Symptoms:
1. I recently saw a popup appear at the top of my browser, advising I had to update some sort of critical firefox update.
2. I clicked the link, went to a page that appeared to be firefox/Mozilla, and selected the w7 64bit update.
3. it downloaded a file "Firefox Installer.exe" , which I ran and upgraded (however this file seems suspicious as, when in properties under the details tab, it lists "Original filename: 7zs.sfx.exe" ? - have attached a screenshot)
4. now I appear to have two sets of firefox browsers on my PC (v56.0 - which was my original browser, but now seems to have some plugins disabled due to the recent update. and also v58.0.2 firefox quantum, which also has security plugins disabled as a result of the update version being incompatible)
all of the above leads me to believe that I may have some kind of malware issue.
Any assistance is greatly appreciated!
Thankyou in advance for your time and efforts!
Screen shot attached also.
Requested Logs from FRST64:
1. FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2018 01
Ran by flynn (administrator) on FLYNN-PC (11-02-2018 02:02:24)
Running from C:\Users\flynn\Downloads
Loaded Profiles: flynn (Available Profiles: flynn)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(f.lux Software LLC) C:\Users\flynn\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_26_0_0_126_ActiveX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-14] (Piriform Ltd)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [f.lux] => C:\Users\flynn\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-11] (f.lux Software LLC)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Violectric Control Panel Autostart.lnk [2017-09-09]
ShortcutTarget: Violectric Control Panel Autostart.lnk -> C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.5.1
Tcpip\..\Interfaces\{DA720BB9-99B9-459B-9C11-6BF324A31CD1}: [DhcpNameServer] 192.168.5.1
Internet Explorer:
==================
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.facebook.com/seekingsalvation
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2018-01-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-01-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2018-01-19] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-01-19] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareu ... PIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareu ... TSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareu ... /CTPID.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-19] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: z4roa0cw.default
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default [2018-02-11]
FF Homepage: Mozilla\Firefox\Profiles\z4roa0cw.default -> hxxps://duckduckgo.com/
FF Extension: (Disconnect) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\2.0@disconnect.me.xpi [2017-04-04]
FF Extension: (HTTPS Everywhere) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\https-everywhere@eff.org.xpi [2018-01-30]
FF Extension: (RequestPolicy) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\requestpolicy@requestpolicy.com.xpi [2016-07-14] [Legacy]
FF Extension: (UAControl) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\uacontrol@qz.tsugumi.org.xpi [2016-07-14] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\uBlock0@raymondhill.net.xpi [2018-02-10]
FF Extension: (User-Agent JS Fixer) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi [2016-07-14] [Legacy]
FF Extension: (NoScript) - C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\z4roa0cw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-10]
FF ProfilePath: C:\Users\flynn\AppData\Roaming\Mozilla\Firefox\Profiles\24hemwe1.testing [2018-02-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-01] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-12-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-12-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default [2018-02-10]
CHR Extension: (Slides) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-18]
CHR Extension: (Docs) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-18]
CHR Extension: (Google Drive) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-07]
CHR Extension: (YouTube) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-07]
CHR Extension: (uBlock Origin) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-01-26]
CHR Extension: (Sheets) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-18]
CHR Extension: (Google Docs Offline) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-01-26]
CHR Extension: (MyEtherWallet) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbmnnijcnlegkjjpcfjclmcfggfefdm [2018-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-26]
CHR Extension: (Gmail) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-07]
CHR Extension: (Chrome Media Router) - C:\Users\flynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-29]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6998536 2018-01-20] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-12-23] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-07-12] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-07-12] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-16] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-04-30] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50624 2017-11-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-11-16] (NVIDIA Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-11 02:00 - 2018-02-11 02:02 - 000050210 _____ C:\Users\flynn\Downloads\Addition.txt
2018-02-11 02:00 - 2018-02-11 02:02 - 000018961 _____ C:\Users\flynn\Downloads\FRST.txt
2018-02-11 01:54 - 2018-02-11 02:00 - 002404352 _____ (Farbar) C:\Users\flynn\Downloads\FRST64.exe
2018-02-10 20:19 - 2018-02-10 20:19 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-02-10 20:19 - 2018-02-10 20:19 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-10 20:19 - 2018-02-10 20:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-09 21:24 - 2018-02-10 20:18 - 000001410 _____ C:\Users\flynn\Desktop\mompov epoch.txt
2018-02-09 21:15 - 2018-02-09 21:15 - 000005704 _____ C:\Users\flynn\Desktop\mompov deets FAILED SIGNUP.txt
2018-02-09 20:31 - 2018-02-09 21:09 - 000005704 _____ C:\Users\flynn\Desktop\mompov deets.txt
2018-02-08 21:12 - 2018-02-08 21:12 - 000000000 ___DL C:\Users\flynn\AppData\LocalLow\PlayReady
2018-01-21 13:44 - 2018-01-21 13:44 - 000000000 ____D C:\Users\flynn\AppData\Local\UnrealEngine
2018-01-21 13:44 - 2018-01-21 13:44 - 000000000 ____D C:\Users\flynn\AppData\Local\TslGame
2018-01-19 05:39 - 2018-01-19 05:39 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-11 02:02 - 2017-02-08 20:09 - 000000000 ____D C:\FRST
2018-02-11 02:01 - 2016-07-12 17:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-02-11 01:00 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\inf
2018-02-11 00:33 - 2017-02-07 19:53 - 000000000 ____D C:\Users\flynn\AppData\LocalLow\Mozilla
2018-02-10 23:09 - 2009-07-14 15:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-10 23:09 - 2009-07-14 15:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-10 21:55 - 2009-07-14 16:13 - 000782470 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-10 21:49 - 2016-07-12 16:25 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-10 21:48 - 2009-07-14 16:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 21:13 - 2016-07-12 23:08 - 000000000 ____D C:\Users\flynn\AppData\Roaming\MPC-HC
2018-02-10 20:20 - 2016-07-12 17:47 - 000000000 ____D C:\Users\flynn\AppData\Roaming\foobar2000
2018-02-10 20:19 - 2016-07-12 17:03 - 000000000 ____D C:\Users\flynn\AppData\Roaming\Mozilla
2018-02-10 18:46 - 2016-07-12 17:59 - 000000000 ____D C:\Users\flynn\AppData\Roaming\qBittorrent
2018-02-10 10:09 - 2016-07-12 15:48 - 000000000 ____D C:\Users\flynn
2018-02-10 06:11 - 2016-11-04 14:13 - 000000000 ____D C:\Program Files\Recuva
2018-02-06 23:15 - 2016-07-12 20:42 - 000000000 ____D C:\Users\flynn\AppData\Local\Battle.net
2018-02-04 08:52 - 2016-10-23 22:24 - 000000000 ____D C:\Windows\Minidump
2018-02-04 08:52 - 2016-07-19 22:52 - 000000000 ____D C:\Users\flynn\AppData\Local\CrashDumps
2018-01-31 21:00 - 2009-07-14 14:20 - 000000000 ____D C:\Windows\system32\NDF
2018-01-29 20:33 - 2016-08-28 10:37 - 000000000 ____D C:\Users\flynn\AppData\Local\ElevatedDiagnostics
2018-01-29 20:27 - 2009-07-14 13:34 - 000453443 ____R C:\Windows\system32\Drivers\etc\hosts.20180211-020229.backup
2018-01-26 11:41 - 2016-07-12 21:15 - 000000000 ____D C:\Users\flynn\Documents\ccleaner backups
2018-01-21 13:44 - 2016-07-16 15:04 - 000000000 ____D C:\Users\flynn\AppData\Local\NVIDIA Corporation
2018-01-21 13:43 - 2016-07-16 14:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-20 16:55 - 2016-07-12 17:38 - 000000000 ____D C:\Users\flynn\AppData\Roaming\MusicBee
2018-01-19 05:39 - 2017-04-18 22:53 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-19 05:39 - 2009-07-14 14:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-01-19 05:37 - 2017-04-18 22:38 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-12 20:50 - 2016-07-12 20:43 - 000000000 ____D C:\Users\flynn\Documents\StarCraft II
==================== Files in the root of some directories =======
2016-12-10 15:21 - 2016-12-17 07:38 - 000000600 _____ () C:\Users\flynn\AppData\Local\PUTTY.RND
2017-08-21 00:04 - 2017-08-21 00:04 - 000007609 _____ () C:\Users\flynn\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-08 21:20
==================== End of FRST.txt ============================
2. addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2018 01
Ran by flynn (11-02-2018 02:02:42)
Running from C:\Users\flynn\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-12 04:48:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1648639942-364084454-2766153320-500 - Administrator - Disabled)
flynn (S-1-5-21-1648639942-364084454-2766153320-1000 - Administrator - Enabled) => C:\Users\flynn
Guest (S-1-5-21-1648639942-364084454-2766153320-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{9D29D67C-315D-46A1-A3A9-3CAF24871578}) (Version: 1.0.022 - ASUSTek Computer Inc.)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Display Pilot (HKLM-x32\...\{6DD25D67-4339-47A1-950E-EEFC321CBB24}) (Version: 2.11.002 - Portrait Displays, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
f.lux (HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\Flux) (Version: - f.lux Software LLC)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
Free Virtual Keyboard 3.0.1.0 (HKLM-x32\...\{CA4F9519-1A83-4907-8651-F17073A0E1CE}_is1) (Version: 3.0 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
LG Power Tools (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.) Hidden
LG Power Tools (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3316 - CyberLink Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2153 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.46 - mIRC Co. Ltd.)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.2 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.59 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.59 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2153 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pivot Pro Plugin (HKLM-x32\...\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}) (Version: 9.61.004 - Portrait Displays, Inc.) Hidden
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SDK (HKLM-x32\...\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}) (Version: 2.40.007 - Portrait Displays, Inc.) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft (HKLM-x32\...\StarCraft) (Version: - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Violectric Audio Driver v3.0.0 (HKLM-x32\...\Violectric Audio Driver v3.0.0) (Version: 3.0.0 - Violectric)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1648639942-364084454-2766153320-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-06] (NVIDIA Corporation)
ContextMenuHandlers5: [PortraitDisplaysContextMenu] -> {8602BDD8-9780-4717-B89A-7F89AF75B2AB} => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\shellmenu64.dll [2013-06-18] (Portrait Displays, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-07] (Piriform Ltd)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2014-06-24] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07FDA491-E404-4EE9-9A5D-60521408EBCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {084E7C9C-235A-4DC3-BD2F-FF08EAE41A88} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-19] (Microsoft Corporation)
Task: {28757681-FD9D-47D2-ADB9-68CF3EC95C6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {3DC6E7DD-7B67-4DA0-8B16-143CD46296B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {44C92ACE-AF03-4B2B-8068-0C48540F1407} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {4A3C8766-0B60-48B8-8FCF-F7253C52E414} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-07] (Google Inc.)
Task: {59BB98AE-C501-4584-AE2A-97228C393E78} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {5C522309-CB12-4D51-89E8-895973B7890B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-23] (Microsoft Corporation)
Task: {7F8C504D-C311-4AE0-98BB-500C1F82AEB0} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {97216AC6-EDD6-410A-A1CB-CC765F39475B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-16] (NVIDIA Corporation)
Task: {9A54E6E2-6A39-4314-BE2A-0C98C46074CC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-16] (NVIDIA Corporation)
Task: {A333814C-F7D2-497C-89CF-EE4D65F9717A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-16] (NVIDIA Corporation)
Task: {A3AE6E79-3488-4F87-82C7-A1D496688FA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {A66B24B2-4B31-463E-999A-07F0B658695F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-19] (Microsoft Corporation)
Task: {ADB32BA2-16F0-4674-B4C0-EC9B25EEDB82} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-16] (NVIDIA Corporation)
Task: {AF18AB99-9031-44E7-9FE5-6F4B5F4D9335} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {B4EAB0F5-6C7C-422D-B499-46D3A50CC518} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-06-21] (ASUSTek Computer Inc.)
Task: {B8D31284-9010-492A-BC3E-B8DF20A2B4F5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-16] (NVIDIA Corporation)
Task: {C073F1C2-159A-423D-B622-34F0754ED126} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-19] ()
Task: {D77FF2BE-502F-4420-9EF5-E914F6FFA8BE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {E16C0328-F620-4247-80C4-DB94BC7B77E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E9B28576-BBFC-4381-A82D-26AF466F8968} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-16] (NVIDIA Corporation)
Task: {EBE901F0-47AB-466A-9A7B-A5BD31E1F558} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-14] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-10-05 18:17 - 2016-10-05 18:17 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 000055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2016-07-12 16:25 - 2017-12-06 06:32 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000098320 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2017-06-20 20:54 - 2017-11-16 12:41 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-18 23:33 - 2017-04-18 23:33 - 000959168 _____ () C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-04-18 22:55 - 2018-01-19 05:35 - 008929480 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000274960 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2017-09-09 21:19 - 2015-05-06 17:11 - 000315392 _____ () C:\Program Files\Violectric\Violectric_Audio_Driver\ViolectricCplApp.exe
2016-07-12 16:37 - 2013-06-18 13:26 - 000677160 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2016-07-12 16:37 - 2013-06-18 13:26 - 000714024 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
2016-07-12 16:37 - 2013-11-12 12:44 - 000163344 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
2016-07-12 16:37 - 2013-11-12 12:44 - 000197136 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
2016-07-12 17:15 - 2014-05-13 13:04 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-12 17:15 - 2014-05-13 13:04 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-12 17:15 - 2014-05-13 13:04 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-12 17:15 - 2012-08-23 11:38 - 000574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-07-12 17:15 - 2012-04-03 18:06 - 000565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-06-20 20:54 - 2017-11-16 12:41 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000093712 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2013-06-20 12:01 - 2013-06-20 12:01 - 000258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-05-14 16:11 - 2013-05-14 16:11 - 000049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2017-09-09 21:19 - 2015-05-06 17:11 - 000200704 _____ () C:\Program Files\Violectric\Violectric_Audio_Driver\violectric_usbaudioapi.dll
2016-07-12 16:37 - 2013-11-12 12:44 - 000187920 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2017-06-20 20:54 - 2017-11-16 12:40 - 066906560 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-04-18 23:33 - 2017-04-18 23:33 - 000679624 _____ () C:\Users\flynn\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1648639942-364084454-2766153320-1000\...\123simsen.com -> www.123simsen.com
There are 7936 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2018-02-11 02:02 - 000453723 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15600 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1648639942-364084454-2766153320-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\flynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{66FBF906-0D28-43F7-B766-FFA1543A731E}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{67536B77-F116-411B-A4B5-CEFC887E9F83}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{64F421B9-4F5B-4F8E-8129-55E3E4F499C4}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{6D8E9A47-2181-491C-BE03-D8F1F7F746AC}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{155E0717-986F-4DCF-B814-61A544537D54}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{01AAAC01-259F-4D66-9F57-CD50A61B1B9D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{19A7CC4D-90C5-4A4E-B240-9E5BF5479761}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6968E411-6F19-494F-998E-08197D87CB43}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{05F9F64A-99E0-4628-B0F2-D66A7779A1FE}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [{3E89E153-72E9-4B38-A8E5-4BDF7F69F3C0}] => (Allow) F:\Programs\Steam\Steam.exe
FirewallRules: [TCP Query User{6DEAC644-CAF7-49BB-A14B-9F5277479C16}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{2DC3B367-38EF-4F29-9EAD-7D1478BD2EB4}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{962B6077-BB49-4DA0-9652-42D78149507D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F2E775A9-D329-4796-B68C-4D189618A6D1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6947829D-1D3F-4755-BA0E-B98CBBFCCE23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C05D0FCC-AD9C-4551-A6CF-E3E08142C82A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7A1A0C68-CCAC-4481-99D7-24DB27DD4366}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E71F3D6-86B4-45E1-9502-553EEAAF2AB5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F98188E4-F080-4DCD-8EE3-CD78A30168E1}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{16210C61-7464-4AA1-837F-255D8E2C58A2}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{6A460B9E-0E64-4F07-BAF5-CEB86671FA79}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{73B1D6F1-5DBA-41B2-B715-9679240E2577}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4AFE5DF7-934A-46AC-9855-455AC77AA267}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{A294CB6E-BDF6-49FF-BE03-24DB65684288}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{7F4D5EAB-774B-4E83-BB63-D4C412ABA01D}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{61A270F1-D44B-4CC7-A37E-9136EE474644}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{DCF99FC8-3206-4390-8308-9BCF258217EC}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{CF3802F3-5F07-4A60-8332-DA9A9EE29E96}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{60438213-FB90-49D5-8368-E343A853DED7}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{692AF56D-C1E7-4E1F-AE43-4B381B066448}] => (Allow) F:\Programs\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{76C3F2FF-AECD-438D-80E8-56A22587A61C}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A3B1E5CA-B9FA-4D74-B5AF-347E1B133589}] => (Allow) F:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9AB35043-237C-46BE-983C-8B85EC2FFD73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5A2AAA98-14DD-449D-8C1B-55474CA973E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B83634C1-B846-4E37-B9C0-6FDA8AA507AC}] => (Allow) F:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{102978C3-356B-4883-9DBC-0BD19E3B2F5D}] => (Allow) F:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E99F818A-37D9-4868-B601-1AFD0FC3516E}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{7366B0F2-9B5E-4918-A36E-44EEAFA70813}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{0F1C76DC-EB82-47C3-8B57-87769E049A03}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{C7C99B31-6669-42C2-AC7B-DF6E2796C24B}] => (Allow) F:\Programs\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [TCP Query User{6352E63D-AC44-42AE-A25C-4235140C59E3}F:\games\diablo iii\x64\diablo iii64.exe] => (Allow) F:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{B876BF2C-9CAE-40D9-B7A0-6DD303748D1B}F:\games\diablo iii\x64\diablo iii64.exe] => (Allow) F:\games\diablo iii\x64\diablo iii64.exe
FirewallRules: [{30B92C5F-3D16-470C-845A-C619CB3E5CB2}] => (Allow) F:\Programs\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{E46A7750-CDDF-47C4-AACE-12A7242580E5}] => (Allow) F:\Programs\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F133D14B-EE81-45DD-BE13-DD76FB8028A8}F:\games\overwatch public test\overwatch test\overwatch.exe] => (Allow) F:\games\overwatch public test\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{77794184-B61A-4FFF-AFA5-2539E5400338}F:\games\overwatch public test\overwatch test\overwatch.exe] => (Allow) F:\games\overwatch public test\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A3D89EE3-2DD7-4DD0-B718-A78511626030}F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{B5412163-C0F8-4B78-A8E0-94E9354E4766}F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) F:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{28837959-224C-4DCD-8EF8-3D9DEB56CCF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{242E5B6F-B38F-4322-881B-0E1C64D4301B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{65C574AB-0397-400A-8DAB-C2C1BBBDDCAA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BFF18B2-B9A3-4CA7-B41C-E38D6BF0EAF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C5561890-4545-4F0A-9694-68575542A987}F:\games\starcraft\starcraft.exe] => (Allow) F:\games\starcraft\starcraft.exe
FirewallRules: [UDP Query User{6DF4C904-3F17-4A6C-A90F-696A4623149C}F:\games\starcraft\starcraft.exe] => (Allow) F:\games\starcraft\starcraft.exe
FirewallRules: [{36B0F735-0DDB-4AC0-A286-9E49E85BF632}] => (Allow) F:\Programs\Steam\steamapps\common\MARVEL VS. CAPCOM INFINITE\MVCI.exe
FirewallRules: [{CDAE7EFE-139E-4BED-B458-CC42CB57DB8B}] => (Allow) F:\Programs\Steam\steamapps\common\MARVEL VS. CAPCOM INFINITE\MVCI.exe
FirewallRules: [{BD4549CD-491F-42FF-879F-14637C0F0E96}] => (Allow) F:\Programs\Steam\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{D7444C94-89A4-457E-A579-21E975EBB389}] => (Allow) F:\Programs\Steam\steamapps\common\Hawken\Binaries\Win64\HawkenGame-Win64-Shipping.exe
FirewallRules: [{54D2BA5F-02B7-49D2-8BD1-B32D25996351}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{BC9C63CA-2D1D-4669-8892-86FC30743120}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{48A4B504-95BB-4A19-AAA5-A63DE076302A}] => (Allow) F:\Programs\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{82DBB780-BA67-4BED-815B-9D29AF09A6FF}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{EDDE0685-4B3F-4E66-AD31-3B0736EB501C}] => (Allow) F:\Programs\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{CE62AB31-9F67-4DD0-B907-276081C2CE60}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C3EC089-3FDF-4445-B4A2-C79DBF87E073}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A2BF605-0B9D-4D5B-9EC8-8A6C4165FFCD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3621971F-CE37-484B-9526-6D5038F7C28E}F:\games\starcraft ii\versions\base60321\sc2_x64.exe] => (Block) F:\games\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [UDP Query User{F61B5FEB-08F0-4C05-9F41-C03EDE1E0E04}F:\games\starcraft ii\versions\base60321\sc2_x64.exe] => (Block) F:\games\starcraft ii\versions\base60321\sc2_x64.exe
FirewallRules: [{4C0C26B2-04D4-4A57-AEAC-37EE8218371B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D9D62332-819F-44DE-AB6F-F1566772FE50}] => (Allow) F:\Programs\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{0BAC5B38-ED7E-435F-B885-C0C06BB08004}] => (Allow) F:\Programs\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{110C0433-26DD-43F1-AD18-4809AD8C8939}F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{44E41A1F-83D2-47AD-A94A-D9B644F05B11}F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\programs\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{42F00905-4F1C-4E55-B4E0-EE67116FC4C8}] => (Allow) F:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83EE7E45-914D-4E0F-B6FD-DE3B5BC3CDD9}] => (Allow) F:\Programs\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{534364AB-0B66-47EA-A218-5A64EFEEDCA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{59ACFE31-9E25-4600-BF82-5B7D9EE1F6A7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
21-01-2018 13:42:09 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-01-2018 13:43:08 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-01-2018 13:43:18 Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
21-01-2018 13:43:26 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
21-01-2018 13:43:34 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008
21-01-2018 13:43:41 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
21-01-2018 19:00:54 Windows Backup
21-01-2018 23:14:16 Windows Update
24-01-2018 00:26:56 Windows Update
28-01-2018 19:00:58 Windows Backup
30-01-2018 17:53:50 Windows Update
02-02-2018 19:09:19 Windows Update
04-02-2018 19:00:46 Windows Backup
06-02-2018 19:35:57 Windows Update
09-02-2018 19:40:32 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2018 09:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/10/2018 09:13:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9095
Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9095
Error: (02/10/2018 12:32:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8034
Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8034
Error: (02/10/2018 12:31:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/10/2018 12:31:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7035
Error: (02/10/2018 12:31:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7035
System errors:
=============
Error: (02/10/2018 09:48:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (02/10/2018 09:13:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (02/10/2018 09:06:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (02/10/2018 04:02:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/10/2018 01:13:19 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/10/2018 12:54:05 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/10/2018 12:47:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/09/2018 11:26:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/09/2018 11:19:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/09/2018 07:36:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
==================== Memory info ===========================
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16281.73 MB
Available physical RAM: 12894.32 MB
Total Virtual: 32561.65 MB
Available Virtual: 28900.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:384.98 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:622.6 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:2794.39 GB) (Free:78.25 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:263.32 GB) NTFS
Drive g: (Elements) (Fixed) (Total:2794.49 GB) (Free:150.69 GB) NTFS
Drive j: (Seagate Expansion Drive) (Fixed) (Total:1863.01 GB) (Free:552.45 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:7451.91 GB) (Free:5692.05 GB) NTFS
Drive l: (Elements) (Fixed) (Total:2794.49 GB) (Free:1039.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows 7 or (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 3 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: D05E9F5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 4 (Size: 2794.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 6.
========================================================
Disk: 7 (MBR Code: Windows 7 or (Size: 7452 GB) (Disk ID: 9FCACA4F)
Partition: GPT.
==================== End of Addition.txt ============================