Originally Posted by
Juliet
You can.....
If you like you can run Emsisoft Emergency Kit again, allow it to remove what it's finds.
Would you like to run FRST once more?
Ok well I've stopped the ESET scan and then ran the Emsisoft kit. Found nothing, I even did a custom scan hoping it would scan all drives and apparently nothing....strange, either ESET items were false positives, or Emsisoft can't pick them up because they're probably new threats that no other anti-virus/malware programs have been updated to know about. Here's the logs:
Code:
Emsisoft Emergency Kit - Version 11.9
Last update: 20/08/2016 12:06:52 AM
User account: Raikou\Manectric
Computer name: RAIKOU
OS version: Windows 7x64 Service Pack 1
Scan settings:
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, B:\, C:\, E:\
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 20/08/2016 12:08:38 AM
Scanned 554385
Found 0
Scan end: 20/08/2016 12:50:15 AM
Scan time: 0:41:37
Code:
Emsisoft Emergency Kit - Version 11.9
Last update: 20/08/2016 12:06:52 AM
User account: Raikou\Manectric
Computer name: RAIKOU
OS version: Windows 7x64 Service Pack 1
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 20/08/2016 12:08:00 AM
Scanned 73178
Found 0
Scan end: 20/08/2016 12:08:11 AM
Scan time: 0:00:11
Here's my FRST64 logs:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-08-2016
Ran by Manectric (administrator) on RAIKOU (20-08-2016 09:55:03)
Running from C:\Users\Electrike\Desktop
Loaded Profiles: Manectric & Electrike (Available Profiles: Manectric & Electrike)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "Mozilla\Firefox" -osint -url "%1")
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(GIGABYTE TECHNOLOGY CO., LTD.) C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe
(NirSoft) C:\Users\Electrike\Downloads\cports-x64\cports.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-10] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7827256 2014-05-14] (Motorola Solutions, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276040 2014-05-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-28] (Intel Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\RunOnce: [SmartUpdate] => C:\Program Files\GIGABYTE\Smart Update\urgent.exe [355840 2014-10-22] (GIGABYTE)
HKLM Group Policy restriction on software: *.JSE <====== ATTENTION
HKLM Group Policy restriction on software: *.JS <====== ATTENTION
HKLM Group Policy restriction on software: *.VBE <====== ATTENTION
HKLM Group Policy restriction on software: *.VBS <====== ATTENTION
HKLM Group Policy restriction on software: *.WSF <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\VSSAdmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata% <====== ATTENTION
HKLM Group Policy restriction on software: *.WSH <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\ProcessExplorer\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\Electrike\Desktop\Group Policy.msc <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\cmd.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\system32\taskmgr.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Downloads <====== ATTENTION
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-06] (Ruiware)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GBOSDV3.lnk [2014-10-30]
ShortcutTarget: GBOSDV3.lnk -> C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe (GIGABYTE TECHNOLOGY CO., LTD.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.lnk [2014-10-31]
ShortcutTarget: Welcome.lnk -> C:\Program Files\GIGABYTE\Smart USB Backup\Welcome.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\..\Interfaces\{19335884-B8F1-4C09-BCC6-6644B6627BFF}: [NameServer] 192.168.1.1,8.8.8.8
Tcpip\..\Interfaces\{8ED6DA2E-8DC3-40FF-83BF-0D80A3F52055}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8ED6DA2E-8DC3-40FF-83BF-0D80A3F52055}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com/?pc=SBJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000 -> DefaultScope {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
SearchScopes: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001 -> {B0C9ACC6-6B01-470F-B98A-DCC12B58795A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
FireFox:
========
FF ProfilePath: C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-30] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-01-22]
FF Extension: TrafficLight - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\trafficlight@bitdefender.com.xpi [2016-01-22]
FF Extension: HTTPS-Everywhere - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\https-everywhere@eff.org [2016-01-22]
FF Extension: NoScript - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-06-11]
FF Extension: Flagfox - C:\Users\Manectric\AppData\Roaming\Mozilla\Firefox\Profiles\ipvqxq4h.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-01-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-16]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Manectric\AppData\Roaming\IDM\idmmzcc5 [2016-06-16] [not signed]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Electrike\AppData\Roaming\IDM\idmmzcc5 [2016-08-13] [not signed]
FF HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-10]
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 ElevateService; C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe [14336 2014-10-29] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-04] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-02-01] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-30] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-30] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-19] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-15] (Sandboxie Holdings, LLC)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Update_Service; C:\Program Files\GIGABYTE\Smart Update\Update_Service.exe [136704 2014-10-22] (GIGABYTE) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-02] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-19] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-14] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1424184 2014-05-14] (Motorola Solutions, Inc.)
S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [83256 2014-02-04] (Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
S3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [210376 2014-07-04] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-16] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-08-17] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-16] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-04-29] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-16] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-30] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3423720 2014-08-22] (Intel Corporation)
S3 NVSWCFilter; C:\Windows\system32\drivers\nvswcfilter.sys [19616 2014-09-05] (Windows (R) Win 7 DDK provider)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2014-10-22] (Realsil Semiconductor Corporation)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-15] (Sandboxie Holdings, LLC)
S2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2015-10-05] (CyberLink Corp.)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-20 09:55 - 2016-08-20 09:55 - 00020957 _____ C:\Users\Electrike\Desktop\FRST.txt
2016-08-20 09:54 - 2016-08-20 09:55 - 00000000 ____D C:\FRST
2016-08-20 00:05 - 2016-08-20 09:53 - 00000000 ____D C:\EEK
2016-08-19 23:45 - 2016-08-19 23:45 - 02395648 _____ (Farbar) C:\Users\Electrike\Desktop\FRST64.exe
2016-08-19 23:42 - 2016-08-19 23:53 - 247661272 _____ C:\Users\Electrike\Desktop\EmsisoftEmergencyKit.exe
2016-08-18 09:23 - 2016-08-18 09:26 - 00071387 _____ C:\Windows\system32\activity.txt
2016-08-18 09:20 - 2016-08-18 10:01 - 00000000 ____D C:\Users\Electrike\Downloads\cports-x64
2016-08-18 09:19 - 2016-08-18 09:19 - 00113711 _____ C:\Users\Electrike\Downloads\cports-x64.zip
2016-08-18 09:15 - 2016-08-18 09:15 - 00000000 _____ C:\Users\Electrike\test.txt
2016-08-17 13:08 - 2016-08-17 13:08 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-08-17 12:41 - 2016-08-17 12:41 - 00003536 _____ C:\bootsqm.dat
2016-08-17 12:26 - 2016-08-17 12:29 - 00000000 ____D C:\Users\Electrike\Downloads\Tweaking.com - Windows Repair
2016-08-17 12:23 - 2016-08-17 12:24 - 27326629 _____ C:\Users\Electrike\Downloads\tweaking.com_windows_repair_aio.zip
2016-08-17 12:21 - 2016-08-17 12:21 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Electrike\Downloads\esetonlinescanner_enu.exe
2016-08-14 16:09 - 2016-08-14 16:09 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ____D C:\ProgramData\Skype
2016-08-14 16:09 - 2016-08-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-14 00:10 - 2016-08-14 00:10 - 00076653 _____ C:\Users\Electrike\Desktop\Group Policy.msc
2016-08-13 10:46 - 2016-08-14 18:22 - 00021280 __RSH C:\ProgramData\ntuser.pol
2016-08-13 09:34 - 2016-08-13 09:51 - 00000000 ____D C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku
2016-08-13 09:32 - 2016-08-13 09:32 - 00000201 _____ C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku.zip.txt
2016-08-13 09:30 - 2016-08-13 09:30 - 17699182 _____ C:\Users\Electrike\Downloads\CrystalDiskMark5_1_2Shizuku.zip
2016-08-13 09:21 - 2016-08-13 09:21 - 00003148 _____ C:\Windows\System32\Tasks\FRAPS
2016-08-10 09:37 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 09:37 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 09:37 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 09:37 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 09:37 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 09:37 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 09:37 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 09:37 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 09:37 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 09:37 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 09:37 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 09:37 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 09:37 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 09:37 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 09:37 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 09:37 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 09:37 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 09:37 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 09:37 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 09:37 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 09:37 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 09:37 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 09:37 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 09:37 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 09:37 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 09:37 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 09:37 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 09:37 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 09:37 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 09:37 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 09:37 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 09:37 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 09:37 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 09:37 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 09:37 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 09:37 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 09:37 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 09:37 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 09:37 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 09:37 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 09:37 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 09:37 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 09:37 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 09:37 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 09:37 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 09:37 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 09:37 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 09:37 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 09:37 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 09:37 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 09:37 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 09:37 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 09:37 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 09:37 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 09:37 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 09:37 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 09:37 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 09:37 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 09:37 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 09:37 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 09:37 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 09:37 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 09:37 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 09:37 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 09:37 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 09:37 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 09:37 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 09:37 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 09:37 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 09:37 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 09:37 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 09:37 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 09:37 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 09:35 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-08 20:01 - 2016-08-08 20:01 - 00000000 ____D C:\Users\Manectric\AppData\Local\CrashDumps
2016-08-08 20:01 - 2016-08-08 20:01 - 00000000 ____D C:\Users\Electrike\AppData\Local\ESET
2016-08-08 18:57 - 2016-08-08 18:57 - 00000000 ____D C:\Users\Manectric\AppData\Local\ESET
2016-08-07 13:14 - 2016-08-07 13:14 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RAIKOU-Windows-7-Professional-(64-bit).dat
2016-08-07 13:13 - 2016-08-07 13:13 - 00018139 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-08-07 09:01 - 2016-08-17 13:07 - 00084896 _____ C:\Users\Electrike\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-06 15:26 - 2016-08-06 15:27 - 00000000 ____D C:\Users\Electrike\AppData\Local\tkdata
2016-08-06 15:25 - 2016-08-07 09:00 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-08-06 15:25 - 2016-08-06 19:56 - 00000000 ____D C:\ProgramData\McAfee
2016-08-06 09:44 - 2016-08-06 10:09 - 01125745 _____ C:\Users\Electrike\Downloads\Trainer for Oil Rush.zip
2016-08-03 05:57 - 2016-08-13 23:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-03 05:57 - 2016-08-03 05:57 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-28 23:16 - 2016-07-28 23:16 - 00000000 ____D C:\Windows\EOONotify
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-20 09:55 - 2016-01-19 13:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-20 00:08 - 2016-06-26 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-18 09:15 - 2016-01-23 11:54 - 00000000 ____D C:\Users\Electrike
2016-08-18 09:07 - 2016-07-06 15:25 - 00000000 ____D C:\Users\Electrike\Downloads\Trainer for Oil Rush
2016-08-17 14:00 - 2009-07-14 13:13 - 00779996 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-17 14:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-08-17 13:54 - 2016-07-07 16:17 - 00084896 _____ C:\Users\Manectric\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-17 13:54 - 2015-01-12 17:26 - 00180174 _____ C:\Users\Electrike\Documents\%$##!!@.TXT
2016-08-17 13:31 - 2016-03-06 10:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-17 13:16 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-17 13:16 - 2009-07-14 12:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-17 13:08 - 2014-10-22 14:52 - 00000300 _____ C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2016-08-17 13:08 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-17 13:07 - 2016-07-07 19:02 - 00335928 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-17 13:06 - 2016-01-20 02:57 - 00000000 ____D C:\Windows\CSC
2016-08-17 13:01 - 2009-07-14 10:34 - 00000722 _____ C:\Windows\win.ini
2016-08-17 12:42 - 2016-01-22 11:27 - 00000000 ____D C:\Program Files (x86)\Razer
2016-08-16 18:41 - 2016-06-16 15:04 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-16 18:41 - 2016-04-29 06:12 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 18:41 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-15 09:41 - 2016-04-30 09:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-14 23:09 - 2016-06-23 22:12 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Skype
2016-08-14 18:19 - 2016-01-23 16:45 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-14 18:17 - 2016-01-23 16:45 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-13 09:21 - 2016-01-22 17:01 - 00000000 ____D C:\Fraps
2016-08-12 12:14 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-08-11 21:52 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-08-11 11:30 - 2016-01-22 11:28 - 00009896 _____ C:\Windows\Sandboxie.ini
2016-08-11 00:18 - 2016-01-22 20:48 - 00000000 ____D C:\Windows\system32\MRT
2016-08-11 00:16 - 2016-01-22 20:48 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 11:58 - 2016-01-22 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-08-08 11:37 - 2016-04-29 15:47 - 00000000 ____D C:\Users\Electrike\AppData\Local\CrashDumps
2016-08-07 09:00 - 2014-10-22 13:35 - 00000000 ____D C:\Program Files\Intel
2016-08-06 15:26 - 2014-10-22 13:37 - 00000000 ____D C:\ProgramData\Intel
2016-08-06 15:22 - 2016-03-06 10:01 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-08-06 15:22 - 2016-03-06 10:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-06 15:22 - 2016-03-06 10:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-08-06 15:20 - 2016-01-31 11:21 - 00000000 ____D C:\Users\Electrike\AppData\Local\Adobe
2016-08-06 15:20 - 2016-01-22 23:34 - 00000000 ____D C:\Users\Manectric\AppData\Local\Adobe
2016-08-06 15:18 - 2016-07-17 00:50 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\WinPatrol
2016-08-05 17:34 - 2016-01-22 11:24 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453433047
2016-08-05 17:34 - 2016-01-22 11:24 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-05 16:48 - 2016-01-23 17:21 - 00000000 ____D C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-03 16:00 - 2016-03-11 08:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 13:06 - 2014-10-22 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-28 23:16 - 2016-01-22 21:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-28 23:16 - 2016-01-22 21:14 - 00000000 ___SD C:\Windows\system32\GWX
==================== Files in the root of some directories =======
2016-01-19 10:59 - 2016-01-22 17:20 - 0000020 _____ () C:\Users\Manectric\AppData\Roaming\db.ini
2014-08-20 12:06 - 2014-08-20 12:06 - 0000020 _____ () C:\ProgramData\db.ini
2014-10-22 13:49 - 2014-10-22 13:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Electrike\AppData\Local\Temp\procexp64.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-09 15:03
==================== End of FRST.txt ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
Ran by Manectric (20-08-2016 09:55:16)
Running from C:\Users\Electrike\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-01-19 02:59:00)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2798084944-1211984927-2140173799-500 - Administrator - Disabled)
Electrike (S-1-5-21-2798084944-1211984927-2140173799-1001 - Limited - Enabled) => C:\Users\Electrike
Guest (S-1-5-21-2798084944-1211984927-2140173799-501 - Limited - Disabled)
Manectric (S-1-5-21-2798084944-1211984927-2140173799-1000 - Administrator - Enabled) => C:\Users\Manectric
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)
8BitBoy (HKLM-x32\...\Steam App 296910) (Version: - AwesomeBlade)
Absconding Zatwor (HKLM-x32\...\Steam App 385200) (Version: - Zonitron Productions)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
Auslogics BoostSpeed 7 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 7.9.0.0 - Auslogics Labs Pty Ltd)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Blaster Shooter GunGuy! (HKLM-x32\...\Steam App 391740) (Version: - Adam DeLease)
Breakout Invaders (HKLM-x32\...\Steam App 366700) (Version: - DreamsSoftGames)
Canon Easy-PhotoPrint EX - Additional Materials DL_AN1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_AN5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_AN5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_FA5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_FA5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST1 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST1) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST2 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST2) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST3 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST3) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST4 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST4) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST5 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST5) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST6 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST6) (Version: - )
Canon Easy-PhotoPrint EX - Additional Materials DL_ST7 (HKLM-x32\...\Easy-PhotoPrint EX - DL_ST7) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
CONSORTIUM (HKLM-x32\...\Steam App 264240) (Version: - Interdimensional Games Inc)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2205.58 - CyberLink Corp.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Edge of Space (HKLM-x32\...\Steam App 238240) (Version: - Handyman Studios)
ELAN Touchpad 11.14.7.1_X64_WHQL (HKLM\...\Elantech) (Version: 11.14.7.1 - ELAN Microelectronic Corp.)
FaeVerse Alchemy (HKLM\...\Steam App 282880) (Version: - Subsoap)
FileZilla Client 3.18.0 (HKLM-x32\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Game Dev Tycoon version 1.5.24 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.5.24 - Greenheart Games Pty. Ltd.)
GIGABYTE Smart USB Backup 2.0.20141014 (HKLM-x32\...\GIGABYTE Smart USB Backup) (Version: 2.0.20141014 - GIGABYTE TECHNOLOGY CO.,LTD.)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
Hyperdimension Neptunia Re;Birth1 (HKLM-x32\...\Steam App 282900) (Version: - Idea Factory, Inc.)
Hyperdimension Neptunia Re;Birth2 Sisters Generation (HKLM-x32\...\Steam App 351710) (Version: - Compile Heart)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7991b5ae-96d7-4df2-97fb-a605b7cb638b}) (Version: 17.12.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Jet Set Radio (HKLM-x32\...\Steam App 205950) (Version: - Blit Software)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Killing Floor SDK (HKLM\...\Steam App 1260) (Version: - Tripwire Interactive)
Kingdom Wars (HKLM\...\Steam App 227180) (Version: - Reverie World Studios, INC)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.78 (HKLM\...\MediaInfo) (Version: 0.7.78 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 45.3.0 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.3.0 ESR (x86 en-US)) (Version: 45.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Graphics Driver 344.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.42 - NVIDIA Corporation)
Omikron - The Nomad Soul (HKLM-x32\...\Steam App 243000) (Version: - Quantic Dream)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 39.0.2256.48 (HKLM-x32\...\Opera 39.0.2256.48) (Version: 39.0.2256.48 - Opera Software)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7348 - Realtek Semiconductor Corp.)
Renegade Ops (HKLM-x32\...\Steam App 99300) (Version: - Avalanche Studios)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Savage: The Battle For Newerth (Version: 1.0RC3) (HKLM-x32\...\{ABDEBB00-96E9-47A2-94CC-BB0CCC4630DE}_is1) (Version: - Newerth.com)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart Manager V3 Ver 4.4.3 (HKLM\...\Smart Manager V3) (Version: Ver 4.4.3 - GIGABYTE)
Smart Update v2.3.5 (HKLM-x32\...\Smart Update) (Version: v2.3.5 - GIGABYTE TECHNOLOGY CO.,LTD.)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version: - )
Soulbringer (HKLM-x32\...\Steam App 283310) (Version: - Infogames Europe SA)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Starbound - Unstable (HKLM\...\Steam App 367540) (Version: - )
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Street Racing Syndicate (HKLM-x32\...\Steam App 292410) (Version: - Eutechnyx)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - Team Meat)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
UE3Redist (HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version: - Creative Assembly, PC Port - Hardlight)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Electrike\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F31E738-83EC-40CD-A7C2-F7CEF30EC5D6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {281FAFD2-11AC-46FE-B3D7-74FFC96FCB60} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2013-01-18] (Realtek Semiconductor)
Task: {34744266-050D-465A-AEDC-071063F1F8C6} - System32\Tasks\Opera scheduled Autoupdate 1453433047 => C:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
Task: {88C14B97-48EB-43EE-9F66-AA4268FA32FE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {AE144BC0-4C06-4EDB-A9D6-64B7E80EFCC1} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)
Task: {D2443CEE-28E7-4E8E-B014-09D96E0D998C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-09] (Piriform Ltd)
Task: {E1B701B4-8889-46F5-A1E8-6226A5212985} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-06] (Adobe Systems Incorporated)
Task: {EAAE9075-97CB-4D2F-9372-8DD858214FBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {FFE4DF80-8C39-4568-8C64-A70E97751AF6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-08-03] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-05-27 20:19 - 2016-05-27 20:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-10-29 15:06 - 2014-10-29 15:06 - 00434688 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\92888469.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\92888469.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7908 more sites.
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\...\1-2005-search.com -> www.1-2005-search.com
There are 12725 more sites.
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\...\1-2005-search.com -> www.1-2005-search.com
There are 12685 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:34 - 2016-08-17 13:02 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2798084944-1211984927-2140173799-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Manectric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2798084944-1211984927-2140173799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Electrike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{ED44402E-6B9E-4DB1-B967-E19AA4AE59D5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{975A9371-4FC5-4492-A0FA-31983D49C1F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46B1C078-AFED-45D5-926D-B400B0762AEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8AA98205-C1F8-4F48-929E-28A6F5C66746}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{218FBBB7-0A07-424B-9DBA-25DEE324042F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{2CEB3727-6E0E-474B-BEDB-55CD6FA31863}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0E988A6F-1597-434D-8FDF-ACCAC6D3BABA}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BA275EC0-0E29-4CB2-851E-0DF94DD3B256}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{D7B7FE81-F7C1-4CC2-9A5D-3BFBC4F8B092}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{158CD4F6-032B-4273-826C-217282EBB367}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{1923CDDD-D237-42FD-8C23-BC5FB283A78E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{AE2A9A89-B88B-4683-B869-8B2EF65AD275}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{23E604FA-4DDA-45B1-9908-9EBFB959E3DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1B14BB29-0D4F-4A8C-8ABC-6888D216BD83}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42E4617A-5FCA-4251-8EFB-91382308D1CF}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{5915F504-940F-4CF9-8851-E2D9D34CCF8B}] => (Allow) E:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{977B611B-A28C-4028-B3BC-1039ED8857E6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{6E11EF2F-6830-49D3-BD5C-667A4C9A40F6}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{19406A0C-DDD7-46E7-A82F-38E6F9627D2A}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{2513EA08-BD87-41FE-A41B-2C727C0E0AA2}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{31FED2C9-495D-4342-8B10-7966E278394C}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{61BC3A19-BF39-4DD6-A1A6-0D58AEE19178}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{106113F8-9421-4270-820D-CC76EEA2A2B3}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{DBF93726-DD05-4DD9-BC9F-9948951E75B1}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{D0CE9C82-7250-46DC-94CF-0CA3B4E0A5AC}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B70D3706-95ED-49E3-AF67-CBE783281915}] => (Allow) E:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{B7138CFE-00E4-4F1A-B081-EAF371CC90C5}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2DC418BB-D092-44D7-B9D5-2AAF21966D87}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{080F40DB-3587-4EB6-818C-FE2225702188}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{441B589F-AC8B-4E86-9F8A-536B5BB1D1BB}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{1AC40D78-85FC-44D5-97B1-05DE752CE4AB}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{16E5442B-B244-434D-89BC-122C4DC23666}] => (Allow) E:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0659532C-2FC0-41DE-A1FE-F884355EFCA2}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{E7546CF8-5893-4099-B834-70CE3F0A815D}] => (Allow) E:\Steam\steamapps\common\Edge of Space\Launcher.exe
FirewallRules: [{827ABB98-CC0A-4987-990F-859B67A93BE4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{6F18E829-CE8B-4EFC-96F4-B0EE1D357AB4}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{0E8AC9E3-CCC1-4B56-A403-CAF7318C1872}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{0B8EAF10-34D3-4982-97C4-7B8909D7ABA1}] => (Allow) E:\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{4B4DA01D-819F-4EFF-A0FD-2C0BE6406682}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{54884BF2-8338-451F-B9E7-46AB96619750}] => (Allow) E:\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{E61D0B2A-5D79-4977-AF7D-2F0B7106C268}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3DCB6A24-1389-4942-92D5-3843075404E4}] => (Allow) E:\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{DBA18D9C-8ACA-49E2-AAC4-3562035A8C57}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BBEFBE26-BED3-48B4-B121-E489A3ADF5B1}] => (Allow) E:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{33926AC4-D51F-4479-8FC0-6A47B2055EEF}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{1C996CF8-6816-406F-B0E0-7F5346B9A085}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth1\NeptuniaReBirth1.exe
FirewallRules: [{8EB3D9BC-0F02-45D3-9DAB-C24D00AB72C1}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{11A7FAF0-73F9-4D6F-BE83-AE1B847685DE}] => (Allow) E:\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9BD875E2-2851-4332-AE83-1C609C0F596E}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{B64A9B7C-6C69-4C35-B792-9697435EB025}] => (Allow) E:\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{C7B05986-D0C4-4108-BF55-AA0DB2F9B964}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{86B27BFA-B00C-4819-AC2E-2698A8D1D867}] => (Allow) E:\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{0CB72F27-4441-44FA-9C5A-5441E38EE959}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1D8F9B21-75A4-4095-925D-37EF588122EC}] => (Allow) E:\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D1FBB2F4-3AEB-4A10-B314-1997BF169FD9}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{746B90D7-A441-49B8-9D00-634C77BA026A}] => (Allow) E:\Steam\steamapps\common\Sniper Elite Nazi Zombie Army 2\bin\NZA2.exe
FirewallRules: [{DBE2503B-EFAA-4652-A651-B03A21CBF6F6}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{2DF07BBF-0773-4A95-9F7F-1E5853B86F17}] => (Allow) E:\Steam\steamapps\common\Neptunia Rebirth2\NeptuniaReBirth2.exe
FirewallRules: [{3A9F16C0-CD27-4147-9FB4-5A1298898CE0}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{071E8CC3-0D48-4F22-9580-C472D454D7C9}] => (Allow) E:\Steam\steamapps\common\Absconding Zatwor\AbscondingZatwor.exe
FirewallRules: [{53DFE6F9-4512-43A8-9878-0A28C814363E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{79D7B79F-14C8-41B4-AF2B-E5A83CD0A94E}] => (Allow) E:\Steam\steamapps\common\8BitBoy\8bitboy.exe
FirewallRules: [{BE1625A0-5C22-4012-B36E-CBEB9D1D0B44}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{732E4072-52AD-437F-832B-8788A54BC722}] => (Allow) E:\Steam\steamapps\common\Soulbringer\Soulbringer.exe
FirewallRules: [{B8112D4F-B895-48FD-A761-07233224E301}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{7B73DB18-60C1-48C2-8BC7-EDB9EA198B1A}] => (Allow) E:\Steam\steamapps\common\Soulbringer\SBLang.exe
FirewallRules: [{DBB54C42-A404-4750-9EA6-CE7EC5EBF23F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{4394EE80-8ACE-407E-952B-CC4B6719971F}] => (Allow) E:\Steam\steamapps\common\Omikron\Runtime.exe
FirewallRules: [{FEB10303-05F6-449E-A3CF-ACCB9CCA8B02}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{1EF7DA4A-1823-4F8D-9155-BEA31FD22B5E}] => (Allow) E:\Steam\steamapps\common\Blaster Shooter GunGuy!\BlasterShooterGunGuy.exe
FirewallRules: [{ACA46DCF-C461-4ED4-BED5-2C3C4850A8F3}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{273E2CC8-617A-48CB-9CCF-B94AA9D96ECD}] => (Allow) E:\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{172E3FBA-DEE4-43F4-8A2D-B9B8D68CACA0}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{E94AD05B-C733-4A92-B5A2-BD09EB05A410}] => (Allow) E:\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{00AC840B-80A1-4336-88EE-248DC558DC8E}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{B21938C0-9E93-436B-AFD1-BE72C9E048AF}] => (Allow) E:\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE
FirewallRules: [{0604D7D5-CE4B-40F0-8844-36D0181A3D33}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{B257BEA4-3A33-4DDE-A96D-9442D2C7C6A8}] => (Allow) E:\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe
FirewallRules: [{D5FD205B-7422-4B63-9C42-2C284F7A5357}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{2CB6CF4F-6F0E-4F3A-B7BA-0878C855956C}] => (Allow) E:\Steam\steamapps\common\Jet Set Radio\jsrsetup.exe
FirewallRules: [{AF18B0FD-32DD-40CD-9EF0-A41F3EBD6195}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{6B2D4BD6-6BE2-4027-97BB-CABBCD2940F0}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe
FirewallRules: [{E378E1DC-8AEA-4A0D-AC1D-1222A117A1C6}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{81BCE8BE-6B13-4ADF-A0CD-0C5ACCEF2E15}] => (Allow) E:\Steam\steamapps\common\Renegade Ops\RenegadeOps.exe
FirewallRules: [{0101F286-11E3-44C1-B549-C2065BD8AAE6}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{5E4891E6-CA93-4429-B4F7-B2B650E4D791}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\viking.exe
FirewallRules: [{37DBD26C-BB32-49F8-9A7D-167AE3B772CA}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{4C1DAB79-D364-4727-A421-F26F7AF3442B}] => (Allow) E:\Steam\steamapps\common\Viking Battle for Asgard\ConfigTool.exe
FirewallRules: [{DF112BDD-C962-4B16-9F8F-FF4A26DDCCE9}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{DA48FB98-14F8-49EF-8ED7-6940578C2D5D}] => (Allow) E:\Steam\steamapps\common\Breakout Invaders\Breakout Invaders.exe
FirewallRules: [{CCF81E90-D5FA-4A26-8642-90A9613C7AD8}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{F145CB47-1CA1-40B7-9699-5EFBA332DE3C}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Dof.exe
FirewallRules: [{44CF666E-77CD-4F57-A70C-E9F1C612782D}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{52A5BE11-5E01-4B08-B08B-852ED99BD5C0}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\dof_options.exe
FirewallRules: [{6419C5BC-EF54-466F-994F-CEC4BA1FA469}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{F9E29DF7-450C-41C3-BC16-5136E441DF43}] => (Allow) E:\Steam\steamapps\common\Dawn of Fantasy\Editor.exe
FirewallRules: [{A2F07D3A-76E2-4EAF-B45C-A52BC59EE74E}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{F8EC441D-3F40-4788-A95F-21BF6ED19202}] => (Allow) E:\Steam\steamapps\common\Sega Classics\SEGAGameRoom.exe
FirewallRules: [{E3DAC1B9-43BF-4EB8-94FC-48EEB9AC8F9F}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{439F11BE-2C0F-4ACD-9C6D-3598C7352FBB}] => (Allow) E:\Steam\steamapps\common\FaeVerseAlchemy\FaeVerseAlchemy.exe
FirewallRules: [{17E95339-3EF6-4626-9A5D-EB3522338690}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{B7A6306D-3CD2-4D06-94F9-58BAB76BD903}] => (Allow) E:\Steam\steamapps\common\KillingFloor\System\KFEd.exe
FirewallRules: [{53B34361-08C1-428A-A1B6-CCF0D371D5B9}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{F263328F-E5C4-478C-B00B-080E494827EB}] => (Allow) E:\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{53B56E07-3523-4C42-9C68-2B075C2E0A4A}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{949ECB15-C111-47AD-9B56-EB7CF5F04070}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{D71B24E8-A218-49A1-9C40-5B3F74EC8755}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{E0026D43-5EFA-44A5-B3D1-0A038B1FB885}] => (Allow) E:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{7095CF9D-D5D4-4787-AD5F-0C05D92F4C75}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{62CEF1C9-E199-443D-8B32-0B16DE0A7869}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{BBE098F3-917B-40CC-8B4C-9232B9CAF868}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{6A219DDF-FA22-40B0-BCDA-02972DFDB946}] => (Allow) E:\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{F46EED8E-922E-4129-981A-A5BCFAEBA239}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{5E3C4E03-8EBA-45A2-AA19-343991C46DB3}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\mod_uploader.exe
FirewallRules: [{E31810B6-E548-42A2-9556-FF063CE58EEE}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{324C0FC5-F91F-4F4C-9322-58E7A4FE1E57}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{E88CA193-08F8-44F9-AAC7-0D1A5E0EFA7A}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D8A4B1F-ADC2-46F3-A493-530D3910871B}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{511B82B9-0A56-4D98-ABBB-362CBC278DE1}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{162A06FA-0FC2-4ADF-84D1-6730D6CF7E42}] => (Allow) E:\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{89521BB0-DF55-46CF-9E62-C41CA967AD29}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{7322A81B-A789-4BFA-A332-9F8203F4A46B}] => (Allow) E:\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{F066C9B0-764E-43CD-8CA6-1DF4F261ED18}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{EAE6118B-AB2E-4477-A927-15B50748608B}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{719A00C5-AE92-4F00-A83A-ED29E6DBCD90}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{D2A77B95-EE45-49E5-85F2-9D0927111C25}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{6707124E-3B27-45CA-B2B0-873B942957F5}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{BE081998-A33C-4B93-AD8B-6AD6D3668860}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{AC96E2B3-3FB2-423C-91BA-B4335C6626BB}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{8D1D9C45-AE7F-4813-8962-56FBCC94A1FA}] => (Allow) E:\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{C13F76AF-605C-4D49-BD78-3EA278F093ED}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Restore Points =========================
17-08-2016 12:47:40 Tweaking.com - Windows Repair
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter #7
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
Error: (08/17/2016 01:08:11 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
Error: (08/17/2016 01:07:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (08/17/2016 01:07:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (08/17/2016 01:07:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528.
Error: (08/17/2016 01:07:10 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (1576) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.
Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
Error: (08/17/2016 01:07:06 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
System errors:
=============
Error: (08/19/2016 11:47:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (08/19/2016 11:47:04 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
Error: (08/19/2016 11:46:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
Error: (08/19/2016 01:56:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/19/2016 12:01:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (08/19/2016 12:00:26 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (08/18/2016 01:56:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/18/2016 08:36:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (08/17/2016 01:57:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
Error: (08/17/2016 01:57:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084Bluetooth Device Monitor{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
CodeIntegrity:
===================================
Date: 2016-01-22 13:37:14.199
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-01-22 13:37:14.198
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-01-22 13:37:14.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-01-22 13:37:14.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-01-22 13:37:14.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-01-22 13:37:14.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 16302.39 MB
Available physical RAM: 13555.11 MB
Total Virtual: 16300.58 MB
Available Virtual: 14029.34 MB
==================== Drives ================================
Drive b: (FRAPS) (Fixed) (Total:931.51 GB) (Free:931.42 GB) NTFS
Drive c: (SYSTEM) (Fixed) (Total:103.99 GB) (Free:52.31 GB) NTFS
Drive e: (Game Drive) (Fixed) (Total:1863.01 GB) (Free:1624.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: E71727C5)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AEFDE666)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=260 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=104 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 69318C77)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================