Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Добър ден след като стартирам пц-то може би 10-на минути след това ми излзиа един прозорец като "цмд" 
Който се казва Таскенг.ехе интересно ми е дали това  не е вирус тъй като ми казаха че може да е троянец 



 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2020
Ran by GAMEPC (13-04-2020 13:05:30)
Running from C:\Users\GAMEPC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 09:32:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2297230751-1021565052-1431566534-500 - Administrator - Disabled)
GAMEPC (S-1-5-21-2297230751-1021565052-1431566534-1000 - Administrator - Enabled) => C:\Users\GAMEPC
Guest (S-1-5-21-2297230751-1021565052-1431566534-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.344 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AIDA64 Extreme v6.10 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.10 - FinalWire Ltd.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.3 - Electronic Arts, Inc.)
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CpuCoreParking (HKLM-x32\...\{0984C56D-2985-4786-AB62-39AB985E269C}) (Version: 2.1.2.0 - CpuCoreParking)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 Road to the Black Sea (HKLM-x32\...\Euro Truck Simulator 2 Road to the Black Sea_is1) (Version:  - )
FiveM (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
Google Chrome (HKLM\...\{DA081EB6-F64C-358C-9BB0-AF1EA8001F34}) (Version: 80.0.3987.163 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
House Flipper Garden (HKLM-x32\...\House Flipper Garden_is1) (Version:  - )
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.4763.1021 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 67.0 (x64 bg) (HKLM\...\Mozilla Firefox 67.0 (x64 bg)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA Graphics Driver 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8556 - Kakao Corp.)
qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.18.217 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.8 - Rockstar Games)
Shutdown8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
Spotify (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.3.1 (only current user) (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.1 - Streamlabs)
StreamLabels 0.3.8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.3.8 - Streamlabs)
Streamlabs OBS 0.16.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.16.3 - General Workings, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Viber (HKLM-x32\...\{0B3F5AEE-47B2-4A5F-8D02-289B7E0828E6}) (Version: 11.9.1.3 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8b6836ad-bf1d-4591-9f20-735338e295ea}) (Version: 11.9.1.3 - Viber Media S.a.r.l)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR 5.50 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2019-10-15] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\GAMEPC\Desktop\OSC - Пряк път.lnk -> C:\Users\GAMEPC\Desktop\moi neshta\OSC 1.9\OSC.exe (Frawzy) <==== Cyrillic
ShortcutWithArgument: C:\Users\GAMEPC\Desktop\moi neshta\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-08 12:27 - 2017-09-08 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
MSCONFIG\startupreg: FACEIT => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11074DEE-7B8C-4DC2-AE4C-93DF0A309913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D19357FE-92D5-4C15-865D-6BA1144E3141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21EB0059-8DA7-4F26-8EBC-947F0C4E2AAA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F8BB1871-4D02-4C5E-A222-4D557710B3E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{831352BE-7396-43E6-9657-9ED9D8BAB30D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB5ACC3F-22CB-469F-9EB3-8D69417E7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{43ADA9C0-2E56-45D1-B73D-9C89040C463D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{06129773-C563-4DFF-8D34-BEA82843A4F0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{0D1FADB8-FCE1-4E0E-B19A-D5490965A994}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F6FECCC1-1C2E-45A5-B7AC-EAF4B88229DF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{DEFA441A-0140-4630-9B49-0F0DB88705EC}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [UDP Query User{2F3AD7BE-C36D-4E24-BFFA-EED5BE5D11F4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{B5E37EE1-9BE1-4B57-9AD5-EEF981D7F031}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{DC6EA5CC-0B14-4DA5-BA55-E772E5860678}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{FF76D716-DBA6-437A-A34F-847AF6AB88AD}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{13A0D233-1007-4376-A4B4-1DA27C101ECB}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{86D55748-40A6-4288-AEF7-2C0B25BDF778}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{D8AE6DDF-C0F2-475C-AB9C-B84C11DDC8AB}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [TCP Query User{695C8135-FF2C-4E94-9566-E526643684CA}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
FirewallRules: [UDP Query User{3091889E-265D-4648-88DF-CEE54431325D}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
FirewallRules: [{DB2F74E8-C7EB-44B3-81D7-12B84175E2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E44676E1-030C-4238-B65F-434792B61DE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [TCP Query User{91266298-136D-4BB3-8C13-A850A76C9BF1}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{E3EAEE44-6095-4A5E-BE2F-F3E3F8349E0A}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2D541380-97BF-4291-BDBE-2F2228CAEA60}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{127D37C8-619F-462E-BE1A-E32131065FF4}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{3DE0592A-8D12-447D-939D-BCA439AFF137}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{33216198-C2C2-482B-9DC9-2D0D13DBB4FA}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{59D96386-6E3E-4356-8348-CF3CFA65A81B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{FFA55DD9-7016-4EC4-A808-1A467A45E95C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{DC649560-4400-4885-84A1-B96EE04BD03C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{962C91EA-9380-4D1D-8A2F-E951089E3F37}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [{A6CE7A48-587B-440C-A6B7-9B3AB8F758E0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CD3B56C1-242C-4706-81ED-FF29362608F3}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{9A6D9654-27A6-4122-9C9C-4D7727258BAA}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
FirewallRules: [UDP Query User{E49D6701-B325-4215-8711-030A5EC46C9B}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [{D70481FE-EDB4-4F66-A879-015B84C54F1C}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{0255AAE2-A93D-49F6-84EA-91CF71112821}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{3EEC0786-9E2E-4EAC-9CB1-97F68AE8DBDA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{F07A3467-6DA2-4A61-BFA9-75DFE2760BAA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{7BCD6AF7-E264-49EC-B3DF-0B903C656894}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{9796C8A1-0246-4D08-94F7-97B3A81204AF}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [{A383D054-F8C2-45B5-A517-E63819807BB6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FD87341A-3B7F-44E8-B09F-ADFBDF1B247D}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{F64B2B06-1EDF-4393-8640-332BC5898996}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{E2BBA317-E554-46F4-9705-DB7E4991BF19}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{06645CA2-731E-4100-8BFC-CF2887EC9BD4}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [UDP Query User{68EFF667-1BA0-46F4-B7E4-B8AC10475E9D}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [{B94666B2-3213-45DC-9A55-A01D147CA93D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{35AD171F-75C6-469B-A634-4E9ABEFB99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [TCP Query User{8333A1F9-D09D-4985-B9CD-10A78C408300}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
FirewallRules: [UDP Query User{D9E8A289-BA55-45AE-A241-45085DACBF2D}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
FirewallRules: [{F60269A0-9AA8-46D8-98B9-0A888500723C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C584D871-7182-4224-96CC-26C664539C6B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [{5C7D63B1-F70B-4ED6-A325-B196C2FEBB19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0ECBF459-D321-4FFE-A103-D92F19E70819}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{41EE669E-05F2-472E-BD87-338219AB5C30}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

==================== Restore Points =========================

07-04-2020 04:20:29 Планирана контролна точка
08-04-2020 21:01:42 Installed DirectX
08-04-2020 21:03:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-04-2020 03:12:38 Installed DirectX
12-04-2020 03:14:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/13/2020 12:43:23 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/13/2020 12:42:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
Код на изключение: 0xe0434352
Отместване на грешка: 0x0000c5af
ИД на процес на грешка: 0x5a4
Начален час на приложението с грешки: 0x01d61177bc69c281
Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
ИД на доклад: 078618cf-7d6b-11ea-a16d-94de809321cd

Error: (04/13/2020 12:41:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/12/2020 01:52:27 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/12/2020 01:51:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
Код на изключение: 0xe0434352
Отместване на грешка: 0x0000c5af
ИД на процес на грешка: 0x5a0
Начален час на приложението с грешки: 0x01d610b83a55eadf
Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
ИД на доклад: 8671c75e-7cab-11ea-97de-94de809321cd

Error: (04/12/2020 01:50:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/09/2020 09:03:40 AM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/09/2020 09:02:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
Код на изключение: 0xe0434352
Отместване на грешка: 0x0000c5af
ИД на процес на грешка: 0x5ac
Начален час на приложението с грешки: 0x01d60e346165c638
Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
ИД на доклад: ad3e8ed0-7a27-11ea-99ea-94de809321cd


System errors:
=============
Error: (04/13/2020 12:43:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
cdrom

Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
Услугата не отговори навреме на искане за стартиране или управление.

Error: (04/13/2020 12:42:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.

Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга Freemake Improver не може да бъде стартирана поради следната грешка: 
Услугата не отговори навреме на искане за стартиране или управление.

Error: (04/13/2020 12:42:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Freemake Improver да се свърже.

Error: (04/12/2020 01:52:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
cdrom

Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
Услугата не отговори навреме на искане за стартиране или управление.

Error: (04/12/2020 01:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.


CodeIntegrity:
===================================

Date: 2019-06-09 17:12:15.330
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 17:12:15.275
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 16:10:34.363
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 16:10:34.318
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-53D9481D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 05:58:19.154
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 05:58:19.101
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 05:31:45.759
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-09 05:31:45.707
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\GAMEPC\AppData\Local\Temp\ASC-6F3B2470\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

BIOS: Award Software International, Inc. F4b 04/26/2013
Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
Processor: AMD FX-8320E Eight-Core Processor 
Percentage of memory in use: 30%
Total physical RAM: 16381.54 MB
Available physical RAM: 11368.57 MB
Total Virtual: 32761.22 MB
Available Virtual: 26564.91 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:150 GB) (Free:33.1 GB) NTFS
Drive d: () (Fixed) (Total:781.41 GB) (Free:352.36 GB) NTFS

\\?\Volume{2f050b3f-9477-11e7-8c98-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0C59AE75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781.4 GB) - (Type=05)

==================== End of Addition.txt =======================





 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-04-2020
Ran by GAMEPC (administrator) on GAMEPC-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2P) (13-04-2020 13:04:14)
Running from C:\Users\GAMEPC\Downloads
Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Spotify] => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [FACEIT] => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [gtarcade] => "C:\Users\GAMEPC\AppData\Local\Gtarcade\app\gtarcade.exe"   /auto_start=1 
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {2d2c5be0-94b8-11e7-8704-048d38748987} - E:\setup.exe
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
ShortcutTarget: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK -> D:\heroes 3\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29CD2B59-F360-4EA0-8046-E993FB989355} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_pepper.exe [1453624 2020-03-11] (Adobe Inc. -> Adobe)
Task: {31987656-F768-4D69-96DF-7AD4AB429034} - System32\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
Task: {5A3FE129-72EA-42EB-BA09-CBF91559E528} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {64503CA0-D96B-485A-A2ED-32E1ADEC5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
Task: {A19D33FF-7FBC-4D6F-B122-FFBC2947D956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6} - System32\Tasks\GAMEPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v GAMEPC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
Task: {F67C982E-B27B-4B4D-B6F1-B5474BEA2341} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
Task: {FB761E82-2ABF-4B7D-A0A8-3F00F3533DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BFE47783-CFC6-4DEE-8858-A9889FC23A55}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 94.72.140.1

Internet Explorer:
==================
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: mrpwyf7s.default
FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2020-03-02]
FF user.js: detected! => C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\user.js [2019-01-02]
FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
FF Notifications: Mozilla\Firefox\Profiles\mrpwyf7s.default -> hxxps://www.instagram.com
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2020-01-04]
FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2019-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2020-04-13]
CHR Notifications: Default -> hxxps://csgofast.com; hxxps://forum.dmg-inc.com; hxxps://ghost-recon.ubisoft.com; hxxps://tinder.com; hxxps://www.emag.bg
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchURL: Default -> hxxps://tinder.com/static/android-chrome-192x192.png
CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
CHR Extension: (Tinder) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2019-04-05]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2020-03-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-02-17]

Opera: 
=======
OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2020-01-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-11-20] (BattlEye Innovations e.K. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2020-02-13] (Mixbyte Inc -> Freemake)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8019808 2018-03-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-05] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Windows -> Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [28216 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (Martin Malik - REALiX -> REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2019-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-13 13:04 - 2020-04-13 13:05 - 000018493 _____ C:\Users\GAMEPC\Downloads\FRST.txt
2020-04-13 13:03 - 2020-04-13 13:04 - 000000000 ____D C:\FRST
2020-04-13 13:02 - 2020-04-13 13:03 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
2020-04-13 13:02 - 2020-04-13 13:02 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\Непотвърдено 720436.crdownload
2020-04-12 15:52 - 2020-04-12 15:54 - 021108919 _____ C:\Users\GAMEPC\Downloads\IMG_0571.mov
2020-04-11 14:13 - 2020-04-11 14:13 - 000013913 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Longest.Railway.Tunnel.2020.1080i.HDTV.x264.torrent
2020-04-11 14:13 - 2020-04-11 14:13 - 000013724 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Super.Stadium.2020.1080i.HDTV.x264.torrent
2020-04-11 14:07 - 2020-04-11 14:07 - 000020396 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Tallest.Building.On.Earth.2020.720p.HDTV.x264.torrent
2020-04-11 14:07 - 2020-04-11 14:07 - 000013420 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Mega.Ship.2020.1080i.HDTV.x264.torrent
2020-04-10 13:56 - 2020-04-10 13:56 - 000011541 _____ C:\Users\GAMEPC\Downloads\Busty.Coeds.vs.Lusty.Cheerleaders.2011.HDRip.720p.x264.mp4.torrent
2020-04-09 13:58 - 2020-04-09 14:13 - 169566096 _____ C:\Users\GAMEPC\Downloads\twerk.AVI
2020-04-09 13:58 - 2020-04-09 14:06 - 058040907 _____ C:\Users\GAMEPC\Downloads\MOV01556.mpeg
2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\Users\Public\Desktop\VALORANT.lnk
2020-04-07 15:07 - 2020-04-07 15:07 - 000001655 _____ C:\ProgramData\Desktop\VALORANT.lnk
2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Riot Games
2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Riot Games
2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Riot Games
2020-04-07 15:05 - 2020-04-07 15:06 - 068288168 _____ (Riot Games, Inc.) C:\Users\GAMEPC\Downloads\Install VALORANT.exe
2020-04-06 20:12 - 2020-04-06 20:12 - 000016557 _____ C:\Users\GAMEPC\Downloads\Now.You.See.Me.2013.EXTENDED.480p.BDRip.x265.AC3.BGaudio-REFLUX.torrent
2020-04-06 20:08 - 2020-04-06 20:08 - 000011672 _____ C:\Users\GAMEPC\Downloads\The.Lone.Ranger.2013.BDRip.x264.BGAUDiO-SLSS.torrent
2020-04-06 20:05 - 2020-04-06 20:05 - 000014150 _____ C:\Users\GAMEPC\Downloads\Jack.the.Giant.Slayer.2013.576p.BDRip.x265.DUAL-REFLUX.torrent
2020-04-05 02:03 - 2020-04-05 02:03 - 000151200 _____ C:\Users\GAMEPC\Downloads\The.Penguins.of.Madagascar.2008.DVDRip.XviD.BGAUDIO-nikio96.torrent
2020-04-04 15:32 - 2020-04-04 15:32 - 000173894 _____ C:\Users\GAMEPC\Downloads\Hawaii.Five-0.S01.720p.WEB-DL.BG.ENG.H.264-smsliverpool.torrent
2020-04-04 14:41 - 2020-04-04 14:41 - 000053564 _____ C:\Users\GAMEPC\Downloads\Arrival__2016.(subs.sab.bz).rar
2020-04-04 14:41 - 2020-04-04 14:41 - 000011894 _____ C:\Users\GAMEPC\Downloads\Arrival.2016.576p.BDRIP.x264.AAC-GOD.torrent
2020-04-02 01:56 - 2020-04-02 01:56 - 000014519 _____ C:\Users\GAMEPC\Downloads\National.Treasure.2004.BRRip.XviD.BGAUDiO-ZmN.torrent
2020-04-01 02:07 - 2020-04-01 02:07 - 000055713 _____ C:\Users\GAMEPC\Downloads\Meet The Fockers [DVDRip][2004][BGAudio][BugzBunny].avi.torrent
2020-03-31 23:21 - 2020-03-31 23:21 - 000089245 _____ C:\Users\GAMEPC\Downloads\Addams.Family.Values.1993.1080p.BluRay.x264-SlzD.torrent
2020-03-31 23:21 - 2020-03-31 23:21 - 000026602 _____ C:\Users\GAMEPC\Downloads\addams.family.values.1993.bluray.bg(subsunacs.net).rar
2020-03-31 23:19 - 2020-03-31 23:19 - 000026083 _____ C:\Users\GAMEPC\Downloads\the_addams_family(subsunacs.net).zip
2020-03-31 23:19 - 2020-03-31 23:19 - 000015432 _____ C:\Users\GAMEPC\Downloads\The.Addams.Family.1991.HDTVRip.XviD.AC3-KiNGS.torrent
2020-03-30 23:36 - 2020-03-31 00:08 - 000000000 ____D C:\Users\GAMEPC\Documents\Assassin's Creed Syndicate
2020-03-30 23:36 - 2020-03-30 23:36 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\uplay
2020-03-30 21:17 - 2020-03-30 21:17 - 000058328 _____ C:\Users\GAMEPC\Downloads\Assassin's Creed Syndicate - Gold Edition + v1.5 + All DLCs [FitGirl Repack].torrent
2020-03-30 20:08 - 2020-03-30 20:08 - 001024240 _____ C:\Users\GAMEPC\Downloads\filmora-idco_setup_full1901.exe
2020-03-30 20:07 - 2020-03-30 20:07 - 001153264 _____ C:\Users\GAMEPC\Downloads\filmorapro_setup_full4895.exe
2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(2)
2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(1)
2020-03-30 20:02 - 2020-03-30 20:02 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder
2020-03-30 19:35 - 2020-03-30 19:37 - 135856128 _____ C:\Users\GAMEPC\Downloads\blender-2.82a-windows64.msi
2020-03-28 04:34 - 2020-03-28 04:35 - 018548431 _____ C:\Users\GAMEPC\Downloads\voicemod crack .rar
2020-03-28 04:22 - 2020-03-28 04:22 - 023272680 _____ (Voicemod S.L. ) C:\Users\GAMEPC\Downloads\VoicemodSetup.exe
2020-03-28 04:22 - 2019-07-02 17:50 - 000027648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
2020-03-26 16:39 - 2020-03-26 16:39 - 000021708 _____ C:\Users\GAMEPC\Downloads\the_hunt(subsunacs.net).7z
2020-03-26 16:38 - 2020-03-26 16:38 - 000038078 _____ C:\Users\GAMEPC\Downloads\The.Hunt.2020.1080p.AMZN.WEBRip.DDP5.1.x264-NTG.torrent
2020-03-25 22:47 - 2019-01-01 00:02 - 006045924 _____ C:\Users\GAMEPC\Desktop\meepoof_legacy_nonQcast.exe
2020-03-25 22:45 - 2020-03-25 22:45 - 005896438 _____ C:\Users\GAMEPC\Downloads\meepoofv1_legacy_nonQcast.zip
2020-03-25 02:45 - 2020-03-25 02:45 - 000002971 _____ C:\Users\GAMEPC\Downloads\Unacknowledged.2017.1080p.WEB.x265.AAC-Dr3adLoX.torrent
2020-03-25 02:42 - 2020-03-25 02:42 - 000013592 _____ C:\Users\GAMEPC\Downloads\Most.Evil.Egocentric.Killers.1080i.HDTV.x264.torrent
2020-03-24 19:05 - 2020-03-24 19:05 - 000002374 _____ C:\Users\GAMEPC\Desktop\StreamLabels.lnk
2020-03-24 19:04 - 2020-03-24 19:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\streamlabels-updater
2020-03-23 15:18 - 2020-03-23 15:18 - 000045449 _____ C:\Users\GAMEPC\Downloads\The_Invisible_Man.(subs.sab.bz).zip
2020-03-23 15:18 - 2020-03-23 15:18 - 000039071 _____ C:\Users\GAMEPC\Downloads\The.Invisible.Man.2020.1080p.WEB-DL.H264.AC3-EVO.torrent
2020-03-23 15:14 - 2020-03-23 15:14 - 000012215 _____ C:\Users\GAMEPC\Downloads\Toy.Story.4.2019.BRRip.x265.AC3.BGAUDiO-SiSO.torrent
2020-03-22 14:43 - 2020-03-22 14:43 - 000315856 _____ C:\Users\GAMEPC\Downloads\SHUTDOWN8-SETUP.EXE
2020-03-22 14:43 - 2020-03-22 14:43 - 000001043 _____ C:\Users\GAMEPC\Desktop\Shutdown8.lnk
2020-03-22 14:43 - 2020-03-22 14:43 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Shutdown8
2020-03-22 14:42 - 2020-03-22 14:42 - 000566784 _____ C:\Users\GAMEPC\Downloads\ShutDown.exe
2020-03-22 14:32 - 2020-03-16 16:07 - 039835432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-03-22 14:32 - 2020-03-16 16:07 - 022106560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-03-22 14:32 - 2020-03-16 16:07 - 018416616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-03-22 14:32 - 2020-03-16 16:06 - 004257984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000440040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000343784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 127357328 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 040314976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 029930728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 027555560 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 025239952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 011834784 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 010161040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 000420240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 029545584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 022880352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-03-22 14:32 - 2020-03-16 13:08 - 017464208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 015029992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 004988136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 004447648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 002068368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001720208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444274.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001560808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444274.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001476536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001363176 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001139832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001057696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000625776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000539880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000517232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000422328 _____ C:\Windows\system32\nvofapi64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000373360 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000182368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000164464 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000158304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000143288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 040502176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 035371424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 000518560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-03-22 14:28 - 2020-03-22 14:29 - 554302392 _____ (NVIDIA Corporation) C:\Users\GAMEPC\Downloads\442.74-desktop-win8-win7-64bit-international-whql.exe
2020-03-21 05:08 - 2020-03-21 05:08 - 000021014 _____ C:\Users\GAMEPC\Downloads\Scooby Doo Mystery Incorporated Season 2 DVDRip BG Audio - SPYRO.torrent
2020-03-20 16:09 - 2020-03-20 16:09 - 000077329 _____ C:\Users\GAMEPC\Downloads\_Yavka.net_The.Outsider.S01E01.WEBRip.x264-ION10.zip
2020-03-20 16:09 - 2020-03-20 16:09 - 000041769 _____ C:\Users\GAMEPC\Downloads\The.Outsider.2020.S01E01.WEB.H264-XLF.torrent
2020-03-20 15:11 - 2020-03-20 15:11 - 000056630 _____ C:\Users\GAMEPC\Downloads\Secret.Window.2004.DVDrip.XviD.Brutus-WORKZ.torrent
2020-03-20 15:08 - 2020-03-20 15:08 - 000025691 _____ C:\Users\GAMEPC\Downloads\1408.2007.Director_s.Cut.720p.HDDVD.x264_CtrlHD.(subs.sab.bz).rar
2020-03-20 15:07 - 2020-03-20 15:07 - 000014658 _____ C:\Users\GAMEPC\Downloads\1408.2007.BRRip.XViD.AC3 -playXD.torrent
2020-03-20 15:03 - 2020-03-20 15:03 - 000014435 _____ C:\Users\GAMEPC\Downloads\Daybreakers.2009.BDRip.x264.AAC.BGAUDiO-SiSO.torrent
2020-03-20 14:59 - 2020-03-20 14:59 - 000056731 _____ C:\Users\GAMEPC\Downloads\Dreamcatcher.DVDrip.AC3.torrent
2020-03-19 14:12 - 2020-03-19 14:22 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ShootersPool
2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\Documents\ShootersPool
2020-03-19 14:12 - 2020-03-19 14:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\ShootersPool
2020-03-19 13:39 - 2020-03-19 13:57 - 1545182216 _____ C:\Users\GAMEPC\Downloads\ShootersPool-1.8.2c_Setup.exe
2020-03-17 16:31 - 2020-03-17 16:31 - 000033204 _____ C:\Users\GAMEPC\Downloads\swtros_2019_web_unacs_team(subsunacs.net).rar
2020-03-17 16:30 - 2020-03-17 16:30 - 000027541 _____ C:\Users\GAMEPC\Downloads\Star.Wars.Episode.IX.The.Rise.of.Skywalker.2020.HDRip.AC3.x264-CMRG.torrent
2020-03-15 14:48 - 2020-03-15 14:48 - 000013669 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Austria's.Mega.Dam.2020.1080i.HDTV.x264.torrent
2020-03-15 00:26 - 2020-03-15 00:30 - 068914501 _____ C:\Users\GAMEPC\Downloads\FullSizeRender.mov
2020-03-14 19:01 - 2020-03-14 19:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\CitizenFX
2020-03-14 18:50 - 2020-04-09 18:17 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\FiveM
2020-03-14 18:50 - 2020-03-14 18:50 - 008885192 _____ (cfx-collective) C:\Users\GAMEPC\Downloads\FiveM.exe
2020-03-14 18:50 - 2020-03-14 18:50 - 000002024 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM Singleplayer.lnk
2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\Desktop\FiveM Singleplayer.lnk
2020-03-14 18:50 - 2020-03-14 18:50 - 000002016 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2020-03-14 18:50 - 2020-03-14 18:50 - 000002008 _____ C:\Users\GAMEPC\Desktop\FiveM.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-13 12:56 - 2017-09-23 18:42 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-13 12:51 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-13 12:49 - 2019-03-14 23:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Spotify
2020-04-13 12:44 - 2017-09-09 22:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
2020-04-13 12:42 - 2019-03-14 23:37 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Spotify
2020-04-13 12:42 - 2017-09-08 14:03 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-13 12:41 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-13 03:59 - 2019-07-31 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\obs-studio
2020-04-13 03:38 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-sys.job
2020-04-13 02:45 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job
2020-04-12 03:45 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Origin
2020-04-12 03:12 - 2019-02-11 22:09 - 000000000 ____D C:\ProgramData\Origin
2020-04-12 03:11 - 2019-12-26 03:16 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-12 03:11 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Origin
2020-04-11 17:11 - 2017-09-10 01:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-08 00:03 - 2017-09-08 13:35 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-06 03:47 - 2017-09-19 23:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\TS3Client
2020-04-03 11:39 - 2018-01-11 17:53 - 000640612 _____ C:\Windows\system32\perfh002.dat
2020-04-03 11:39 - 2018-01-11 17:53 - 000114470 _____ C:\Windows\system32\perfc002.dat
2020-04-03 11:39 - 2009-07-14 08:13 - 001498588 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-03 11:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2020-03-31 00:08 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-03-30 20:00 - 2019-08-08 04:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
2020-03-28 04:27 - 2017-09-08 15:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
2020-03-24 19:05 - 2019-10-04 14:40 - 000002382 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2020-03-24 19:02 - 2019-07-31 03:15 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\slobs-client
2020-03-24 19:01 - 2019-07-31 03:14 - 000000000 ____D C:\Program Files\Streamlabs OBS
2020-03-21 16:32 - 2018-11-03 19:10 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\DigitalEntitlements
2020-03-21 02:54 - 2017-09-08 13:35 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 02:54 - 2017-09-08 13:35 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee
2020-03-20 17:01 - 2017-12-06 19:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
2020-03-19 14:12 - 2018-07-27 18:56 - 000466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2020-03-19 14:12 - 2018-07-27 18:56 - 000444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2020-03-19 14:12 - 2018-07-27 18:56 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2020-03-19 14:12 - 2018-07-27 18:56 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2020-03-19 03:22 - 2018-10-18 17:36 - 000000979 _____ C:\ProgramData\Desktop\PotPlayer 64 bit.lnk
2020-03-16 16:07 - 2020-03-11 03:56 - 034369720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-03-16 16:07 - 2017-09-08 14:02 - 004813752 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-03-16 13:09 - 2017-09-08 14:02 - 000502672 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-03-16 13:08 - 2020-03-11 03:56 - 000469904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-03-14 01:34 - 2017-09-08 13:21 - 000052925 _____ C:\Windows\system32\nvinfo.pb
2020-03-14 00:04 - 2017-09-08 14:03 - 005580272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 002631480 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 000660792 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 000447464 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 000121328 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-03-14 00:04 - 2017-09-08 14:03 - 000074552 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

==================== Files in the root of some directories ========

2020-02-19 00:22 - 2020-02-19 00:22 - 000000733 _____ () C:\Users\GAMEPC\AppData\Local\recently-used.xbel
2018-12-17 21:42 - 2018-12-23 19:48 - 000007597 _____ () C:\Users\GAMEPC\AppData\Local\Resmon.ResmonCfg
2019-08-14 02:36 - 2019-08-14 02:36 - 000000003 _____ () C:\Users\GAMEPC\AppData\Local\updater.log
2019-08-14 02:36 - 2019-08-14 02:36 - 000000424 _____ () C:\Users\GAMEPC\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-07 04:13
==================== End of FRST.txt ========================

Линк към този отговор
Сподели в други сайтове

Здравейте,

taskeng.exe не е вирус, но отговаря за планираните задачи, а в тях се вижда една зловредна такава най-вероятно инсталирана от нелицензирана игра за да трупа посещения на даден сайт.

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe (в папката C:\Users\GAMEPC\Downloads)

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това направете нова проверка с FRST64 и прикачете новите резултати.

Поздрави!

Линк към този отговор
Сподели в други сайтове

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by GAMEPC (19-04-2020 20:53:55)
Running from C:\Users\GAMEPC\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-09-08 09:32:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2297230751-1021565052-1431566534-500 - Administrator - Disabled)
GAMEPC (S-1-5-21-2297230751-1021565052-1431566534-1000 - Administrator - Enabled) => C:\Users\GAMEPC
Guest (S-1-5-21-2297230751-1021565052-1431566534-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.363 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
AIDA64 Extreme v6.10 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.10 - FinalWire Ltd.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.3.3 - Electronic Arts, Inc.)
ATI Catalyst Install Manager (HKLM\...\{DC9C8BC1-72CE-B5FE-EA4F-6D9127E51746}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CpuCoreParking (HKLM-x32\...\{0984C56D-2985-4786-AB62-39AB985E269C}) (Version: 2.1.2.0 - CpuCoreParking)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Discord) (Version: 0.0.306 - Discord Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Euro Truck Simulator 2 Road to the Black Sea (HKLM-x32\...\Euro Truck Simulator 2 Road to the Black Sea_is1) (Version:  - )
FiveM (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.14.5270 - Gretech Corporation)
Google Chrome (HKLM\...\{DA081EB6-F64C-358C-9BB0-AF1EA8001F34}) (Version: 80.0.3987.163 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 171 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.4763.1021 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 67.0 (x64 bg) (HKLM\...\Mozilla Firefox 67.0 (x64 bg)) (Version: 67.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA Graphics Driver 442.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.74 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.2.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 200317 - Kakao Corp.)
PotPlayer-64 bit (HKLM-x32\...\PotPlayer64) (Version: 1.7.8556 - Kakao Corp.)
qBittorrent 4.2.1 (HKLM-x32\...\qBittorrent) (Version: 4.2.1 - The qBittorrent project)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.18.217 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.8 - Rockstar Games)
Shutdown8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Shutdown8) (Version: 1.08 - Bandisoft.com)
Spotify (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Spotify) (Version: 1.1.30.658.gf13cde74 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.3.1 (only current user) (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.1 - Streamlabs)
StreamLabels 0.3.8 (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.3.8 - Streamlabs)
Streamlabs OBS 0.16.3 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.16.3 - General Workings, Inc.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
Viber (HKLM-x32\...\{0B3F5AEE-47B2-4A5F-8D02-289B7E0828E6}) (Version: 11.9.1.3 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\{8b6836ad-bf1d-4591-9f20-735338e295ea}) (Version: 11.9.1.3 - Viber Media S.a.r.l)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRAR 5.50 (64-битова версия) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2020-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\system32\prodad-codec.dll [607256 2019-10-15] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\SysWOW64\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\SysWOW64\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\SysWOW64\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\SysWOW64\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-20] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\SysWOW64\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\GAMEPC\Desktop\OSC - Пряк път.lnk -> C:\Users\GAMEPC\Desktop\moi neshta\OSC 1.9\OSC.exe (Frawzy) <==== Cyrillic
ShortcutWithArgument: C:\Users\GAMEPC\Desktop\moi neshta\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Приложения в Chrome\Tinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hejiihbkifllpgdfndalmghiodgkefan
ShortcutWithArgument: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-09-08 12:27 - 2017-09-08 12:27 - 002651136 _____ (Microsoft Corporation) [File not signed] c:\windows\system32\wuaueng2.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-12-26 03:16 - 2020-04-12 03:11 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EpicGamesLauncher => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
MSCONFIG\startupreg: FACEIT => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\GAMEPC\AppData\Local\Viber\Viber.exe" StartMinimized

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11074DEE-7B8C-4DC2-AE4C-93DF0A309913}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D19357FE-92D5-4C15-865D-6BA1144E3141}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21EB0059-8DA7-4F26-8EBC-947F0C4E2AAA}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{F8BB1871-4D02-4C5E-A222-4D557710B3E1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{831352BE-7396-43E6-9657-9ED9D8BAB30D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AB5ACC3F-22CB-469F-9EB3-8D69417E7CD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{43ADA9C0-2E56-45D1-B73D-9C89040C463D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{06129773-C563-4DFF-8D34-BEA82843A4F0}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{0D1FADB8-FCE1-4E0E-B19A-D5490965A994}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [UDP Query User{F6FECCC1-1C2E-45A5-B7AC-EAF4B88229DF}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{DEFA441A-0140-4630-9B49-0F0DB88705EC}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [UDP Query User{2F3AD7BE-C36D-4E24-BFFA-EED5BE5D11F4}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe (PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [{B5E37EE1-9BE1-4B57-9AD5-EEF981D7F031}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{DC6EA5CC-0B14-4DA5-BA55-E772E5860678}] => (Allow) D:\SteamLibrary\steamapps\common\TheLongDark\tld.exe () [File not signed]
FirewallRules: [{FF76D716-DBA6-437A-A34F-847AF6AB88AD}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{13A0D233-1007-4376-A4B4-1DA27C101ECB}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{86D55748-40A6-4288-AEF7-2C0B25BDF778}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{D8AE6DDF-C0F2-475C-AB9C-B84C11DDC8AB}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [TCP Query User{695C8135-FF2C-4E94-9566-E526643684CA}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
FirewallRules: [UDP Query User{3091889E-265D-4648-88DF-CEE54431325D}C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_116381722\java.exe
FirewallRules: [{DB2F74E8-C7EB-44B3-81D7-12B84175E2EA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E44676E1-030C-4238-B65F-434792B61DE5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [TCP Query User{91266298-136D-4BB3-8C13-A850A76C9BF1}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{E3EAEE44-6095-4A5E-BE2F-F3E3F8349E0A}D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2D541380-97BF-4291-BDBE-2F2228CAEA60}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{127D37C8-619F-462E-BE1A-E32131065FF4}] => (Allow) D:\SteamLibrary\steamapps\common\EasyAntiCheat\EasyAntiCheat.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{3DE0592A-8D12-447D-939D-BCA439AFF137}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{33216198-C2C2-482B-9DC9-2D0D13DBB4FA}C:\users\gamepc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gamepc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [{59D96386-6E3E-4356-8348-CF3CFA65A81B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{FFA55DD9-7016-4EC4-A808-1A467A45E95C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{DC649560-4400-4885-84A1-B96EE04BD03C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{962C91EA-9380-4D1D-8A2F-E951089E3F37}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [{A6CE7A48-587B-440C-A6B7-9B3AB8F758E0}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CD3B56C1-242C-4706-81ED-FF29362608F3}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{9A6D9654-27A6-4122-9C9C-4D7727258BAA}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
FirewallRules: [UDP Query User{E49D6701-B325-4215-8711-030A5EC46C9B}C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (cfx-collective) [File not signed]
FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [{D70481FE-EDB4-4F66-A879-015B84C54F1C}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{0255AAE2-A93D-49F6-84EA-91CF71112821}] => (Allow) D:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (Bluehole, Inc. -> PUBG Corporation )
FirewallRules: [{3EEC0786-9E2E-4EAC-9CB1-97F68AE8DBDA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{F07A3467-6DA2-4A61-BFA9-75DFE2760BAA}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{7BCD6AF7-E264-49EC-B3DF-0B903C656894}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{9796C8A1-0246-4D08-94F7-97B3A81204AF}] => (Allow) D:\SteamLibrary\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [{A383D054-F8C2-45B5-A517-E63819807BB6}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{FD87341A-3B7F-44E8-B09F-ADFBDF1B247D}] => (Allow) D:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{F64B2B06-1EDF-4393-8640-332BC5898996}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [UDP Query User{E2BBA317-E554-46F4-9705-DB7E4991BF19}D:\apex\apex\r5apex.exe] => (Allow) D:\apex\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{06645CA2-731E-4100-8BFC-CF2887EC9BD4}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [UDP Query User{68EFF667-1BA0-46F4-B7E4-B8AC10475E9D}C:\users\gamepc\appdata\local\fivem\fivem.exe] => (Allow) C:\users\gamepc\appdata\local\fivem\fivem.exe (cfx-collective) [File not signed]
FirewallRules: [{B94666B2-3213-45DC-9A55-A01D147CA93D}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{35AD171F-75C6-469B-A634-4E9ABEFB99C0}] => (Allow) D:\SteamLibrary\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [TCP Query User{8333A1F9-D09D-4985-B9CD-10A78C408300}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
FirewallRules: [UDP Query User{D9E8A289-BA55-45AE-A241-45085DACBF2D}C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\gamepc\appdata\roaming\acestream\engine\ace_engine.exe (Innovative Digital Technologies -> )
FirewallRules: [{F60269A0-9AA8-46D8-98B9-0A888500723C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C584D871-7182-4224-96CC-26C664539C6B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe No File
FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe No File
FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [{5C7D63B1-F70B-4ED6-A325-B196C2FEBB19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0ECBF459-D321-4FFE-A103-D92F19E70819}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{41EE669E-05F2-472E-BD87-338219AB5C30}] => (Allow) D:\apex\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{6E11EE90-C1C9-4639-8EEF-B7E2948337D3}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{069999EA-D06B-4125-8C5E-A8ECA7E8AFAC}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File

==================== Restore Points =========================

08-04-2020 21:01:42 Installed DirectX
08-04-2020 21:03:15 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-04-2020 03:12:38 Installed DirectX
12-04-2020 03:14:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
16-04-2020 01:03:53 Installed DirectX
16-04-2020 21:14:28 Installed DirectX
19-04-2020 20:38:57 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/19/2020 08:46:30 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/19/2020 08:46:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
Код на изключение: 0xe0434352
Отместване на грешка: 0x0000c5af
ИД на процес на грешка: 0x5bc
Начален час на приложението с грешки: 0x01d61672638b3c36
Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
ИД на доклад: ae6be919-8265-11ea-aee8-94de809321cd

Error: (04/19/2020 08:46:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/19/2020 08:38:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Достъпът е отказан.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ba0200be-00e9-4571-9dc9-e302652a2e9b}

Error: (04/19/2020 01:11:05 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/19/2020 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Име на приложение с грешки: FreemakeUtilsService.exe, версия: 1.0.0.0, времево клеймо: 0x5e454538
Име на модул с грешки: KERNELBASE.dll, версия: 6.1.7601.24408, времево клеймо: 0x5c92f101
Код на изключение: 0xe0434352
Отместване на грешка: 0x0000c5af
ИД на процес на грешка: 0x5b4
Начален час на приложението с грешки: 0x01d616329a39c138
Път на приложението с грешки: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Път на модула с грешки: C:\Windows\syswow64\KERNELBASE.dll
ИД на доклад: e5abb1a0-8225-11ea-8d80-94de809321cd

Error: (04/19/2020 01:09:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Program.Main(System.String[])

Error: (04/17/2020 12:09:55 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at SetupAfterRebootService.SetupARService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (04/19/2020 08:46:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
cdrom

Error: (04/19/2020 08:46:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга Freemake Improver не може да бъде стартирана поради следната грешка: 
Услугата не отговори навреме на искане за стартиране или управление.

Error: (04/19/2020 08:46:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Freemake Improver да се свърже.

Error: (04/19/2020 08:38:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Услуга Steam Client Service беше прекъсната неочаквано. Това се е случвало с нея 1 път(и).

Error: (04/19/2020 08:38:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Услуга NVIDIA Display Container LS беше прекъсната неочаквано. Това се е случвало с нея 1 път(и). След 6000 милисекунди ще бъде предприето следното коригиращо действие: Рестартиране на услугата.

Error: (04/19/2020 01:11:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Неуспешно зареждане на следния драйвер, който се активира с включване на компютъра или стартиране на системата: 
cdrom

Error: (04/19/2020 01:10:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Услуга Origin Web Helper Service не може да бъде стартирана поради следната грешка: 
Услугата не отговори навреме на искане за стартиране или управление.

Error: (04/19/2020 01:10:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Изтекъл период на изчакване (30000 милисекунди) при изчакване на услуга Origin Web Helper Service да се свърже.


CodeIntegrity:
===================================

Date: 2020-04-17 23:23:21.206
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FWPUCLNT.DLL because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:23:19.301
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mswsock.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:23:18.832
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\api-ms-win-core-synch-l1-2-0.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:23:09.116
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FWPUCLNT.DLL because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:22:50.080
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\XAudio2_7.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:22:50.001
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Riot Games\VALORANT\live\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbisfile_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:22:49.884
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Riot Games\VALORANT\live\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbis_64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-04-17 23:22:49.843
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Riot Games\VALORANT\live\Engine\Binaries\ThirdParty\Ogg\Win64\VS2015\libogg_64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: Award Software International, Inc. F4b 04/26/2013
Motherboard: Gigabyte Technology Co., Ltd. GA-78LMT-S2P
Processor: AMD FX-8320E Eight-Core Processor 
Percentage of memory in use: 24%
Total physical RAM: 16381.54 MB
Available physical RAM: 12383.34 MB
Total Virtual: 32761.22 MB
Available Virtual: 28047.87 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:150 GB) (Free:39.28 GB) NTFS
Drive d: () (Fixed) (Total:781.41 GB) (Free:372.92 GB) NTFS

\\?\Volume{2f050b3f-9477-11e7-8c98-806e6f6e6963}\ (Резервирана за системата) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0C59AE75)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=781.4 GB) - (Type=05)

==================== End of Addition.txt =======================


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by GAMEPC (administrator) on GAMEPC-PC (Gigabyte Technology Co., Ltd. GA-78LMT-S2P) (19-04-2020 20:52:37)
Running from C:\Users\GAMEPC\Downloads
Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Spotify] => C:\Users\GAMEPC\AppData\Roaming\Spotify\Spotify.exe [22932200 2020-04-09] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [FACEIT] => "C:\Users\GAMEPC\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [gtarcade] => "C:\Users\GAMEPC\AppData\Local\Gtarcade\app\gtarcade.exe"   /auto_start=1 
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [Discord] => C:\Users\GAMEPC\AppData\Local\Discord\app-0.0.306\Discord.exe [90950968 2020-02-24] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {2d2c5be0-94b8-11e7-8704-048d38748987} - E:\setup.exe
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\MountPoints2: {609d2171-c4d2-11e7-a1c0-048d38748987} - E:\Lenovo_Suite.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
ShortcutTarget: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK -> D:\heroes 3\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29CD2B59-F360-4EA0-8046-E993FB989355} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-15] (Adobe Inc. -> Adobe)
Task: {31987656-F768-4D69-96DF-7AD4AB429034} - System32\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
Task: {5A3FE129-72EA-42EB-BA09-CBF91559E528} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {64503CA0-D96B-485A-A2ED-32E1ADEC5130} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)
Task: {A19D33FF-7FBC-4D6F-B122-FFBC2947D956} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-15] (Adobe Inc. -> Adobe)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {F67C982E-B27B-4B4D-B6F1-B5474BEA2341} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_Plugin.exe [1458232 2020-04-15] (Adobe Inc. -> Adobe)
Task: {FB761E82-2ABF-4B7D-A0A8-3F00F3533DD3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-08] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BFE47783-CFC6-4DEE-8858-A9889FC23A55}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F8E6BFBF-08DD-4CEC-8468-25670AF9DFE4}: [DhcpNameServer] 94.72.140.1

Internet Explorer:
==================
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: mrpwyf7s.default
FF ProfilePath: C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default [2020-04-19]
FF user.js: detected! => C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\user.js [2019-01-02]
FF Homepage: Mozilla\Firefox\Profiles\mrpwyf7s.default -> google.bg
FF Notifications: Mozilla\Firefox\Profiles\mrpwyf7s.default -> hxxps://www.instagram.com
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2020-01-04]
FF Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Mozilla\Firefox\Profiles\mrpwyf7s.default\Extensions\[email protected] [2019-01-31]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_363.dll [2020-04-15] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_363.dll [2020-04-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-04-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default [2020-04-19]
CHR Notifications: Default -> hxxps://csgofast.com; hxxps://forum.dmg-inc.com; hxxps://ghost-recon.ubisoft.com; hxxps://tinder.com; hxxps://www.emag.bg
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchURL: Default -> hxxps://tinder.com/static/android-chrome-192x192.png
CHR Extension: (Презентации) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Документи) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Диск) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (YouTube) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-08]
CHR Extension: (Таблици) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Документи офлайн) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-10]
CHR Extension: (Tinder) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejiihbkifllpgdfndalmghiodgkefan [2019-04-05]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2020-03-17]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR Profile: C:\Users\GAMEPC\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-19]

Opera: 
=======
OPR Extension: (uBlock Origin) - C:\Users\GAMEPC\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2020-01-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8402648 2019-11-20] (BattlEye Innovations e.K. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291392 2017-08-17] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2020-02-13] (Mixbyte Inc -> Freemake)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8019808 2018-03-29] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1688720 2020-03-05] (Rockstar Games, Inc. -> Rockstar Games)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2017-09-08] (Realtek Semiconductor.) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9484920 2020-04-14] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-06-20] (Microsoft Windows -> Microsoft Corporation)
R2 wuauserv; C:\Windows\system32\wuaueng2.dll [2651136 2017-09-08] (Microsoft Corporation) [File not signed]
S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-09-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R0 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [67128 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [28216 2009-04-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2009-05-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-09-11] (Disc Soft Ltd -> Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-09-08] (Martin Malik - REALiX -> REALiX(tm))
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2017-09-08] (Qualcomm Atheros -> Qualcomm Atheros Co., Ltd.)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69840 2019-07-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [61656 2017-09-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
R3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [34872 2009-04-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [3123760 2020-04-14] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VOICEMOD_Driver; C:\Windows\System32\drivers\vmdrv.sys [27648 2019-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 20:52 - 2020-04-19 20:53 - 000018271 _____ C:\Users\GAMEPC\Downloads\FRST.txt
2020-04-19 20:38 - 2020-04-19 20:43 - 000002133 _____ C:\Users\GAMEPC\Downloads\Fixlog.txt
2020-04-19 20:36 - 2020-04-19 20:36 - 002281984 _____ (Farbar) C:\Users\GAMEPC\Downloads\FRST64.exe
2020-04-18 15:25 - 2020-04-18 15:25 - 000013728 _____ C:\Users\GAMEPC\Downloads\Richard.Hammond's.Big.Gulf.Oil.Platform.2020.1080i.HDTV.x264.torrent
2020-04-17 15:04 - 2020-04-17 15:04 - 000000000 ____D C:\ProgramData\obs-studio-hook
2020-04-16 21:13 - 2020-04-16 21:24 - 000001655 _____ C:\Users\Public\Desktop\VALORANT.lnk
2020-04-16 21:13 - 2020-04-16 21:24 - 000001655 _____ C:\ProgramData\Desktop\VALORANT.lnk
2020-04-16 21:12 - 2020-04-16 21:12 - 000000000 ____D C:\Riot Games
2020-04-16 21:11 - 2020-04-16 21:11 - 068288168 _____ (Riot Games, Inc.) C:\Users\GAMEPC\Downloads\Install VALORANT.exe
2020-04-16 01:20 - 2020-04-19 20:48 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2020-04-16 01:18 - 2020-04-16 01:18 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\ShooterGame
2020-04-16 01:03 - 2020-04-16 01:03 - 000000000 ____D C:\Program Files\Riot Vanguard
2020-04-13 13:03 - 2020-04-19 20:53 - 000000000 ____D C:\FRST
2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-07 15:07 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2020-04-07 15:06 - 2020-04-16 01:18 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Riot Games
2020-04-07 15:06 - 2020-04-07 15:07 - 000000000 ____D C:\ProgramData\Riot Games
2020-03-30 23:36 - 2020-03-30 23:36 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\uplay
2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(2)
2020-03-30 20:03 - 2020-03-30 20:03 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder(1)
2020-03-30 20:02 - 2020-03-30 20:02 - 000000000 ____D C:\Users\GAMEPC\Documents\New Folder
2020-03-28 04:22 - 2019-07-02 17:50 - 000027648 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vmdrv.sys
2020-03-25 22:47 - 2019-01-01 00:02 - 006045924 _____ C:\Users\GAMEPC\Desktop\meepoof_legacy_nonQcast.exe
2020-03-24 19:05 - 2020-03-24 19:05 - 000002374 _____ C:\Users\GAMEPC\Desktop\StreamLabels.lnk
2020-03-24 19:04 - 2020-03-24 19:05 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\streamlabels-updater
2020-03-22 14:43 - 2020-03-22 14:43 - 000001043 _____ C:\Users\GAMEPC\Desktop\Shutdown8.lnk
2020-03-22 14:43 - 2020-03-22 14:43 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Shutdown8
2020-03-22 14:32 - 2020-03-16 16:07 - 039835432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-03-22 14:32 - 2020-03-16 16:07 - 022106560 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-03-22 14:32 - 2020-03-16 16:07 - 018416616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-03-22 14:32 - 2020-03-16 16:06 - 004257984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001729440 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001329576 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 001079208 _____ C:\Windows\system32\vulkan-1.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000937920 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000440040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-22 14:32 - 2020-03-16 13:10 - 000343784 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 127357328 _____ (NVIDIA Corp.) C:\Windows\system32\nvoptix.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 040314976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 029930728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 027555560 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 025239952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 011834784 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 010161040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2020-03-22 14:32 - 2020-03-16 13:09 - 000420240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 029545584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 022880352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-03-22 14:32 - 2020-03-16 13:08 - 017464208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 015029992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 004988136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 004447648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 002068368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001720208 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6444274.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001560808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6444274.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001476536 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001363176 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001139832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 001057696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000625776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000539880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000517232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000422328 _____ C:\Windows\system32\nvofapi64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000373360 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000182368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000164464 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000158304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-03-22 14:32 - 2020-03-16 13:08 - 000143288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 040502176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 035371424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2020-03-22 14:32 - 2020-03-16 13:07 - 000518560 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-19 20:49 - 2019-03-14 23:38 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Spotify
2020-04-19 20:49 - 2017-09-09 22:09 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\discord
2020-04-19 20:47 - 2019-03-14 23:37 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Spotify
2020-04-19 20:46 - 2017-09-08 14:03 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-19 20:45 - 2009-07-14 08:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-19 19:38 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-sys.job
2020-04-19 18:45 - 2019-08-14 02:36 - 000000390 _____ C:\Windows\Tasks\update-S-1-5-21-2297230751-1021565052-1431566534-1000.job
2020-04-19 18:12 - 2017-09-23 18:42 - 000000000 ____D C:\Program Files (x86)\Steam
2020-04-19 15:10 - 2017-12-06 19:25 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\ViberPC
2020-04-19 14:06 - 2017-10-13 16:36 - 000000000 ____D C:\Users\GAMEPC\Documents\ViberDownloads
2020-04-19 13:19 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-04-19 13:19 - 2009-07-14 07:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-04-19 04:01 - 2019-07-31 00:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\obs-studio
2020-04-18 15:32 - 2017-09-10 01:33 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\qBittorrent
2020-04-18 00:41 - 2017-09-19 23:12 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\TS3Client
2020-04-15 17:27 - 2017-09-18 19:14 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-04-15 17:27 - 2017-09-18 19:14 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-04-15 17:27 - 2017-09-18 19:14 - 000004478 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-15 17:27 - 2017-09-18 19:14 - 000004324 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-04-15 17:27 - 2017-09-18 19:14 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-04-15 17:27 - 2017-09-18 19:14 - 000000000 ____D C:\Windows\system32\Macromed
2020-04-15 16:27 - 2018-03-14 01:27 - 000004466 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-04-13 23:47 - 2017-09-08 15:54 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\CrashDumps
2020-04-13 20:15 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\Origin
2020-04-13 20:15 - 2019-02-11 22:09 - 000000000 ____D C:\ProgramData\Origin
2020-04-13 19:10 - 2019-12-26 03:14 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\Origin
2020-04-12 03:11 - 2019-12-26 03:16 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-09 18:17 - 2020-03-14 18:50 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\FiveM
2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-08 00:03 - 2018-11-16 15:10 - 000002181 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-04-08 00:03 - 2017-09-08 13:35 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-03 11:39 - 2018-01-11 17:53 - 000640612 _____ C:\Windows\system32\perfh002.dat
2020-04-03 11:39 - 2018-01-11 17:53 - 000114470 _____ C:\Windows\system32\perfc002.dat
2020-04-03 11:39 - 2009-07-14 08:13 - 001498588 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-03 11:39 - 2009-07-14 06:20 - 000000000 ____D C:\Windows\inf
2020-03-31 00:08 - 2009-07-14 08:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-03-30 20:00 - 2019-08-08 04:08 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\NVIDIA
2020-03-24 19:05 - 2019-10-04 14:40 - 000002382 _____ C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2020-03-24 19:02 - 2019-07-31 03:15 - 000000000 ____D C:\Users\GAMEPC\AppData\Roaming\slobs-client
2020-03-24 19:01 - 2019-07-31 03:14 - 000000000 ____D C:\Program Files\Streamlabs OBS
2020-03-21 16:32 - 2018-11-03 19:10 - 000000000 ____D C:\Users\GAMEPC\AppData\Local\DigitalEntitlements
2020-03-21 02:54 - 2017-09-08 13:35 - 000003434 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 02:54 - 2017-09-08 13:35 - 000003306 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee

==================== Files in the root of some directories ========

2020-02-19 00:22 - 2020-02-19 00:22 - 000000733 _____ () C:\Users\GAMEPC\AppData\Local\recently-used.xbel
2018-12-17 21:42 - 2018-12-23 19:48 - 000007597 _____ () C:\Users\GAMEPC\AppData\Local\Resmon.ResmonCfg
2019-08-14 02:36 - 2019-08-14 02:36 - 000000003 _____ () C:\Users\GAMEPC\AppData\Local\updater.log
2019-08-14 02:36 - 2019-08-14 02:36 - 000000424 _____ () C:\Users\GAMEPC\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-04-17 02:27
==================== End of FRST.txt ========================

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by GAMEPC (19-04-2020 20:38:54) Run:1
Running from C:\Users\GAMEPC\Downloads
Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\Run: [GAMEPC] => explorer.exe hxxp://dinoraptzor.org <==== ATTENTION
Task: {C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6} - System32\Tasks\GAMEPC => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v GAMEPC /t REG_SZ /d "explorer.exe hxxp://dinoraptzor.org" <==== ATTENTION
EmptyTemp:
end
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GAMEPC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C84BADD3-E09D-4A90-9F80-FC6F9C4BF9D6}" => removed successfully
C:\Windows\System32\Tasks\GAMEPC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GAMEPC" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4431452 B
Java, Flash, Steam htmlcache => 405996524 B
Windows/system/drivers => 66551455 B
Edge => 0 B
Chrome => 988507434 B
Firefox => 668522356 B
Opera => 181884847 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 71044 B
LocalService => 71044 B
NetworkService => 71044 B
GAMEPC => 110204374 B

RecycleBin => 421 B
EmptyTemp: => 2.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:43:49 ====

Линк към този отговор
Сподели в други сайтове

Здравейте,

Не се виждат повече зловредни обекти. Как е положението сега?

Иначе все пак написах скрипт, който ако искате можете да стартирате за да премахнете невалидни остатъчни записи за да оптимизирате малко работата на Операционната Система.

Изтеглете fixlist.txt и го запазете в папката, където сте свалили FRST64.exe

Стартирайте FRST64.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Поздрави!

Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-04-2020
Ran by GAMEPC (23-04-2020 14:17:23) Run:2
Running from C:\Users\GAMEPC\Downloads
Loaded Profiles: GAMEPC (Available Profiles: GAMEPC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\...\ChromeHTML: ->  <==== ATTENTION
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:6699d3ee8dd9cf775caae782c8f44f03 [394]
AlternateDataStreams: C:\Users\GAMEPC\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474] 
FirewallRules: [{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe No File
FirewallRules: [{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe No File
FirewallRules: [TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe No File
FirewallRules: [TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe No File
FirewallRules: [TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe No File
FirewallRules: [TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe] => (Allow) D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe No File
FirewallRules: [TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe] => (Allow) D:\12323\icarus\appdata\bin64\launcher.exe No File
FirewallRules: [TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe] => (Allow) D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe No File
FirewallRules: [{279065A7-F5E9-4060-BA27-39476EE213D2}] => (Allow) C:\Users\GAMEPC\Downloads\bin\BlackDesert32.exe No File
FirewallRules: [{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}] => (Allow) C:\Users\GAMEPC\Downloads\bin64\BlackDesert64.exe No File
FirewallRules: [{10F99049-3DA4-4E89-A086-C023E8CD82B2}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Launcher.exe No File
FirewallRules: [{3FD78764-41FE-4680-9342-001EA21ECF27}] => (Allow) C:\Users\GAMEPC\Downloads\BlackDesert_Downloader.exe No File
FirewallRules: [{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe No File
FirewallRules: [TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe] => (Allow) D:\city\city car driving\bin\win32\starter.exe No File
FirewallRules: [TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe] => (Allow) D:\1.6\hl.exe No File
FirewallRules: [TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe] => (Allow) D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe No File
FirewallRules: [TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe No File
FirewallRules: [{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{9B1767CE-81DE-4826-8906-9DEFCC351FAB}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe No File
FirewallRules: [{E2FEE995-77A6-4556-A200-30CB17D4ABA6}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}] => (Allow) D:\SteamLibrary\steamapps\common\raceroom racing experience\Game\RRRE.exe No File
FirewallRules: [TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe] => (Allow) C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe No File
FirewallRules: [TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe No File
FirewallRules: [UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe] => (Allow) C:\users\gamepc\downloads\fivem.exe No File
FirewallRules: [TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe No File
FirewallRules: [TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe No File
FirewallRules: [TCP Query User{6E11EE90-C1C9-4639-8EEF-B7E2948337D3}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File
FirewallRules: [UDP Query User{069999EA-D06B-4125-8C5E-A8ECA7E8AFAC}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe No File 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Startup: C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK [2019-05-20]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C} - System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => C:\Windows\system32\pcalua.exe -a "c:\program files (x86)\hi-rez studios\HiRezGamesDiagAndSupport.exe" -c uninstall=0
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18534552 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
C:\Windows\System32\mracsvc.exe
S3 FACEITService; C:/Program Files/FACEIT AC/FACEITService.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe" [X] 
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [17770920 2019-08-24] (Mail.Ru LLC -> LLC Mail.Ru)
C:\Windows\System32\drivers\mracdrv.sys
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2020-03-20 21:19 - 2017-09-18 19:14 - 000000000 ____D C:\ProgramData\McAfee
cmd: del %temp%\*.* /f /s /q
cmd: rd /s /q %temp%
Hosts:
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2297230751-1021565052-1431566534-1000_Classes\ChromeHTML => removed successfully
C:\Users\GAMEPC\AppData\Roaming => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully
C:\Users\GAMEPC\AppData\Roaming => ":6699d3ee8dd9cf775caae782c8f44f03" ADS removed successfully
C:\Users\GAMEPC\AppData\Roaming => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EE7FB5D-9E25-4DA9-ACB5-D608ECDBB452}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{84ACAD4A-CAC3-405E-BED8-CCE7B6F558B9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5C9FEA0E-0037-4228-8A5E-308AD75AC1DF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD05E114-41E1-4EC3-B5A2-BBA593EE39E2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0E86F5BD-F2B3-4EF9-8B0C-48823DA809CB}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0C5E839A-52EC-40D4-969E-24F12ED8D2D0}D:\steamlibrary\steamapps\common\warface\gamecenter\gamecenter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8796E73D-79C0-4D0B-AF34-FB3AF9BCC9BA}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EFB29360-AB3A-4A44-9CB4-EF91CEBDB39C}D:\steamlibrary\steamapps\common\warface\warface\bin32release\game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{270B0322-3799-457B-960A-455318931953}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A13AA196-1978-4C67-902B-2460B54A5BBF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DA0687C4-1D0D-4E01-B34C-68E8FF09FF9F}C:\program files (x86)\origin games\apex\r5apex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0C271F5D-81B6-4DA7-A0B8-50362178C932}C:\program files (x86)\origin games\apex\r5apex.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EFBA878-9A61-49AC-9416-CAFD7167CF8E}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C837A044-1793-46A0-A9B2-FFC280606631}D:\steamlibrary\steamapps\common\smite\binaries\win64\smite.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C87ADBA-41D8-49FB-A494-F0A177B7F2E5}D:\12323\icarus\appdata\bin64\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D3766998-33A3-4AAC-836F-4BC92BA34D50}D:\12323\icarus\appdata\bin64\launcher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5540B6FC-35DB-4545-AF53-B4FE05B85DD6}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED42665E-2CA2-4092-A15B-69F686B8F831}D:\steamlibrary\steamapps\common\bless online\binaries\win64\bless.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{279065A7-F5E9-4060-BA27-39476EE213D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B218AD4A-5B74-40DE-AB02-A3681FCE9C1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10F99049-3DA4-4E89-A086-C023E8CD82B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FD78764-41FE-4680-9342-001EA21ECF27}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD2DAD40-C60E-41F0-ABBF-63FED12CD684}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BAD4B07-A517-4574-ABA6-922FE4DA36F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{757DFE1C-9664-41C4-B600-E39F75F3E007}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{00AC97A7-683C-4F74-9AF6-EBFD84CB000D}D:\fortnait\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{391AE70C-4E68-4DE8-A05A-D56058FAEBFA}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{61C858A3-948F-407A-A7BF-2712693C1649}D:\fortnait\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CBB94106-0926-4293-AA94-864143E7ACDC}D:\city\city car driving\bin\win32\starter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1602653C-F8D6-481F-B4DE-483B83E4A081}D:\city\city car driving\bin\win32\starter.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4194E6A1-B90A-4C01-AAC1-A150648BD511}D:\1.6\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{39B944DB-8264-4416-BBBA-052EEC50F7FC}D:\1.6\hl.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{857D0C4A-0661-4E7D-B23A-735FF8ADABA1}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29AE9F40-6F4A-4698-8241-A75FE2382548}D:\steamlibrary\steamapps\common\warface\warface\bin64release\game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{92B59CE8-E0C7-43A9-9D55-2AEDA2AA9FA5}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8AEEF23D-67B8-4B6C-9DA0-D61F44EFC129}D:\steamlibrary\steamapps\common\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C2C2027-2BB8-4A51-9A9C-ED9A4BBCB358}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B1767CE-81DE-4826-8906-9DEFCC351FAB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E2FEE995-77A6-4556-A200-30CB17D4ABA6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFB2A3C2-EA05-4944-B38A-7A85B48E8A1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5A72CD9B-BF9D-4B23-A72B-26D40F24F859}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8312C3A6-76BE-4C56-A5A6-DE950D9F08F1}D:\pubg\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0E05C3B9-C433-4C3A-8C01-FF69520BF241}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{76E5872D-7EB0-40F2-9AD9-61CD16A593A8}C:\users\gamepc\appdata\local\layerth-ethereal-dota2\app-2.5.9\ethereal - dota 2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{20420812-2158-4116-BD8E-FE273007CA43}C:\users\gamepc\downloads\fivem.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1C53FDAE-2CE7-44AD-8F95-828A28E4D6B1}C:\users\gamepc\downloads\fivem.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0DE874C5-C399-4C71-A2FB-7D012892D73B}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{201BA7D9-6E59-4592-89FE-45240B104987}C:\users\gamepc\downloads\cache\subprocess\fivem_gtaprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{42114D4D-52E5-4B29-A4B1-5EA3A87CE648}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ADC3D6A5-74A9-43BE-9C8E-0EA092058F7B}D:\warzone\wasda\call of duty modern warfare\modernwarfare.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6E11EE90-C1C9-4639-8EEF-B7E2948337D3}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{069999EA-D06B-4125-8C5E-A8ECA7E8AFAC}D:\litee\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe" => removed successfully
C:\Users\GAMEPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5 - Tribes of the East.LNK => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DAD135E-7AD5-4D57-B3E2-9E7F6AD9E01C}" => removed successfully
C:\Windows\System32\Tasks\{76A40252-E785-4407-9A98-34E12F6F05C9} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76A40252-E785-4407-9A98-34E12F6F05C9}" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1D60D55-A6B8-401B-BC05-2938E02DF2F2} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1D60D55-A6B8-401B-BC05-2938E02DF2F2} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows Defender\MpIdleTask => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MpIdleTask => removed successfully
HKLM\System\CurrentControlSet\Services\mracsvc => removed successfully
mracsvc => service removed successfully
C:\Windows\System32\mracsvc.exe => moved successfully
HKLM\System\CurrentControlSet\Services\FACEITService => removed successfully
FACEITService => service removed successfully
HKLM\System\CurrentControlSet\Services\WsDrvInst => removed successfully
WsDrvInst => service removed successfully
HKLM\System\CurrentControlSet\Services\mracdrv => removed successfully
mracdrv => service removed successfully
C:\Windows\System32\drivers\mracdrv.sys => moved successfully
HKLM\System\CurrentControlSet\Services\CLMirrorDriver => removed successfully
CLMirrorDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => removed successfully
IntcAzAudAddService => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvhci => removed successfully
nvvhci => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => removed successfully
xhunter1 => service removed successfully
C:\ProgramData\McAfee => moved successfully

========= del %temp%\*.* /f /s /q =========

Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\dd_vcredist_amd64_20200421211943.log
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\dd_vcredist_amd64_20200421212003.log
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\dd_vcredist_x86_20200421212002.log
C:\Users\GAMEPC\AppData\Local\Temp\FXSAPIDebugLogFile.txt
Џа®жҐбкв ­Ґ ¬®¦Ґ ¤  ­ Їа ўЁ ®Ўак饭ЁҐ Єк¬ д ©« , § й®в® в®© ᥠЁ§Ї®«§ў  ®в ¤агЈ Їа®жҐб.
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20200421_211937328-MSI_vc_red.msi.txt
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20200421_211937328.html
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\qtsingleapp-qBitto-4c1d-1-lockfile
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\qtsingleapp-Viber-0-1-lockfile
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\t006c645.tmp
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Discord Crashes\CrashpadMetrics-active.pma
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Discord Crashes\CrashpadMetrics.pma
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Discord Crashes\metadata
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Discord Crashes\operation_log.txt
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Discord Crashes\settings.dat
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\fontconfig\cache\51a41635833e477260f0b65b328c0292-le64.cache-4
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\fontconfig\cache\73685ccbef7b7603cc557fb04e5dda50-le64.cache-4
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\fontconfig\cache\CACHEDIR.TAG
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\fontconfig\cache\d031bbba323fd9e5b47e0ee5a0353f11-le64.cache-4
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\svg\00001704.svg
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\svg\00001709.svg
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\svg\00001722.svg
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\svg\00003405.svg
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\zip\00001704.zip
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\zip\00001709.zip
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\zip\00001722.zip
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\SlashKeyStickers\zip\00003405.zip
Deleted file - C:\Users\GAMEPC\AppData\Local\Temp\Viber Crashes\.id

========= End of CMD: =========


========= rd /s /q %temp% =========

C:\Users\GAMEPC\AppData\Local\Temp\FXSAPIDebugLogFile.txt - Џа®жҐбкв ­Ґ ¬®¦Ґ ¤  ­ Їа ўЁ ®Ўак饭ЁҐ Єк¬ д ©« , § й®в® в®© ᥠЁ§Ї®«§ў  ®в ¤агЈ Їа®жҐб.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2297230751-1021565052-1431566534-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4327562 B
Java, Flash, Steam htmlcache => 16585722 B
Windows/system/drivers => 2339774 B
Edge => 0 B
Chrome => 388242123 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 1211 B
LocalService => 1211 B
NetworkService => 1211 B
GAMEPC => 2718038 B

RecycleBin => 0 B
EmptyTemp: => 403 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:18:33 ====


Сега е по добре поздрави още веднъж за работата Бобо!!! Както винаги на ниво :)
А иначе до системата ми аз не съм го преинсталирал от година и половина сигурно и най вероятно лин-а е толкова занемарен че от там да идват лагове и забивания така че след тая глупост с карантината ще отида да му направя една преинсталация мисля че има нужда :)


Линк към този отговор
Сподели в други сайтове
  • 2 седмици по-късно...

Ами за мен нещата са ок. Все пак е желателно:

1. Да сканирате с Malwarebyes Anti-Malware просто профилактично и после ако решите да я деинсталирате.

2. Да инсталирате антивирусна програма, защото Windows Defender под Windows 7 е само анти-шпионска такава, а MSE не знам дали се предлага още след прекратяването на поддръжката на Windows 7. Препоръчвам например avast с Hardened mode на Aggressive или Kaspersky Security Cloud Free. Има и други разбира се - Avira, 360 TS, Bitdefender Free и т.н.

3. Да проверите за актуализации на наличния софтуер например със SUMo или PatchMyPC и да го обновите при възможност.

За да премахнем Farbar Recovery Scan Tool направете следното:

Преименувайте изпълнимия файл FRST64.exe на Uninstall.exe.

image.png.9cf9e0ab76b122782aff3552f54c5829.png     =>     image.png.44f957ce25ef61c76206655a46425152.png

Кликнете с десен бутон на мишката върху Uninstall.exe и изберете Run as administrator. Ще бъдете уведомени, че трябва да рестартирате системата, за да изтриете инструмента.

image.png.abcc20b28654d54fae08e7451bb5dc3b.png

След рестарта инструмента и прилежащите към него файлове ще бъдат изтрити.

 

Време е да почистим старите и може би повредени точки за възстановяване: 

 

Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_2.8.exe и изберете Run as administrator
  • Когато инструментът се отвори сложете всички отметки и натиснете бутона Run.

111.PNG

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори лог файла, копирайте съдържанието му в следващия си отговор.

 

Поздрави :bye1:

Линк към този отговор
Сподели в други сайтове

# Run at 4.5.2020 'г.' 02:31:46 'ч.'
# KpRm (Kernel-panik) version 2.8
# Website https://kernel-panik.me/tool/kprm/
# Run by GAMEPC from C:\Users\GAMEPC\Downloads
# Computer Name: GAMEPC-PC
# OS: Windows 7 X64 (7601) Service Pack 1
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point

- Create Registry Backup -

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\GAMEPC\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2020-05-04-02-31-46

- Delete Tools -

      No tools found

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named Installed DirectX created at 04/21/2020 18:18:17 deleted
   ~ [OK] RP named Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 created at 04/21/2020 18:19:44 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 04/23/2020 11:17:25 deleted
   ~ [OK] RP named Installed DirectX created at 04/29/2020 12:01:51 deleted
   ~ [OK] RP named Microsoft Visual C++ 2005 Redistributable е инсталиран created at 04/29/2020 12:03:03 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ RP named KpRm created at 05/03/2020 23:32:06

-- KPRM finished in 42.13s --



Междо другото преди малко някак си пц-то започна да работи по бавно смисал пускам нещо като дискорд... или някаква друга програма която преди примерно натоварваше пц-то проценти 3-5% сега е двойно ако някоя друга програма която отворя натоварва 5% сега натоварва 10% не знам защо стана така нищо не съм свалял.. май този линдолс вече е за смяна дано да е от него..

Линк към този отговор
Сподели в други сайтове

Ами значи започнете със стандартните неща:

1. Почистете системния дял с Disk Cleanup => в търсачката на Windows изберете CMD.exe => десен клик и Run as administrator => въведете командата cleanmgr.exe /sageset => Enter => сложете всички отметки => потвърдете с OK и след това пак от CMD.exe въведете само cleanmgr.exe => Enter => потвърдете дял C:\ => изчакайте да завърши проверката => сложете всички отметки => OK => натиснете Delete files

2. Проверете дяла за грешки => пак от CMD.exe => въведете командата =>

chkdsk C: /x /f /r

Натиснете Enter. Потвърдете че трябва да рестартирате с клавиша Y и пак Enter и след това рестартирайте и изчакайте проверката да завърши. Може да отнеме до час и повече (или по-малко). След това отворете Event Viewer и публикувайте лог файла. Ето инструкции:

https://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html

3. Дефрагментирайте дял C:\ (ако не сте с SSD диск). Десен бутон на дял C:\ => Properties => Tools => Defragment Now => посочете системния дял и изберете Defregment disk и изчакайте да приключи.

4. Деинсталирайте програмите които не използвате от Control Panel-a.

5. Разкарайте ненужните обекти, които стартират заедно с Операционната Система. Можете да публикувате един лог от Autoruns:

Изтеглете Autoruns и:

Стартирайте програмата

Изберете Options => Scan Options => сложете отметки пред Verify Code Signature и Check VirusTotal.com и Submit Unknown Images и премахнете първата отметка и изберете Rescan.

Ако Rescan е неактивен от менюто File => изберете Refresh и изчакайте проверката да приключи.

От менюто File => изберете Save => запазете файла някъде с желано от вас име (във формат arn), архивирайте го с програма по желание и го прикачете към темата.

На първо време затова се сещам. Но може да е проблемен хардуер, омазан Windows и т.н. Самия хардуер и той е старичък и може с времето при актуализиране на даден софтуер, игра и дори кръпка за Windows да са почнали да искат повече ресурси и оттам да са почнали и проблемите със забавянето.

Линк към този отговор
Сподели в други сайтове
преди 4 часа, B-boy/StyLe/ написа:
chkdsk C: /x /f /r

 Това нещо не ми се получи смисал аз съм го правил и друг път тази проверка за грешки чрез цмд-то но сега нещо не  стана пише ми
acces denied as you do not have sufficient privileges you have to invoke this utility running in elevated mode 

Честно казано в контрол панела не знам само и единствено защо имам по 15 пъти някакви неща ето снимки не знам кое да трия :Д 
https://prnt.sc/sap6bs

тук съм качил рар-а от ауторъна 
https://dox.abv.bg/download?id=1d0e9e0879


 

Линк към този отговор
Сподели в други сайтове

Ами защото не сте стартирали CMD.exe с десен бутон и Run as administrator както съм написал за стъпка 1. За стъпка 2 не съм го повторил, защото вече се подразбира, че сте стартирали CMD.exe и не се налага пак да се казва. :)

Колкото до Control Panel-a - както виждате, това не са дублирани записи, а такива от различни версии на инсталираните програми.

 

 

Линк към този отговор
Сподели в други сайтове

Пак не стана след като се рестартира пц-то ми изписа следното нещо 

Cannot opem volume for direct access cannot run due to an error cause ... 
 Направих снимка но честно казано не е много добра ако не става ще опитам пак да направя нова снимка 
https://prnt.sc/sardst

Линк към този отговор
Сподели в други сайтове

Това хич не е добре. Рестартирайте системата и натиснете F8 многократно докато се появи следното меню:

sro5.jpg

Ако имате следната опция Repair your computer я изберете.

Следвайте инструкциите докато не се появи следния екран:

command-line.jpg

От него изберете Command Prompt и извършете проверката оттам. Ако нямате менюто Repair your computer ще се наложи да използвате инсталационен диск на Windows 7 за да се доберете до това меню.

Линк към този отговор
Сподели в други сайтове

Така успях да направя проверката поне така мисля! :Д но проверката като цяло свърши за 10 секудни а не за 1 час и като цяло качвам снимка защото почти всичко се побира в 1 снимка :Д 
https://prnt.sc/sau1uf

А какво точно се случва с пц-то ми защото леко ме стресна :Д с по горните изречения ?

Линк към този отговор
Сподели в други сайтове

Защото най-вероятно се е сменила буквата и вече C:\ под Recovery средата не е C:\ и сте сканирали Recovery дяла. Затова е отнела толкова кратко време.

Докато сте в Repair менюто от Command Prompt изберете dir c:\ и направете нова снимка. Направете и проверка с dir D:\ и пак направете снимка.

А иначе какво се случва ще се разбере след командата. Невъзможността да се изпълни проверката под нормален режим показва или яко омазан Windows, или повредени системни файлове (ще пуснем и SFC проверка после), софтуер, който възпрепятства проверката (но това го изключвам като вариант, защото проверката на системния дял се извърша преди да е заредил Windows) или умираю твърд диск. Добре ще е да видим после и S.M.A.R.T. статуса на диска после за всеки случай. Няма да се учудя ако и това е причината на забавянето на системата ви (ако има лоши или бавни сектори).

Линк към този отговор
Сподели в други сайтове

ПРи мене нещата са ето така  на първата снимка започва с Х: не знам дали трябва да е така и не знам как да го сменя :Д а на  2рата снимка е дял Е: не знам как да сменя директорията не разбрах почти нищо за което се извинявам как трябва да е цялата команда за всичко 
https://prnt.sc/savgx8

https://prnt.sc/savhqt

 

Линк към този отговор
Сподели в други сайтове

Исках да изпълните командите DIR C:\ и DIR D:\ и да снимате резултатите, но това вече не е нужно. От втората снимка се вижда, че буквата на Windows под Recovery средата е E:\.

Иначе X:\ е буквата на самата mount-ната Recovery среда.

Затова изпълнете командата CHKDSK E: /F /R

Натиснете Enter и снимайте резултата като се изпълни.

Линк към този отговор
Сподели в други сайтове

Тъкмо си помислих че този път ще стане и... пак нищо а само да питам командата не трябва ли да е chkdsk C: /f /r
Смисал нали все пак сканираме ц или аз нещо се бъркам ;д

https://prnt.sc/saxeum

Линк към този отговор
Сподели в други сайтове

Не сканираме C:\ защото под Recovery средата C:\ е E:\, кое не е ясно?

А иначе защо не е стартирала проверката нямам идея след като се е изпълнила коректно.

Пробвайте с тази:

chkdsk E: /x /f /r

Линк към този отговор
Сподели в други сайтове

Извинявам се че давам акъл просто се изнвервих със тоя комп..
А иначе пак не стана.. 
https://prnt.sc/say6eh

Линк към този отговор
Сподели в други сайтове

Но защо затваряте всеки път Command Prompt?

След като  е изписало, че Volume is dismounted, и ви е върнало в E:\Windows\System32

защо не въведете отново chkdsk E: /f /r

В снимките виждам, че не въвеждате командите коректно. Синтаксиса е chkdsk табулация E: табулация /f табулация и /r

Линк към този отговор
Сподели в други сайтове

Най после мисля че стана не съм сменял нищо просто въведох последната команда и всичко тръгна 

https://prnt.sc/sazd6k

Линк към този отговор
Сподели в други сайтове

Значи досега не сте я въвеждали правилно. Както и да е. Поне не се виждат проблеми с диска, което е добре. А защо се наложи да използваме Recovery за да стартираме CHKDSK не съм сигурен. Може би, някои от анти-чийт програмите са попречили на изпълнението на инструмента.

От този пост изпълнихте ли Disk Cleanup и направихте ли дефрагментация на системния дял?

https://www.kaldata.com/forums/topic/294633-taskengexe-дали-това-е-вирус/?do=findComment&comment=4555161

Колкото до това, кои програми да премахнете и кои да обновите, това са моите препоръки:

Adobe AIR => деинсталирайте го

Adobe Shockwave Player 12.2 => деинсталирайте го

CpuCoreParking => подобни инструменти се използват главно в сървърите. Включването на Core Parking може да доведе до падане на производителността на процесора с 5% и по-високото му загряване. Може да пробвате временно да деинсталирате и него.

Виждам, че имате .Net Framework 4.7.2 => последната версия е 4.8 => https://download.visualstudio.microsoft.com/download/pr/7afca223-55d2-470a-8edc-6a1739ae3252/abd170b4b0ec15ad0222a809b761a036/ndp48-x86-x64-allos-enu.exe

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 => обновете до последната версия => Microsoft Visual C++ 2019 (14.26.28720.3) x86 => http://download.visualstudio.microsoft.com/download/pr/bb3a2acf-b47b-4a7b-9aaa-8ad356ccb62b/A06AAC66734A618AB33C1522920654DDFC44FC13CAFAA0F0AB85B199C3D51DC0/VC_Redist.x86.exe

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 => обновете до последната версия => Microsoft Visual C++ 2019 (14.26.28720.3) x64 => http://download.visualstudio.microsoft.com/download/pr/bb3a2acf-b47b-4a7b-9aaa-8ad356ccb62b/7D7105C52FCD6766BEEE1AE162AA81E278686122C1E44890712326634D0B055E/VC_Redist.x64.exe

Mozilla Firefox 67.0 => обновете до 76.0 => https://www.kaldata.com/софтуер/mozilla-firefox-2-51239.html

Mozilla Maintenance Service => деинсталирайте услугата

Видях, че имате и GOM Player и Pot Player. За какво са ви два? Махнете според мен GOM.

Riot Vanguard/VALORANT => чел съм, че създава доста проблеми, защото използва kernel-driver, но ако играете на игри, които го изискват си го оставете.

 

Отворете Autoruns с десен бутон и Run as administrator. Като завърши проверката премахнете отметките пред всички редове с жълт цвят и след това затворете инструмента.

 

Направете и следната проверка и публикувайте резултата. От CMD.exe стартиран като администратор въведете командата:

SFC /SCANNOW

Натиснете Enter. Изчакайте да се изпълни на 100% и след това въведете командата:

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Прикачате съдържанието на лог файла sfcdetails.txt

 

Пишете и има ли подобрение в поведението на системата.

Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от nikolaustirol
      Здравейте. Имам съмнение, че компютъра е заразен защото в мултитаскинг менюто виждам, че процесора е винаги натоварен поне на 46%, а паметта е заета над 65%. Случва ми се често страници да пишат, че липсва достатъчно памет и да искат обновяване. Компютърът е Фуджицо Сименс Еспримо с процесор Intel Core Duo E7600 3,06 GHz. Инсталирана памет 8 ГБ, но пише, че само 3 ГБ са използваеми. ОС е Уиндоус 7 Про, 32 бита. Имам оригинален диск.
      FRST.txt Addition.txt
    • от Усмихни_Се :)
      Компютъра днес стана страшно бавен , и отделно имам 7 папки, които не могат да се изтрият по никакъв начин ( пробвах през Safe Mode, и с програма за триене на папки )  Не се получава, стоят си папките на DSKTOPA..
      FRST.txt Addition.txt
    • от doktorkartar
      Здравейте, и честит Никулден на всички празнуващи!
       
      Преди няколко дни почистих с AdwCleaner и от тогава Mozilla се шашна.  Отварям си някой сайт (без значение кой), и си го преглеждам в продължение на няколко мин. Изведнъж спира да ми зарежда страницата все едно няма нет. Каквото и да се опитам да отворя в сайта е без успех. Тръгва да зарежда но все не успява. Даже и да презаредя страницата пак не се получава. Обаче ако реша да отворя същия сайт или друг в нов раздел, всичко си е нормално до следващото забиване.
      Пример с youtube:
      Пускам някой клип върви си нормално и по едно време клипа спира и се опитва да го зареди но без успех. Цъкам на някой друг клип и се опитва да зареди в адресната лента но не успява. Общо взето от този раздел не може да се отвори нищо повече. Цъкам със скрола на мишката върху друг клип, за да го отвори в нов раздел и всичко си се зарежда нормално до следващото забиване на новия раздел.
       
      С Хром страниците се отварят нормално и няма този проблем.
      Изтрих мозилата и я инсталирах на ново и пак същото.
      Пробвах с изключени добавки и отново без резултат.
       
      Пусках JRT и malwarebytes, така че ето и техния доклад.
      Разполагам с диск за ОС.
       
       
      JRT.txt mb1.txt Addition.txt FRST.txt
    • от Венцислав Бориславов
      Здравейте, току що си сложи флашката за да прегледам стара снимки и забелязах че има са заключени с .harma фаил и не помага нищо. 
      Пусках лаптопа в safe mode, свалях няколко тоолкита но нище помага, други решения има ли за проблема или утре да му бия преинстала, че и без това му е наближило. 😀
    • от grizly
      Здравейте, преди няколко дни пробвах едни дискове в какво състояние са и в един от тях ми се залепиха някакви вируси, касперски започва да ги дезинфектира и изтрива но мисля че не успя да се справи с тях напълно.
      Долу в систем трея иконата на касперски стои червена постоянно и пише защитата е застрашена,
      Открито MEM:Virus.Win32.Sality.Gen Обект: Системна памет, срещу него като чукна на бутон Изтрий не се случва абсолютно нищо и стои червен знак за внимание.
      Общо взето системата ми се държи добре и нормално но ме дразни много тази червена икона на касперски в систем трея долу.
      https://dox.abv.bg/download?id=8257cebfb2# - Линк за сваляне
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване