-12-2018 23:24:46)
    Running from C:\Users\RAC973\Desktop
    Loaded Profiles: RAC973 (Available Profiles: RAC973)
    Platform: Windows 10 Home Version 1803 17134.376 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\igfxCUIService.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
    (ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\IntelCpHDCPSvc.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (IntelŽ Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\IntelCpHeciSvc.exe
    (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
    (ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsMonStartupTask64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\igfxEM.exe
    () C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUSTek COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
    (f.lux Software LLC) C:\Users\RAC973\AppData\Local\FluxSoftware\Flux\flux.exe
    (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (ASUSTek Computer Inc.) C:\Program Files\WindowsApps\B9ECED6F.ASUSBatteryHealthCharging_1.0.7.0_x86__qmba6cd70vzyy\ASUS Battery Health Charging\BhcMgr.exe
    (ASUSTek Computer Inc.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.10.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
    (ASUS) C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.1.0.0_x64__qmba6cd70vzyy\ACMON.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\igfxext.exe
    (ASUS) C:\Program Files\WindowsApps\B9ECED6F.ROGAuraCore_2.1.25.0_x86__qmba6cd70vzyy\AuraListen.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\ATKOSD2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\furc_on.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBox.Agent.exe
    (Microsoft Corporation) C:\Windows\System32\osk.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Microsoft Corporation) C:\Windows\HelpPane.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Discord Inc.) C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Discord Inc.) C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\Discord.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
    (Dragon's Eye Productions, Inc.) C:\Program Files (x86)\Furcadia\Furcadia.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\SndVol.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-05-07] (ASUSTeK COMPUTER INC.)
    HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-10-18] (Intel)
    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\Run: [f.lux] => C:\Users\RAC973\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC)
    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [1456128 2018-11-25] (Adobe Systems Incorporated)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{2f3cb0f7-73fb-42ba-9eb2-27627a286602}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{6c3f2c2f-5352-4733-b870-867024be31ce}: [DhcpNameServer] 40.53.1.13

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2018-10-29] (McAfee, Inc.)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2018-10-29] (McAfee, Inc.)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfeeŽ WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2018-10-29]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-21] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-21] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-10-29] (Google Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.rprepository.com/c/tenebris
    CHR StartupUrls: Default -> "hxxps://i.imgur.com/BuFwQI5.png","hxxps://i.imgur.com/6CbX7ap.png","hxxps://cdn.discordapp.com/attachments/166346126662828033/508115065963282475/19-Cruel.png","hxxps://cdn.discordapp.com/attachments/166346126662828033/378819353564545024/cruknife.png","hxxps://cdn.discordapp.com/attachments/166346126662828033/288502705272389633/20170306_214618.jpg","hxxps://i.imgur.com/Imy6ZnQ.png","hxxps://i.imgur.com/wizAh8R.png","hxxps://cdn.discordapp.com/attachments/166346126662828033/495711571998146560/naticrutenechibiswm.png"
    CHR Profile: C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default [2018-12-07]
    CHR Extension: (Slides) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-29]
    CHR Extension: (Flash Video Downloader) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2018-10-29]
    CHR Extension: (Docs) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-29]
    CHR Extension: (Google Drive) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-29]
    CHR Extension: (YouTube) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-29]
    CHR Extension: (OpticRed Hubble1-1600 Theme) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmpcjpbnfggoobceakkkcojmnnhkehom [2018-10-29]
    CHR Extension: (Adblock Plus) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-03]
    CHR Extension: (Tampermonkey) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2018-11-15]
    CHR Extension: (Sheets) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-29]
    CHR Extension: (Google Docs Offline) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-29]
    CHR Extension: (Pinterest Save Button) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-10-29]
    CHR Extension: (Photobucket Hotlink Fix) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegnjbncdcliihbemealioapbifiaedg [2018-10-29]
    CHR Extension: (Cently (Coupons at Checkout)) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2018-11-22]
    CHR Extension: (Linkclump) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2018-10-29]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-29]
    CHR Extension: (Senet Online) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcegikaljcfolenjkadbbaicbgjcpb [2018-10-29]
    CHR Extension: (Gmail) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-29]
    CHR Extension: (Chrome Media Router) - C:\Users\RAC973\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-10-29]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AsHidService; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsHidSrv64.exe [171912 2018-01-07] (ASUSTek Computer Inc.)
    R2 ASLDRService; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\AsLdrSrv64.exe [202120 2018-01-07] (ASUSTek Computer Inc.)
    S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [325456 2018-06-11] ()
    R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-10-18] (Intel)
    R2 esifsvc; C:\Windows\System32\Intel\DPTF\esif_uf.exe [1646120 2018-02-05] (Intel Corporation)
    R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
    R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [302416 2018-06-28] (ASUSTeK Computer Inc.)
    S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2593848 2018-04-13] (Intel Corporation)
    R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [541896 2018-07-05] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [743728 2017-11-16] (Intel(R) Corporation)
    S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [720184 2017-11-16] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [214672 2018-01-31] (Intel Corporation)
    R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [1228736 2018-09-05] (ASUSTek Computer Inc.)
    S3 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [675736 2018-10-29] (McAfee, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] ()
    S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-15] (NVIDIA Corporation)
    R2 ROGGamingCenterService; C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingCenterService.exe [40416 2018-04-19] (ASUSTeK COMPUTER INC.)
    S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [220440 2018-08-24] (Stardock Software, Inc)
    R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [194792 2018-09-19] ()
    S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-09-19] ()
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-10-29] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-10-29] (Microsoft Corporation)
    R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18816 2018-01-12] (Intel(R) Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (IntelŽ Corporation)
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [103816 2017-10-30] (ASUSTek COMPUTER INC.)
    R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_a5cf007e1dac78ef\atkwmiacpi64.sys [30600 2018-01-07] (ASUSTek Computer Inc.)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [70040 2017-10-26] (Intel Corporation)
    R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [399264 2017-10-26] (Intel Corporation)
    R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31144 2017-11-23] (ASUS)
    R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [123544 2017-10-15] (Intel Corporation)
    R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [941624 2018-01-29] (Intel Corporation)
    S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [72248 2018-04-13] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [141848 2018-07-05] (Intel Corporation)
    R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation)
    S3 mfesapsn; C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [111976 2018-10-29] (McAfee, Inc.)
    R1 netfilter21556; C:\Windows\System32\drivers\netfilter21556.sys [96392 2017-12-16] (Windows (R) Win 7 DDK provider)
    S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Intel Corporation)
    S3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8743448 2018-04-27] (Intel Corporation)
    R3 Netwtw08; C:\Windows\System32\drivers\Netwtw08.sys [8851480 2018-08-02] (Intel Corporation)
    R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_71f736a9d5145f30\nvlddmkm.sys [17199704 2018-08-03] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-15] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-15] (NVIDIA Corporation)
    R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-15] (NVIDIA Corporation)
    R3 RSP2STOR; C:\Windows\System32\drivers\RtsP2Stor.sys [329664 2017-10-26] (Realtek Semiconductor Corp.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1010648 2017-10-19] (Realtek )
    R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [43008 2018-09-19] ()
    S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-10-29] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [328696 2018-10-29] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60408 2018-10-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-07 23:24 - 2018-12-07 23:25 - 000024828 _____ C:\Users\RAC973\Desktop\FRST.txt
    2018-12-07 23:24 - 2018-12-07 23:24 - 000000000 ____D C:\FRST
    2018-12-07 23:23 - 2018-12-07 23:23 - 002417152 _____ (Farbar) C:\Users\RAC973\Desktop\FRST64.exe
    2018-12-07 23:18 - 2018-12-07 23:18 - 000002314 _____ C:\Users\RAC973\Desktop\Tweaking.com - Registry Backup.lnk
    2018-12-07 23:18 - 2018-12-07 23:18 - 000000207 _____ C:\Windows\tweaking.com-regbackup-LAPTOP-NTS4PET1-Windows-10-Home-(64-bit).dat
    2018-12-07 23:18 - 2018-12-07 23:18 - 000000000 ____D C:\Users\RAC973\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2018-12-07 23:18 - 2018-12-07 23:18 - 000000000 ____D C:\RegBackup
    2018-12-07 23:18 - 2018-12-07 23:18 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2018-12-07 23:16 - 2018-12-07 23:18 - 000021653 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2018-12-07 23:16 - 2018-12-07 23:16 - 005766144 _____ (Tweaking.com) C:\Users\RAC973\Desktop\tweaking.com_registry_backup_setup (1).exe
    2018-12-07 23:15 - 2018-12-07 23:15 - 005766144 _____ (Tweaking.com) C:\Users\RAC973\Downloads\tweaking.com_registry_backup_setup.exe
    2018-12-03 20:51 - 2018-12-03 20:51 - 000000000 ____D C:\Users\RAC973\AppData\Roaming\com.playsaurus.heroclicker
    2018-12-03 04:29 - 2018-12-03 20:38 - 000000000 ____D C:\Users\RAC973\AppData\Local\CrashDumps
    2018-11-30 23:32 - 2018-12-06 20:54 - 000000290 _____ C:\Users\RAC973\Desktop\EXPENSES.txt
    2018-11-25 21:11 - 2018-11-25 21:11 - 000004592 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2018-11-25 21:10 - 2018-11-25 21:11 - 000000000 ____D C:\Users\RAC973\AppData\Local\Adobe
    2018-11-19 14:49 - 2018-11-19 14:49 - 000000000 ____D C:\Users\RAC973\AppData\Local\Skyrim
    2018-11-19 14:44 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2018-11-19 14:44 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2018-11-19 14:44 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2018-11-19 14:44 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2018-11-19 14:44 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2018-11-19 14:44 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2018-11-19 14:44 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
    2018-11-19 14:44 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
    2018-11-19 14:44 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
    2018-11-19 14:44 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2018-11-19 14:44 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2018-11-19 14:44 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
    2018-11-19 14:44 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2018-11-19 14:44 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
    2018-11-19 14:44 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
    2018-11-19 14:44 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2018-11-19 14:44 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
    2018-11-19 14:44 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2018-11-19 14:44 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
    2018-11-19 14:44 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2018-11-19 14:44 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2018-11-19 14:44 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
    2018-11-19 14:44 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
    2018-11-19 14:44 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2018-11-19 14:44 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2018-11-19 14:44 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
    2018-11-19 14:44 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
    2018-11-19 14:44 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2018-11-19 14:44 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
    2018-11-19 14:44 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2018-11-19 14:44 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
    2018-11-19 14:44 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
    2018-11-19 14:44 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2018-11-19 14:44 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2018-11-19 14:44 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
    2018-11-19 14:44 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2018-11-19 14:44 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
    2018-11-19 14:44 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2018-11-19 14:44 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
    2018-11-19 14:44 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2018-11-19 14:44 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
    2018-11-19 14:44 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2018-11-19 14:44 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
    2018-11-19 14:44 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2018-11-19 14:44 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
    2018-11-19 14:44 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2018-11-19 14:44 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
    2018-11-19 14:44 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2018-11-19 14:44 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
    2018-11-19 14:44 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2018-11-19 14:44 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
    2018-11-19 14:44 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2018-11-19 14:44 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2018-11-19 14:44 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
    2018-11-19 14:44 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2018-11-19 14:44 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2018-11-19 14:44 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
    2018-11-19 14:44 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2018-11-19 14:44 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
    2018-11-19 14:44 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2018-11-19 14:44 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
    2018-11-19 14:44 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2018-11-19 14:44 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
    2018-11-19 14:44 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2018-11-19 14:44 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
    2018-11-19 14:44 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2018-11-19 14:44 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
    2018-11-19 14:44 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2018-11-19 14:44 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
    2018-11-19 14:44 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2018-11-19 14:44 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
    2018-11-19 14:44 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
    2018-11-19 14:44 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2018-11-19 14:44 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2018-11-19 14:44 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2018-11-19 14:44 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2018-11-19 14:44 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
    2018-11-19 14:44 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2018-11-19 14:44 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
    2018-11-19 14:44 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
    2018-11-19 14:44 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2018-11-19 14:44 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2018-11-19 14:44 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2018-11-19 14:44 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
    2018-11-19 14:44 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
    2018-11-19 14:44 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
    2018-11-19 14:44 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2018-11-19 14:44 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2018-11-19 14:44 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
    2018-11-19 14:44 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2018-11-19 14:44 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
    2018-11-19 14:44 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2018-11-19 14:44 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
    2018-11-19 14:43 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2018-11-19 14:43 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
    2018-11-19 14:43 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2018-11-19 14:43 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
    2018-11-19 14:43 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2018-11-19 14:43 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
    2018-11-19 14:43 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2018-11-19 14:43 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
    2018-11-19 14:43 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2018-11-19 14:43 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
    2018-11-19 14:43 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2018-11-19 14:43 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
    2018-11-19 14:43 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2018-11-19 14:43 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
    2018-11-19 14:43 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2018-11-19 14:43 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
    2018-11-18 22:28 - 2018-11-18 22:28 - 000000000 ____D C:\Users\RAC973\AppData\LocalLow\Defiant Development
    2018-11-16 21:52 - 2018-11-16 21:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2018-11-12 22:59 - 2018-11-27 23:06 - 000000000 ____D C:\Users\RAC973\AppData\Roaming\vlc
    2018-11-12 22:53 - 2018-11-12 22:53 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2018-11-12 22:53 - 2018-11-12 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2018-11-12 22:52 - 2018-11-12 22:52 - 000000000 ____D C:\Program Files\VideoLAN
    2018-11-12 22:51 - 2018-11-12 22:52 - 041486400 _____ C:\Users\RAC973\Downloads\vlc-3.0.4-win64.exe
    2018-11-12 22:50 - 2018-11-13 00:04 - 000000000 ___RD C:\Users\RAC973\Desktop\MOVIES
    2018-11-11 13:56 - 2018-11-11 13:56 - 000000000 ____D C:\Users\RAC973\AppData\Roaming\OpenOffice

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-12-07 23:25 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2018-12-07 23:13 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-12-07 21:51 - 2018-05-09 11:24 - 000000000 ____D C:\Windows\system32\SleepStudy
    2018-12-07 16:38 - 2018-10-29 16:36 - 000003380 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3919023636-3324971714-3320823635-1001
    2018-12-07 16:38 - 2018-10-26 01:57 - 000000000 ___RD C:\Users\RAC973\OneDrive
    2018-12-07 16:38 - 2018-10-26 01:54 - 000002372 _____ C:\Users\RAC973\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2018-12-07 13:58 - 2018-04-11 16:30 - 000000000 ____D C:\Windows\CbsTemp
    2018-12-07 12:25 - 2018-08-31 01:03 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-12-07 01:00 - 2018-10-29 19:21 - 000000023 _____ C:\Basic.ini
    2018-12-06 21:11 - 2018-10-29 19:37 - 000000000 ____D C:\Program Files (x86)\Steam
    2018-12-04 09:58 - 2018-10-30 21:29 - 000000000 ____D C:\Users\RAC973\AppData\Local\ElevatedDiagnostics
    2018-12-04 06:29 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\AppReadiness
    2018-12-03 23:20 - 2018-10-29 19:23 - 000000000 ___RD C:\Users\RAC973\Desktop\FURC CHARA STUFF
    2018-12-03 17:57 - 2018-10-29 13:49 - 000000000 ____D C:\Users\RAC973\AppData\Local\PlaceholderTileLogoFolder
    2018-12-02 16:45 - 2018-10-29 13:55 - 000000000 ____D C:\Users\RAC973\AppData\Local\D3DSCache
    2018-12-01 01:00 - 2018-08-31 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2018-12-01 01:00 - 2018-08-31 01:21 - 000000000 ____D C:\Program Files (x86)\ASUS
    2018-11-26 12:03 - 2018-08-31 01:47 - 000000000 ____D C:\ProgramData\SS3
    2018-11-25 21:13 - 2018-10-29 14:05 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-11-25 21:13 - 2018-10-29 14:05 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-11-25 21:11 - 2018-04-11 16:38 - 000000000 ____D C:\Windows\system32\Macromed
    2018-11-25 16:09 - 2018-10-29 14:51 - 000000000 ____D C:\Users\RAC973\Desktop\PHOENIX PICTURES
    2018-11-19 16:02 - 2018-08-31 00:47 - 000793700 _____ C:\Windows\system32\PerfStringBackup.INI
    2018-11-19 16:02 - 2018-04-11 16:36 - 000000000 ____D C:\Windows\INF
    2018-11-19 16:00 - 2018-10-30 21:32 - 000004333 _____ C:\default.xml
    2018-11-19 16:00 - 2018-10-30 21:32 - 000003628 _____ C:\CAP.xml
    2018-11-19 16:00 - 2018-10-29 23:22 - 000004400 _____ C:\GetProfile_2 .xml
    2018-11-19 16:00 - 2018-10-29 19:21 - 000004366 _____ C:\Windows\SysWOW64\Status.XML
    2018-11-19 16:00 - 2018-10-29 19:21 - 000003628 _____ C:\Windows\SysWOW64\Capability.XML
    2018-11-19 16:00 - 2018-10-29 19:21 - 000002609 _____ C:\Windows\SysWOW64\AuraDlgSetProfile.xml
    2018-11-19 15:59 - 2018-10-26 01:55 - 000000000 __SHD C:\Users\RAC973\IntelGraphicsProfiles
    2018-11-19 15:58 - 2018-05-09 11:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2018-11-19 15:57 - 2018-04-11 14:04 - 000524288 _____ C:\Windows\system32\config\BBI
    2018-11-14 21:23 - 2018-10-29 18:17 - 000000000 ___RD C:\Users\RAC973\Desktop\RP FILES
    2018-11-12 22:57 - 2018-10-29 20:46 - 000000000 ___RD C:\Users\RAC973\Desktop\NOTEPAD STUFF
    2018-11-12 22:54 - 2018-10-29 19:23 - 000000000 ___RD C:\Users\RAC973\Desktop\altnamecheck
    2018-11-11 23:39 - 2018-10-31 18:58 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
    2018-11-11 23:31 - 2018-08-31 01:08 - 000003260 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
    2018-11-11 23:31 - 2018-08-31 01:08 - 000003196 _____ C:\Windows\System32\Tasks\RTKCPL
    2018-11-11 23:30 - 2018-08-31 01:08 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
    2018-11-08 21:56 - 2018-10-29 19:37 - 000002167 _____ C:\Users\RAC973\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-05-09 11:24

    ==================== End of FRST.txt ============================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,804

    Default

    When Farbar Recovery Scan Tool (FRST) was first run it should had also created an Addition.txt
    If you can locate this please and paste it in your next reply.

    Also, what other things are happening on the computer?
    Browser redirects, alerts (other then the one you posted about?

    The flashplayer update might have been a legitimate one.

    I use the below to check mine out and have disabled the one which would be loaded in task lists.

    Users who have selected the option to 'Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.

    For I/E - some versions get 'Automatic' updates:
    - https://fpdownload.macromedia.com/pu..._player_ax.exe
    For Firefox and other Plugin-based browsers:
    - https://fpdownload.macromedia.com/pu...ash_player.exe
    For Chrome:
    - https://fpdownload.macromedia.com/pu...ayer_ppapi.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,804

    Default

    Also
    Do you know which version of Spybot is installed please.

    If your not sure you can compare versions in the below link:
    https://www.safer-networking.org/com...ybot-editions/
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Junior Member
    Join Date
    Apr 2017
    Posts
    7

    Default

    Nothing else so far has really been happening on the computer. I was just watching Twitch when it started happening. I am just very cautious as I believe a virus destroyed my tablet PC (it was an older one). And, one quick question on that. I want to remove the hard drive for my old tablet pc and plug it in with a usb to my current laptop to see if I can get it analyzed - however, I do not want to risk the virus jumping from the HD to my new laptop. Is there a way I can do this and still be safe. And, how would I run programs/tests for that specific HD? I purchased a casing for it so I could do this..but have yet to remove it and try.

    I am running Spybot version 1.6.2 It is the one I am most familiar with, I prefer it's user interface over any other and it has the skin/theme I really enjoy.

    And I apologize, I am not sure what you mean by this "I use the below to check mine out and have disabled the one which would be loaded in task lists.", more specifically, the "have disabled the one which would be loaded in tasks lists" part of it.
    On that note, I have Adobe and most anything on my computer to disable automatic updates. I have never ever liked them invading my personal time and choose to do updates manually on most any program I have.

    Here are the Addition.txt logs.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
    Ran by RAC973 (07-12-2018 23:25:41)
    Running from C:\Users\RAC973\Desktop
    Windows 10 Home Version 1803 17134.376 (X64) (2018-10-23 09:00:27)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3919023636-3324971714-3320823635-500 - Administrator - Enabled)
    DefaultAccount (S-1-5-21-3919023636-3324971714-3320823635-503 - Limited - Disabled)
    Guest (S-1-5-21-3919023636-3324971714-3320823635-501 - Limited - Disabled)
    RAC973 (S-1-5-21-3919023636-3324971714-3320823635-1001 - Administrator - Enabled) => C:\Users\RAC973
    WDAGUtilityAccount (S-1-5-21-3919023636-3324971714-3320823635-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    . . (HKLM\...\{B753FD71-4EB8-4842-9016-B1B97ACBDC79}) (Version: 7.1 - Intel) Hidden
    . . . (HKLM-x32\...\{E43C1D03-D1BF-4DF9-A6F3-E483EA8B01CA}) (Version: 3.6.0.4 - Intel) Hidden
    Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
    ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.2.5.0 - ASUSTek COMPUTER INC.) Hidden
    ASUS Aac_NBDT HAL (HKLM-x32\...\{1e8fa7c8-3d0b-424f-90e0-fb37eec7aa89}) (Version: 2.2.5.0 - ASUSTek COMPUTER INC.) Hidden
    Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.4001 - ASUSTeK COMPUTER INC) Hidden
    Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.4001 - ASUSTeK COMPUTER INC) Hidden
    ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.18 - ASUSTek COMPUTER INC. ) Hidden
    ASUS AURA Display Component (HKLM-x32\...\{f489fc88-047b-4188-acec-dfbe60961344}) (Version: 1.1.18 - ASUSTek COMPUTER INC. ) Hidden
    ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.12 - ASUSTek COMPUTER INC.) Hidden
    ASUS AURA Headset Component (HKLM-x32\...\{d24837ba-2990-457b-bb70-b72614e03845}) (Version: 1.1.12 - ASUSTek COMPUTER INC.) Hidden
    ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.02.06 - ASUSTek COMPUTER INC.) Hidden
    ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.5.0 - ASUSTeK COMPUTER INC.)
    Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.4001 - ASUSTeK COMPUTER INC) Hidden
    ASUS GiftBox Service (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 3.2.3.0 - ASUSTeK COMPUTER INC.)
    ASUS Hello (HKLM-x32\...\{D8CE1923-92A9-4036-817E-9E0D8AA2169B}) (Version: 1.1.4.0 - ASUSTeK COMPUTER INC.)
    ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.23 - ASUSTek COMPUTER INC.) Hidden
    ASUS Keyboard HAL (HKLM-x32\...\{3ff09a0d-4fd9-4b44-92f2-9dab1288f6f7}) (Version: 1.0.23 - ASUSTek COMPUTER INC.) Hidden
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.7 - ASUSTeK COMPUTER INC.)
    ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.20 - ASUSTek COMPUTER INC.) Hidden
    ASUS Mouse HAL (HKLM-x32\...\{c7dbfb14-6ee3-4bb5-83c2-43fb3f6bf066}) (Version: 1.0.20 - ASUSTek COMPUTER INC.) Hidden
    Asus NahimicSettingsConfigurator (HKLM\...\{60BE83C7-EFA4-4D80-9FE1-697A768DFA16}) (Version: 3.6.4001 - ASUSTeK COMPUTER INC) Hidden
    Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4001 - ASUSTeK COMPUTER INC) Hidden
    Asus ProfileSwitcherCleanup (HKLM\...\{687A1A22-9D2C-42DF-AA63-491F6FF72BC2}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC) Hidden
    ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.25 - ASUSTek COMPUTER INC.)
    Asus Sonic Radar 3 (HKLM-x32\...\{c395f533-2861-4239-a870-f903b410fe54}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC)
    Asus Sonic Studio 3 (HKLM-x32\...\{d8500a4a-deb1-4f92-b32b-4038f09a768b}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC)
    Asus SonicMapperConfigurator (HKLM\...\{A3FE80CE-7486-4207-B015-8DCDDFAED57D}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC) Hidden
    Asus SonicRadar3Setup (HKLM\...\{EB76E5A8-312D-4A0B-B383-F2EC5966A589}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC) Hidden
    Asus SonicStudio3Setup (HKLM\...\{936A5583-88BA-485A-A582-F85560FEE552}) (Version: 3.6.40.51156 - ASUSTeK COMPUTER INC) Hidden
    ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - ASUSTeK Computer Inc.) Hidden
    AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.02.23 - ASUSTeK Computer Inc.) Hidden
    AURA Service (HKLM-x32\...\{1198c03e-a742-4c20-9ee0-4a006ab2bc95}) (Version: 3.02.23 - ASUSTeK Computer Inc.)
    Discord (HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
    f.lux (HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\Flux) (Version: - f.lux Software LLC)
    Furcadia (HKLM-x32\...\Furcadia) (Version: 31.2 - Dragon's Eye Productions, Inc.)
    GameFirst V (HKLM-x32\...\{8A6E0CD9-CECD-4760-869D-AC7813014B22}) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.) Hidden
    GameFirst V (HKLM-x32\...\GameFirst V 5.0.12.2) (Version: 5.0.12.2 - ASUSTeK COMPUTER INC.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
    Intel(R) Computing Improvement Program (HKLM\...\{58FBAE3A-E602-47E6-9F32-AE25D48B378A}) (Version: 2.4.04140 - Intel Corporation)
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1805.12.0.1097 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.5018 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.1.1018 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000070-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.70.0 - Intel Corporation)
    IntelŽ Driver & Support Assistant (HKLM-x32\...\{e5a12991-d0a9-4922-a125-fce431f55219}) (Version: 3.6.0.4 - Intel)
    IntelŽ PROSet/Wireless Software (HKLM-x32\...\{bb524cb9-b65f-4f06-97f4-48c851e87a57}) (Version: 20.80.0 - Intel Corporation)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.8.18993 - McAfee, Inc.)
    Microsoft OneDrive (HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0006 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
    Minecraft (HKLM-x32\...\{2D1ED4EA-B59D-4665-ACB3-9325872A300D}) (Version: 1.0.4.0 - Mojang)
    NVIDIA 3D Vision Driver 398.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.35 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
    NVIDIA Graphics Driver 398.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.35 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.29095 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8443 - Realtek Semiconductor Corp.)
    ROG Gaming Center (HKLM\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 2.5.7 - ASUSTeK COMPUTER INC.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Stardock Start10 (HKLM-x32\...\Stardock Start10) (Version: 1.61 - Stardock Software, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
    Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
    Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.12.1.0 - Winaero)
    Windows Driver Package - ASUSTek COMPUTER INC. (AsusPTPDrv) HIDClass (10/25/2017 11.0.0.21) (HKLM\...\38D64A6EF13E2FAA5DE3820CB44E2994223DD766) (Version: 10/25/2017 11.0.0.21 - ASUSTek COMPUTER INC.)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
    XSplit Gamecaster (HKLM-x32\...\{B62EF111-9FCC-4DD6-B2BE-9CD1213717EC}) (Version: 3.3.1802.1515 - SplitmediaLabs)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e2a368790e2879c5\igfxDTCM.dll [2018-04-15] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-06-21] (NVIDIA Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00DBB7D7-3254-42B7-8237-ED6E8D0A8E63} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {0377C514-3A01-449E-ABD3-92E109D13697} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
    Task: {0D70487D-72E2-48FF-ACB1-598B5A4D296F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
    Task: {222F774F-C756-4463-833A-88D76A6B5B68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-29] (Google Inc.)
    Task: {23102CF6-8630-42AC-9FA9-0A568A6D35D1} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-05-10] (Realtek Semiconductor)
    Task: {2ADCEFA7-B598-4F58-94C4-7A03315C410B} - System32\Tasks\ASUS Hello => C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe [2018-05-31] ()
    Task: {2BB09BB9-7E64-4E96-998D-50AFDFE80B8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-10-29] (Google Inc.)
    Task: {2DDE77E9-6F0B-428A-91B1-A2C8DCE8EB81} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {4D38AC01-2944-4785-BFBF-9CDD9E4AE07D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
    Task: {5427291D-57E8-4C53-A744-8506100E5DF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
    Task: {5D8C209E-AC11-4FCC-9144-E0BA7F54C07D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
    Task: {67917EB3-C9D7-489E-B410-FF33287D72B8} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {763E9998-66E8-461A-820A-05B6435F0257} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-15] (NVIDIA Corporation)
    Task: {79F0BC8B-AF7B-4FA2-87C3-B32C55ADEC06} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-15] (NVIDIA Corporation)
    Task: {7C528FB4-3F54-475B-802F-087DCE57BABB} - System32\Tasks\S-1-5-21-3919023636-3324971714-3320823635-1001\DataSenseLiveTileTask => C:\Windows\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
    Task: {95D98A7F-3DC2-494E-852D-58DF39C5F4DC} - System32\Tasks\GameFirstV => C:\Program Files (x86)\ASUS\GameFirst\\GameFirst_V.exe [2018-05-31] (ASUS)
    Task: {9922B84E-980D-4D77-9820-CA2D24E8C531} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [2018-05-07] (ASUSTeK COMPUTER INC.)
    Task: {9932B966-2BC0-47CA-913C-0A26407C7D7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
    Task: {9BE04900-8876-4F51-8F32-A22C4E25F6D0} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [2018-05-07] (ASUSTeK COMPUTER INC.)
    Task: {A2B7C905-F945-4734-8709-21E95A5A703C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2018-05-10] (Realtek Semiconductor)
    Task: {B66D84C7-0BBE-4A69-B472-AAC935FFD235} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-15] (NVIDIA Corporation)
    Task: {B7A20BD1-6DA3-4A14-81D7-3693CB43041D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-15] (NVIDIA Corporation)
    Task: {C0DDF448-2717-47FF-BE9D-3EE0952C3F51} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2018-11-02] (ASUSTek Computer Inc.)
    Task: {C38ACB70-F7FB-4E60-BB64-85211F3C8C01} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_pepper.exe [2018-11-25] (Adobe Systems Incorporated)
    Task: {DDD569C7-D2B1-4030-9ADA-739BF4A39C51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-29] (Microsoft Corporation)
    Task: {F2856E64-897F-400F-BB8B-6641EC366409} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGamingKey.exe [2018-04-19] (ASUSTek Computer Inc.)
    Task: {F5B18603-F8A7-4E27-B85A-69E4961DD711} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-15] (NVIDIA Corporation)
    Task: {FF72EBD6-D953-45A4-BB6A-004F305EDD49} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-15] (NVIDIA Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\RAC973\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Senet Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pfmcegikaljcfolenjkadbbaicbgjcpb

    ==================== Loaded Modules (Whitelisted) ==============

    2018-08-31 01:03 - 2018-06-21 01:09 - 000138024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2018-08-02 20:55 - 2018-08-02 20:55 - 000184520 _____ () C:\Windows\system32\IntelWifiIhv08.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000194792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
    2018-09-19 00:51 - 2018-09-19 00:51 - 000975872 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sqlite3.DLL
    2018-05-07 16:06 - 2018-05-07 16:06 - 000485936 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
    2018-05-31 14:00 - 2018-05-31 14:00 - 000642448 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\ASUSHelloBG.exe
    2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
    2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
    2018-10-31 19:24 - 2018-10-21 00:15 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2018-10-29 17:37 - 2018-10-29 17:38 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
    2018-10-29 17:37 - 2018-10-29 17:38 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
    2018-10-29 17:37 - 2018-10-29 17:42 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    2018-05-07 16:14 - 2018-05-07 16:14 - 001697840 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\x64\SonicRadar3SystrayDaemon.dll
    2018-05-07 16:18 - 2018-05-07 16:18 - 000175152 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\x64\SonicStudio3SystrayDaemon.dll
    2018-05-07 16:06 - 2018-05-07 16:06 - 000286256 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3OSD.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000863464 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
    2018-09-19 00:51 - 2018-09-19 00:51 - 002329320 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000282344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000312552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000238824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000343272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_foreground_window_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000303848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_heartbeat_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000778472 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
    2018-11-08 19:31 - 2018-10-30 11:06 - 001057056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\SDL2.dll
    2018-11-08 19:31 - 2018-09-22 17:00 - 102804768 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
    2018-11-08 19:31 - 2018-09-22 17:00 - 004866336 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
    2018-11-08 19:31 - 2018-09-22 17:00 - 000116000 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
    2018-11-25 21:13 - 2018-11-15 22:43 - 005020504 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libglesv2.dll
    2018-11-25 21:13 - 2018-11-15 22:43 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.110\libegl.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2018-10-29 17:18 - 2018-10-29 18:02 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
    2018-10-29 17:18 - 2018-10-29 17:42 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
    2018-10-29 17:18 - 2018-10-29 18:02 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000937192 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    2018-09-19 00:51 - 2018-09-19 00:51 - 000292584 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000339176 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000266984 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000322792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000693480 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000243944 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000750824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000411368 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000278760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000376552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
    2018-09-19 00:51 - 2018-09-19 00:51 - 000419048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_fps_input.dll
    2018-05-10 17:20 - 2018-05-10 17:20 - 000047576 _____ () C:\Program Files (x86)\LightingService\AuraHueWrapper.dll
    2018-08-17 15:39 - 2018-08-17 15:39 - 000475072 _____ () C:\Program Files\ASUS\AuraSDK\AuraSdk_x86.dll
    2018-09-25 15:06 - 2018-09-25 15:06 - 000205416 _____ () C:\Program Files\ASUS\Aac_NBDT\AacNBDTHal.dll
    2018-07-19 15:59 - 2018-07-19 15:59 - 000260056 _____ () C:\Program Files\ASUS\Aac_Mouse\AacMouseHal_x86.dll
    2018-07-27 16:59 - 2018-07-27 16:59 - 000242136 _____ () C:\Program Files\ASUS\AacDisplayHal\AacDisplayHal_x86.dll
    2018-09-03 15:01 - 2018-09-03 15:01 - 000374720 _____ () C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
    2018-04-18 14:11 - 2018-04-18 14:11 - 000053248 _____ () C:\Program Files (x86)\LightingService\cpuutil.dll
    2018-05-07 16:03 - 2018-05-07 16:03 - 000407088 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3DevProps.dll
    2017-12-22 09:58 - 2017-12-22 09:58 - 000033168 _____ () C:\Program Files (x86)\ASUS\ASUS Hello\AsGAUpd.dll
    2018-05-07 16:01 - 2018-05-07 16:01 - 000171568 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\CheckAPODaemon.dll
    2018-05-07 16:10 - 2018-05-07 16:10 - 001152560 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicCursor3DDaemonModule.dll
    2018-05-07 16:10 - 2018-05-07 16:10 - 001198640 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerDaemonModule.dll
    2018-05-07 16:10 - 2018-05-07 16:10 - 001303600 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicRadarDaemonModule.dll
    2018-05-07 16:09 - 2018-05-07 16:09 - 000489520 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerAutomationDaemon.dll
    2018-05-07 16:09 - 2018-05-07 16:09 - 000647728 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMProfileDaemonModule.dll
    2018-05-07 16:10 - 2018-05-07 16:10 - 000619568 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMShortcutsDaemonModule.dll
    2018-05-07 16:10 - 2018-05-07 16:10 - 001856560 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\SonicRadar3SystrayDaemon.dll
    2018-05-07 16:03 - 2018-05-07 16:03 - 000367616 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll
    2018-05-07 16:15 - 2018-05-07 16:15 - 000329776 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\DeviceRoutingDaemon.dll
    2018-05-07 16:16 - 2018-05-07 16:16 - 000230912 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll
    2018-05-07 16:16 - 2018-05-07 16:16 - 000321584 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\SonicStudio3SystrayDaemon.dll
    2018-05-07 16:03 - 2018-05-07 16:03 - 000247344 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3OSD.dll
    2018-10-29 18:10 - 2018-10-29 18:10 - 000038400 _____ () C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.1.0.0_x64__qmba6cd70vzyy\DetectDisplayDC.dll
    2018-10-29 18:10 - 2018-10-29 18:10 - 000164352 _____ () C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.1.0.0_x64__qmba6cd70vzyy\CCTAdjust.dll
    2018-08-31 01:55 - 2018-08-31 01:55 - 000038912 _____ () C:\Program Files\WindowsApps\B9ECED6F.ROGGameVisual_1.1.0.0_x64__qmba6cd70vzyy\VideoEnhance.dll
    2018-01-31 18:52 - 2018-01-31 18:52 - 001604240 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2018-10-29 19:42 - 2018-10-30 11:06 - 000879904 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2018-10-29 19:41 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2018-10-29 19:41 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2018-10-29 19:41 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2018-10-29 19:42 - 2018-11-26 13:29 - 002649376 _____ () C:\Program Files (x86)\Steam\video.dll
    2018-10-29 19:41 - 2017-12-19 18:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
    2018-10-29 19:41 - 2017-12-19 18:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
    2018-10-29 19:41 - 2017-12-19 18:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
    2018-10-29 19:41 - 2017-12-19 18:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
    2018-10-29 19:41 - 2017-12-19 18:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
    2018-10-29 19:42 - 2018-11-26 13:29 - 001028384 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2018-10-29 19:41 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2018-10-29 19:42 - 2018-11-26 13:29 - 005044000 _____ () C:\Program Files (x86)\Steam\bin\panorama\panorama.dll
    2018-10-29 19:42 - 2018-11-26 13:29 - 000166688 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
    2018-10-29 19:41 - 2014-04-08 21:25 - 000071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
    2018-10-29 19:41 - 2014-04-08 21:25 - 000153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
    2018-10-24 09:49 - 2018-10-24 09:49 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
    2018-10-29 17:47 - 2018-04-30 22:01 - 001891672 _____ () C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\ffmpeg.dll
    2018-10-29 17:47 - 2018-04-30 22:01 - 001937752 _____ () C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\libglesv2.dll
    2018-10-29 17:47 - 2018-04-30 22:01 - 000095576 _____ () C:\Users\RAC973\AppData\Local\Discord\app-0.0.301\libegl.dll
    2018-10-29 16:43 - 2018-12-02 03:31 - 011301720 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_voice\discord_voice.node
    2018-10-29 16:43 - 2018-11-16 22:17 - 001639256 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_utils\discord_utils.node
    2018-10-29 16:43 - 2018-10-29 16:43 - 001910104 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\cld\build\Release\cld.node
    2018-10-29 16:43 - 2018-10-29 16:43 - 000422744 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\spellchecker\build\Release\spellchecker.node
    2018-10-29 16:43 - 2018-10-29 16:43 - 000145240 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_spellcheck\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
    2018-10-29 16:43 - 2018-10-29 16:43 - 000512856 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_erlpack\discord_erlpack.node
    2018-10-29 16:43 - 2018-11-16 22:17 - 001658712 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_game_utils\discord_game_utils.node
    2018-10-29 17:49 - 2018-10-29 17:49 - 009621848 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_cloudsync\discord_cloudsync.node
    2018-10-29 16:43 - 2018-11-28 23:49 - 001718104 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_overlay2\discord_overlay2.node
    2018-10-29 16:43 - 2018-10-29 16:43 - 002722648 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_rpc\discord_rpc.node
    2018-10-29 17:51 - 2018-11-11 22:31 - 001261400 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_modules\discord_modules.node
    2018-10-29 17:51 - 2018-11-28 23:49 - 024944472 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_dispatch\discord_dispatch.node
    2018-10-29 17:51 - 2018-10-29 17:51 - 002760536 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_contact_import\discord_contact_import.node
    2018-10-29 17:51 - 2018-10-29 17:51 - 001249112 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_vigilante\discord_vigilante.node
    2018-10-29 16:43 - 2018-12-02 03:31 - 001639768 _____ () \\?\C:\Users\RAC973\AppData\Roaming\discord\0.0.301\modules\discord_hook\discord_hook.node
    2018-10-29 16:14 - 2018-10-29 16:14 - 000987136 _____ () C:\Program Files (x86)\Furcadia\libxml2.dll
    2018-10-29 16:15 - 2018-10-29 16:15 - 000077824 _____ () C:\Program Files (x86)\Furcadia\zlib1.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2018-04-11 16:38 - 2018-04-11 16:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3919023636-3324971714-3320823635-1001\Control Panel\Desktop\\Wallpaper -> c:\users\rac973\desktop\phoenix pictures\ellie__s_vision_by_z_design-d33a5jd.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{99721D4D-892B-4147-A145-84BC2F9AC888}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{01EB4F33-861F-4959-8D04-4A4D50926197}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{8290229D-6599-429E-91C5-4A80C5712484}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{F616D978-AB26-4BFA-9603-67E5AD54E817}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{FF73B95B-6DB7-4074-9708-CD3AEC39B8DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{55D372C3-E190-4F62-B46B-08549078AC6B}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
    FirewallRules: [{EDC3A2D4-C0D3-4E93-AA45-117771D3C83B}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
    FirewallRules: [{72DA5B7E-85C4-4CC3-B700-A1D770079C9D}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
    FirewallRules: [{A0DED2B8-CCE3-44F2-99D0-A311B7070147}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
    FirewallRules: [{8F144362-706D-421C-B02E-D24CFD312196}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
    FirewallRules: [{5F08EDB4-723B-4AF9-8646-64D35F59D53D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
    FirewallRules: [{E477313A-E38B-4DD0-9719-675C80E2E05A}] => (Allow) C:\Program Files (x86)\ASUSTeK COMPUTER INC\ROG Gaming Center\ROGGCAndroidService.exe
    FirewallRules: [{9D1FD22C-9447-451D-A329-B857B03C8FAF}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\DUTUtil.exe
    FirewallRules: [{B4D1D21A-9789-47AF-A71D-8796AA94629D}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\DUTUtil.exe
    FirewallRules: [{79EEAF5F-EBC9-4CD5-A8AF-5246B41EABCE}] => (Allow) C:\Program Files (x86)\ASUS\GameFirst\GameFirst_V.exe
    FirewallRules: [{815EFF30-AED7-4AD5-9094-66BADF8D12BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{B6D89B0E-DC00-4C2D-8815-616F7B5098F2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{BCD12445-ED50-4243-B84D-88ACBDD0BBEE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{63AB9279-B84A-4A80-8D98-127BBCF11B51}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{CBF52C4F-5291-415B-8C46-97C09F5FE114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{79A1FEA1-ADBF-4132-B487-09FDD9A97F2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{FD72BCDD-DCB2-460D-9E83-3DAEC60B32CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{DCFB0CE0-DF18-413D-9D55-B122B3770C3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{39A5D9CB-7F8E-4998-B2E3-3B5A07D75DFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firewatch\Firewatch.exe
    FirewallRules: [{9880DD31-AD3C-41AA-963E-800A72C55408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firewatch\Firewatch.exe
    FirewallRules: [{5AB764A1-EB48-41C4-A57C-B85C27ABB10D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{CF25E39D-410C-40B9-ACE1-23A5A35E94D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hand of Fate\Hand of Fate.exe
    FirewallRules: [{9A148361-FE2C-4F5A-80C4-E38E21646E51}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{E4DB5F97-2FD6-4EEE-9FEE-4826B1158FDC}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{F20A9397-70CA-4FD6-992A-6EDDB3CBA108}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{51DBBE2E-AEFA-4E32-ADEB-DF55E65DD48F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{923D14C9-71A4-4A12-9BDC-794640A865CE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{5E668B53-3CC5-44EB-BD2E-B8739EFFDC0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16040.11001.20074.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe
    FirewallRules: [{25CF5282-164E-4BCA-9B45-5BA70F869F8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{C42FF846-D72E-4E62-A849-3FDD79475465}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
    FirewallRules: [{900AE13A-EB72-4F1C-987B-E6CB2297C225}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{77DDA1EF-D932-457D-B82F-F0EB62E4AF26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
    FirewallRules: [{32A8559D-6D67-429F-86D2-138B33C189F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
    FirewallRules: [{5850B90F-EB8A-449C-9A44-B960EB5F9FCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row 2\SR2_pc.exe
    FirewallRules: [{67439B8B-7F9D-4DEF-84C6-899C8B8E7183}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{269D2917-BD76-42E4-826B-BB7BEF2CF9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
    FirewallRules: [{0C492A8D-D548-498E-92CE-16FB80432C9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{940443FE-BBD8-4ACB-A180-27798820359E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{E3BA57C2-3423-4414-939A-3B298030A305}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
    FirewallRules: [{D037F0E1-65DA-4574-AFE6-4AA5FF436C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
    FirewallRules: [{36F9053E-7E94-4D72-809B-25C5F266C610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
    FirewallRules: [{D154D7A8-CD7D-453D-8311-9A0F3325D8DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe
    FirewallRules: [{345FC4A2-D128-4C30-A45C-F44EB38CE75F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{0F8B94CB-2CFC-4190-9CCC-FBED795AE1EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
    FirewallRules: [{EF3FBF4E-1E98-4E43-85C5-C8DF62C6BD29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{E69409FE-9A4C-485D-9A57-0D9DEE5C5635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight II\ModLauncher.exe
    FirewallRules: [{F940F277-844A-4401-8900-BA823EB054B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{80595F32-47F8-4AF0-ADA5-BCD5110F4ABB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{77517024-53C3-4E5F-9DC9-5F92D145616D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [{5F0896CC-0FB1-4A0B-AA8E-00C248D0AFFC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
    FirewallRules: [{42E074D6-B97C-40EB-86ED-5F361992487A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{6C1E9D6A-90E4-40BD-8238-EB6478D1F618}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
    FirewallRules: [{8D17FB89-4523-44E0-98F3-3839F675ECF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B4ED430F-AC89-4627-A337-D607AC258FAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe
    FirewallRules: [{3F7C0E57-4A50-4C38-A824-8BD36127792A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Clicker Heroes\Clicker Heroes.exe

    ==================== Restore Points =========================

    21-11-2018 07:58:50 Windows Modules Installer
    22-11-2018 09:59:01 Windows Modules Installer
    23-11-2018 11:59:00 Windows Modules Installer
    24-11-2018 13:58:49 Windows Modules Installer
    25-11-2018 15:59:04 Windows Modules Installer
    26-11-2018 17:58:50 Windows Modules Installer
    27-11-2018 19:58:50 Windows Modules Installer
    28-11-2018 21:58:51 Windows Modules Installer
    29-11-2018 23:58:49 Windows Modules Installer
    01-12-2018 01:58:49 Windows Modules Installer
    02-12-2018 03:58:51 Windows Modules Installer
    03-12-2018 05:58:52 Windows Modules Installer
    04-12-2018 07:58:52 Windows Modules Installer
    05-12-2018 09:58:50 Windows Modules Installer
    06-12-2018 11:58:51 Windows Modules Installer
    07-12-2018 13:58:49 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/03/2018 08:38:18 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18081.14710.0, time stamp: 0x5b9d00b1
    Faulting module name: SharedLibrary.dll, version: 1.7.25531.0, time stamp: 0x597af36c
    Exception code: 0x00001007
    Fault offset: 0x0000000000493b3f
    Faulting process id: 0xbcbc
    Faulting application start time: 0x01d48b6f23649ef8
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
    Report Id: 1af42b70-1722-4fa3-b457-f55d5c475c76
    Faulting package full name: Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App

    Error: (12/03/2018 04:29:17 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
    Faulting module name: taskmgr.exe, version: 10.0.17134.1, time stamp: 0xe3592b68
    Exception code: 0xc0000409
    Fault offset: 0x0000000000018961
    Faulting process id: 0x2c68
    Faulting application start time: 0x01d48a912bbdcf66
    Faulting application path: C:\Windows\system32\taskmgr.exe
    Faulting module path: C:\Windows\system32\taskmgr.exe
    Report Id: a45c08ae-0376-4635-8fc4-b5d1c65caa4f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (12/02/2018 03:49:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 70.0.3538.110 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: cea8

    Start Time: 01d486c7271b0e99

    Termination Time: 4294967295

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: fcf2a48e-1727-47bc-a5c1-d3a49c213ff1

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (11/19/2018 04:03:30 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (11/19/2018 03:59:01 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
    Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-NTS4PET1$ via https://INTC-KeyId-17a00575d05e58e38...lates/Aik/scep failed:

    GetCACaps
    GetCACaps: Not Found
    {"Message":"The authority "intc-keyid-17a00575d05e58e3881210bb98b1045bb4c30639.microsoftaik.azure.net" does not exist."}
    HTTP/1.1 404 Not Found
    Cache-Control: no-cache
    Date: Mon, 19 Nov 2018 22:59:04 GMT
    Pragma: no-cache
    Content-Length: 122
    Content-Type: application/json; charset=utf-8
    Expires: -1
    x-ms-request-id: 9fd5ae0e-260c-4cb8-bc1a-60d3f2e4031e
    Strict-Transport-Security: max-age=31536000;includeSubDomains
    X-Content-Type-Options: nosniff

    Method: GET(328ms)
    Stage: GetCACaps
    Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

    Error: (11/15/2018 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.137, time stamp: 0xecd85e98
    Faulting module name: NAHIMICV3apo.dll, version: 10.0.10011.16384, time stamp: 0x595e4369
    Exception code: 0xc0000005
    Fault offset: 0x0000000000379f91
    Faulting process id: 0x2fbc
    Faulting application start time: 0x01d47d5f83cb49fa
    Faulting application path: C:\Windows\system32\AUDIODG.EXE
    Faulting module path: C:\Windows\system32\NAHIMICV3apo.dll
    Report Id: 9defda3b-7879-4636-99c4-aed9ff34432e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/11/2018 11:40:24 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (11/11/2018 11:35:37 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
    Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-NTS4PET1$ via https://INTC-KeyId-17a00575d05e58e38...lates/Aik/scep failed:

    GetCACaps
    GetCACaps: Not Found
    {"Message":"The authority "intc-keyid-17a00575d05e58e3881210bb98b1045bb4c30639.microsoftaik.azure.net" does not exist."}
    HTTP/1.1 404 Not Found
    Cache-Control: no-cache
    Date: Mon, 12 Nov 2018 06:35:37 GMT
    Pragma: no-cache
    Content-Length: 122
    Content-Type: application/json; charset=utf-8
    Expires: -1
    x-ms-request-id: 0259b373-4634-4c79-8d3c-bdb774c16227
    Strict-Transport-Security: max-age=31536000;includeSubDomains
    X-Content-Type-Options: nosniff

    Method: GET(437ms)
    Stage: GetCACaps
    Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)


    System errors:
    =============
    Error: (12/07/2018 03:36:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/07/2018 12:12:11 AM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/07/2018 12:10:19 AM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/07/2018 12:09:15 AM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/07/2018 12:01:35 AM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/07/2018 12:01:23 AM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/06/2018 11:58:50 PM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

    Error: (12/06/2018 10:46:10 PM) (Source: ACPI) (EventID: 13) (User: )
    Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


    Windows Defender:
    ===================================
    Date: 2018-11-12 21:36:43.119
    Description:
    Windows Defender Antivirus scan has been stopped before completion.
    Scan ID: {76D7400A-C281-47A2-B018-DF0A389EAD70}
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    CodeIntegrity:
    ===================================

    Date: 2018-11-26 12:01:41.007
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Microsoft signing level requirements.

    Date: 2018-11-26 12:01:35.851
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

    Date: 2018-10-31 21:42:23.530
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

    Date: 2018-10-30 22:40:09.330
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

    Date: 2018-10-29 23:56:43.312
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements.

    Date: 2018-10-29 16:10:17.492
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-10-29 16:10:17.488
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2018-10-29 16:10:17.479
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfemms.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\mcafee\SystemCore\mfeaaca.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
    Percentage of memory in use: 69%
    Total physical RAM: 8047.33 MB
    Available physical RAM: 2489.85 MB
    Total Virtual: 18538.25 MB
    Available Virtual: 7232.04 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:930.46 GB) (Free:730.67 GB) NTFS

    \\?\Volume{00fa4f7c-520e-4847-9b21-d24d75c2a9ae}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.4 GB) NTFS
    \\?\Volume{9c035ede-ac40-437a-9ea3-94e4f5995fca}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D81B9E96)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,804

    Default

    And, one quick question on that. I want to remove the hard drive for my old tablet pc and plug it in with a usb to my current laptop to see if I can get it analyzed - however, I do not want to risk the virus jumping from the HD to my new laptop. Is there a way I can do this and still be safe. And, how would I run programs/tests for that specific HD? I purchased a casing for it so I could do this..but have yet to remove it and try.
    If you think your Tablet could be infected, don't plug it into your Laptop. I think that could create quite a mess.
    (I used Google which stated this shouldn't be done because I wasn't sure)
    I did find a site that offers good suggestions
    https://malwaretips.com/blogs/remove-android-virus/

    "I use the below to check mine out and have disabled the one which would be loaded in task lists.", more specifically, the "have disabled the one which would be loaded in tasks lists" part of it.
    On that note, I have Adobe and most anything on my computer to disable automatic updates. I have never ever liked them invading my personal time and choose to do updates manually on most any program I have.
    What I posted earlier, I can create a script using Farbar Recovery Scan Tool (FRST) that would remove the task for Flash to update behind the scenes, so to speak.
    Now, with that, you go to a site to watch a video, and yours is outdated, it will either run with problems or just not up to par. And it's possible when on a specific site it will pop up to update Flash seeing yours it's not the most recent.
    But, there are tools you can download that you can manually run to check and see if it's time to update items safely

    you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like UCheck, SUMo and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.


    ~~

    I'm checking into seeing if your version of SpyBot should need to be updated.


    Now, logs you posted
    Mostly clean but, I need to know if you want the Farbar Recovery Scan Tool (FRST) to remove the task for Flash to update?

    We can also run a couple of quick tools to check to see if anything is hidden on your Laptop?, which are all safe and will not hurt your machine.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Apr 2017
    Posts
    7

    Default

    I do not have an android tablet, so the link you gave me would not work. It's an old tablet pc. And by old I mean
    http://www.ruggedpcreview.com/images...s800_slate.jpg
    This. I apologize. I reread in my reply and I do not ever remember having stated it was an android tablet or even a phone. I made no mention of apps either. It's a tablet PC. It has a little hard drive in it that I can remove. I need to figure out how to clean that. It won't boot up, and when it does, it just crashes over and over and over. I can't even get in to safe mode on it. I bought it used from a friend. It was fine for months and then one day it just started having issues.

    Though, this topic is about this computer I am on now. I have not had those warnings from teatimer since I updated flash. I have it specifically set so it has to ask me for updates, but the registry edit warnings make me cautious. As far as Spybot goes, this is the version that I have read is the best to use. And I just..I really love the user interface. I downloaded a newer version before finding the version I have now, and I just had no idea how to use it or how it worked.

    I would love to run whatever suggestion you have as far as a deeper look. Like I said, I want to keep this computer clean of threat garbage.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,804

    Default

    I have not had those warnings from teatimer since I updated flash
    Your safe, the alerts you got was from a legit Flash update and SpyBot doing it's job.
    I do not have an android tablet, so the link you gave me would not work.
    I apologize, about the link to a android tablet, I work multiple forums and it's possible the link was for a different person.

    ~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~~~~~~~~

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here
    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Please post these 2 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Apr 2017
    Posts
    7

    Default

    Thank you for being patient with me! I word ridiculous hours and am usually very tired by the time I get home.

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.5.0
    # -------------------------------
    # Build: 11-26-2018
    # Database: 2018-12-07.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 12-14-2018
    # Duration: 00:00:05
    # OS: Windows 10 Home
    # Cleaned: 1
    # Failed: 2


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    Deleted dchmpbaclbiioedakpcldenooikekokm

    ***** [ Chromium URLs ] *****

    Not Deleted Ask
    Not Deleted AOL

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1317 octets] - [14/12/2018 23:38:43]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/14/18
    Scan Time: 11:49 PM
    Log File: 99e4a2d2-0035-11e9-9aef-0c9d92a57fb3.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.508
    Update Package Version: 1.0.8331
    License: Trial

    -System Information-
    OS: Windows 10 (Build 17134.376)
    CPU: x64
    File System: NTFS
    User: LAPTOP-NTS4PET1\RAC973

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 273494
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 3 min, 37 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,804

    Default

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;


    Please post this log when finished also, How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Apr 2017
    Posts
    7

    Default

    "After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes)."

    Juliet, I am very sorry. I accidentally clicked out of this step. Meaning, the PUPs thing. I can't get it to come back to click yes :( what do I do? I want to follow all the steps properly, and it's my fault for not paying attention and clicking out of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •