Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Cryptolocker


  • This topic is locked This topic is locked
2 replies to this topic

#1 denlillesplint

denlillesplint

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 04 May 2015 - 03:17 PM

Hello everyone,

 

A few days ago my computer was infected by a version of cryptolocker. It haven't been possible for me to find a solution to recover my data. Moreover I'm not sure my computer is fully cleansed even though I have run my anti-virus scan. I hope someone can help me or at least put some words of the situation of my computer. Thanks so much in advance!!!

 

I have the  FRST.log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015

Ran by emil (administrator) on ANDERSEN on 04-05-2015 15:35:21
Running from C:\Users\emil\Desktop
Loaded Profiles: emil (Available profiles: emil)
Platform: Windows 10 Pro Technical Preview (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10041.0_none_306c4659c768ceeb\TiWorker.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\sihost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
(Intel Corporation) C:\WINDOWS\System32\igfxTray.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\ApplicationFrameHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\WINDOWS\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Users\emil\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(PC Remote) C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\WINDOWS\System32\fontdrvhost.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Microsoft Corporation) C:\WINDOWS\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\searchui.exe
(Microsoft Corporation) C:\WINDOWS\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynLenovoGestureMgr] => "%ProgramFiles%\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870952 2015-03-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-04-29] ()
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7210160 2015-03-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7210160 2015-03-14] (Microsoft Corporation)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [OneDrive] => C:\Users\emil\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-31] (Microsoft Corporation)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-11] (PC Remote)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [Ifsoft] => C:\Users\emil\AppData\Local\Ifsoft\tmpEC0F.exe
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Run: [Ejmtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\emil\AppData\Local\Ifsoft\ggrnox.dll
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [31744 2015-03-14] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\FileSyncShell.dll [2015-03-26] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={6CBADD32-8B27-4594-A787-815A8637D55A}&mid=0e199421208347cd88edd9d747d63996-289260bb39762fbf077fc61543b7c6fcb622be21&lang=da&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-29 17:24:27&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-2272510467-948179748-2387830927-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={6CBADD32-8B27-4594-A787-815A8637D55A}&mid=0e199421208347cd88edd9d747d63996-289260bb39762fbf077fc61543b7c6fcb622be21&lang=da&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-04-29 17:24:27&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-04-29] (AVG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> https://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (YouTube) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (AVG Secure Search) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-05-01]
CHR Extension: (Adblock for Youtube™) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-02-14]
CHR Extension: (Google Search) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
CHR Extension: (Google Sheets) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (BetaFish Adblocker) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-14]
CHR Extension: (Hola Better Internet) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-14]
CHR Extension: (Bookmark Manager) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (StayFocusd) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-04-20]
CHR Extension: (Google Wallet) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-14]
CHR Extension: (Gmail) - C:\Users\emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AJRouter; C:\Windows\System32\AJRouter.dll [19968 2015-03-14] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [325120 2015-03-14] (Microsoft Corporation)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [531456 2015-03-14] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\system32\coremessaging.dll [708584 2015-03-14] (Microsoft Corporation)
R2 CoreUIRegistrar; C:\Windows\SysWOW64\coremessaging.dll [476160 2015-03-14] (Microsoft Corporation)
R3 DcpSvc; C:\Windows\system32\dcpsvc.dll [195584 2015-03-14] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [32256 2015-03-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1430016 2015-03-14] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-03-14] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [111616 2015-03-14] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\svchost.exe [35160 2015-03-14] (Microsoft Corporation)
R2 DoSvc; C:\Windows\SysWOW64\svchost.exe [29968 2015-03-14] (Microsoft Corporation)
S3 DsSvc; C:\Windows\System32\DsSvc.dll [128512 2015-03-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [84992 2015-03-14] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2015-02-14] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [23040 2015-03-14] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [18944 2015-03-14] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [155136 2015-03-14] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [135168 2015-03-14] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [223232 2015-03-14] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [424448 2015-03-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 OneSyncSvc; C:\Windows\System32\APHostService.dll [237568 2015-03-14] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [588288 2015-03-14] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [276480 2015-03-14] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3323904 2015-03-26] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\Windows\system32\RetailDemoService.dll [332800 2015-03-14] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [289280 2015-03-14] ()
S3 SensorService; C:\Windows\system32\SensorService.dll [139264 2015-03-14] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [579584 2015-03-14] (Microsoft Corporation)
S3 StateRepository; C:\Windows\system32\windows.staterepository.dll [3318272 2015-03-14] (Microsoft Corporation)
S3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2190336 2015-03-14] (Microsoft Corporation)
R3 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [351744 2015-03-14] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1021952 2015-03-14] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1112064 2015-03-14] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [591360 2015-03-14] (Microsoft Corporation)
R3 UsoSvc; C:\Windows\system32\usocore.dll [220672 2015-03-14] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [450560 2015-03-14] (Microsoft Corporation)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-04-29] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348576 2015-03-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [12416 2015-03-14] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [48640 2015-03-14] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-04-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [31744 2015-03-14] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [90624 2015-03-14] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [34576 2015-03-14] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_17a20466b7a2c2aa\CompositeBus.sys [39424 2015-03-14] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3432720 2015-03-14] (QLogic Corporation)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [30720 2015-03-14] (Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [77824 2015-03-14] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfnclass.sys [20992 2015-03-14] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [43792 2015-03-14] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [420624 2015-03-14] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [27136 2015-03-14] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-12] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [93968 2015-03-14] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [86288 2015-03-14] (LSI Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [57104 2015-03-14] (Avago Technologies)
R2 mirahid; C:\Windows\System32\drivers\mirahid.sys [35840 2015-03-14] (Microsoft Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [701200 2015-03-14] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [38400 2015-03-14] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [71952 2015-03-14] (Mellanox)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [66560 2015-03-14] ()
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc.sys [94720 2015-03-14] (Microsoft Corporation)
S3 NETVSCVFPP; C:\Windows\system32\DRIVERS\netvsc.sys [94720 2015-03-14] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3346912 2014-10-01] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [54032 2015-03-14] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [54544 2015-03-14] (Avago Technologies)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [929552 2015-03-14] (Microsoft Corporation)
R3 rt640x64; C:\Windows\system32\DRIVERS\rt640x64.sys [587776 2015-03-14] (Realtek                                            )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8225680 2012-06-29] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-03-25] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [67072 2015-03-14] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [36112 2015-03-14] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_29587da3d7e055a9\swenum.sys [13584 2015-03-14] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [43008 2015-03-14] ()
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [230400 2015-03-14] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [80896 2015-03-14] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [108032 2015-03-14] (Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [16896 2015-03-14] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [43520 2015-03-14] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [18432 2015-03-14] (Microsoft Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [28160 2015-03-14] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [677376 2015-03-14] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [112912 2015-03-14] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [22800 2015-03-14] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [55568 2015-03-14] (Mellanox)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: DiagTrack -> C:\Windows\system32\diagtrack.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RetailDemoService.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File.
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File.
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 15:36 - 2015-05-04 15:36 - 02744965 _____ () C:\Users\emil\Downloads\idtool.zip
2015-05-04 15:36 - 2014-10-23 11:14 - 04012982 _____ (NathanScott Apps) C:\Users\emil\Desktop\IDTool.exe
2015-05-04 15:35 - 2015-05-04 15:35 - 00034450 _____ () C:\Users\emil\Desktop\FRST.txt
2015-05-04 15:35 - 2015-05-04 15:35 - 00000000 ____D () C:\FRST
2015-05-04 15:34 - 2015-05-04 15:34 - 02101248 _____ (Farbar) C:\Users\emil\Desktop\FRST64.exe
2015-05-04 15:18 - 2015-05-04 15:26 - 00000000 ____D () C:\Users\emil\Desktop\Test
2015-05-04 15:18 - 2015-05-04 15:18 - 00000000 ____D () C:\Users\emil\Desktop\New folder
2015-05-04 15:17 - 2015-05-04 15:17 - 00462336 _____ (Dino Chiesa) C:\Users\emil\Desktop\Ionic.Zip.dll
2015-05-04 15:14 - 2015-05-04 15:14 - 10868379 _____ () C:\Users\emil\Downloads\Anti-CryptorBitV2.zip
2015-05-04 15:14 - 2014-03-13 21:03 - 11216896 _____ (Microsoft) C:\Users\emil\Desktop\Anti-CryptorBitV2.exe
2015-05-04 15:07 - 2015-01-28 22:57 - 01808384 _____ () C:\Users\emil\Desktop\CryptoTorLocker2015_Decrypter.exe
2015-05-04 15:06 - 2015-05-04 15:06 - 00652952 _____ () C:\Users\emil\Downloads\CT2015_Decrypter (1).zip
2015-05-04 15:01 - 2015-05-04 15:01 - 00652952 _____ () C:\Users\emil\Downloads\Ikke bekræftet 490747.crdownload
2015-05-04 14:46 - 2015-05-04 15:07 - 3782055936 _____ () C:\Users\emil\Downloads\Windows10_InsiderPreview_x64_EN-US_10074.iso
2015-05-01 22:27 - 2015-05-01 22:27 - 00000000 ___HD () C:\OneDriveTemp
2015-04-30 05:19 - 2015-04-30 05:19 - 11682304 _____ () C:\Users\emil\Desktop\test.xls
2015-04-30 04:59 - 2015-04-30 05:00 - 00000000 ____D () C:\Users\emil\Desktop\Back-up
2015-04-30 04:56 - 2015-04-30 04:56 - 00001965 _____ () C:\Users\emil\Desktop\ShadowExplorer.lnk
2015-04-30 04:56 - 2015-04-30 04:56 - 00000000 ____D () C:\Users\emil\AppData\Roaming\www.shadowexplorer.com
2015-04-30 04:56 - 2015-04-30 04:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-04-30 04:56 - 2015-04-30 04:56 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-04-30 04:39 - 2015-04-30 04:39 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-30 04:39 - 2015-04-30 04:39 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-30 04:39 - 2015-04-30 04:39 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-30 04:39 - 2015-04-30 04:39 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-30 04:33 - 2014-12-18 21:30 - 01166512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-30 04:33 - 2014-12-18 21:30 - 00124104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-30 04:33 - 2014-12-18 21:30 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-30 04:33 - 2014-12-18 21:26 - 00778928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-30 04:33 - 2014-12-18 21:26 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-30 04:33 - 2014-12-18 21:26 - 00035472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-30 04:32 - 2015-04-30 04:32 - 00969845 _____ (ShadowExplorer.com ) C:\Users\emil\Downloads\ShadowExplorer-0.9-setup (1).exe
2015-04-30 04:28 - 2015-04-30 04:28 - 00000000 __RHD () C:\AHCache
2015-04-30 04:27 - 2015-04-30 04:27 - 00969845 _____ (ShadowExplorer.com ) C:\Users\emil\Downloads\ShadowExplorer-0.9-setup.exe
2015-04-30 04:03 - 2015-04-30 04:03 - 00248714 _____ () C:\Users\emil\Downloads\OCF_20131025.zip
2015-04-30 03:48 - 2015-04-30 03:48 - 04446072 _____ () C:\Users\emil\Downloads\Decryptolocker (2).exe
2015-04-29 11:24 - 2015-05-01 13:55 - 00000000 ____D () C:\Users\emil\AppData\Local\AVG Web TuneUp
2015-04-29 11:24 - 2015-04-29 11:24 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-04-29 11:24 - 2015-04-29 11:24 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-04-29 11:24 - 2015-04-29 11:24 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-04-29 11:24 - 2015-04-29 11:24 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-04-29 11:19 - 2015-04-29 11:19 - 04446072 _____ () C:\Users\emil\Downloads\Decryptolocker (1).exe
2015-04-29 11:19 - 2015-04-29 11:19 - 00000000 ____D () C:\Users\emil\AppData\Roaming\AVG2015
2015-04-29 11:18 - 2015-04-29 11:18 - 00001051 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-04-29 11:18 - 2015-04-29 11:18 - 00000000 ____D () C:\Users\emil\AppData\Roaming\TuneUp Software
2015-04-29 11:18 - 2015-04-29 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-04-29 11:17 - 2015-04-30 04:51 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-29 11:17 - 2015-04-29 11:17 - 00000000 ___HD () C:\$AVG
2015-04-29 11:17 - 2015-04-29 11:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-29 11:16 - 2015-04-29 11:16 - 04446072 _____ () C:\Users\emil\Downloads\Decryptolocker.exe
2015-04-29 11:13 - 2015-04-29 11:13 - 04818760 _____ (AVG Technologies) C:\Users\emil\Downloads\avg_free_stb_all_5863p1_177 (1).exe
2015-04-29 11:03 - 2015-05-04 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-29 11:03 - 2015-04-29 11:24 - 00000000 ____D () C:\Users\emil\AppData\Local\Avg2015
2015-04-29 11:03 - 2015-04-29 11:03 - 00000000 ____D () C:\Users\emil\AppData\Local\MFAData
2015-04-29 11:02 - 2015-04-29 11:02 - 04818760 _____ (AVG Technologies) C:\Users\emil\Downloads\avg_free_stb_all_5863p1_177.exe
2015-04-29 10:51 - 2015-04-29 10:51 - 00000000 ____D () C:\Users\emil\AppData\Roaming\ICAClient
2015-04-29 10:29 - 2015-04-29 10:29 - 00001227 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-29 10:19 - 2015-04-29 10:19 - 00270336 _____ () C:\Users\emil\AppData\Roaming\Saving.Private.Ryan.1998.1080p.BrRip.x264.YIFY.mp4
2015-04-29 10:19 - 2015-04-29 10:19 - 00000315 _____ () C:\Users\emil\AppData\Roaming\g2tqhjhewq211sg
2015-04-29 09:18 - 2015-04-29 09:19 - 24035136 _____ (StataCorp LP) C:\Users\emil\Downloads\StataMP.exe%20-%20Genvej
2015-04-29 06:15 - 2015-04-29 06:23 - 53487265 _____ () C:\Users\emil\Downloads\stata.zip.9knw2mb.partial
2015-04-29 05:52 - 2015-04-29 05:52 - 00002399 _____ () C:\Users\emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrayItem.{30DA0BDD-178E-A7A0-0C32-D9347E4B983E}.lnk
2015-04-29 05:40 - 2015-04-29 05:40 - 00834830 _____ () C:\Users\emil\enc_files.txt
2015-04-29 05:39 - 2015-04-29 05:38 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-04-29 05:37 - 2015-04-29 11:19 - 00000000 ____D () C:\Users\emil\AppData\Roaming\WinNew
2015-04-29 05:36 - 2015-05-02 13:51 - 00005114 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ANDERSEN-emil Andersen
2015-04-29 05:35 - 2015-04-29 05:35 - 00000000 ____D () C:\Users\emil\Tracing
2015-04-25 16:44 - 2015-04-29 06:00 - 00016863 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1098026.zip
2015-04-25 16:09 - 2015-04-25 16:43 - 00000000 ____D () C:\Users\emil\Downloads\Game of Thrones S05E04 WEBRip XviD-FUM[ettv]
2015-04-25 13:08 - 2015-04-29 06:00 - 00021561 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1097676.zip
2015-04-25 01:17 - 2015-04-30 12:06 - 00000000 ___HD () C:\$Windows.~BT
2015-04-24 16:34 - 2015-04-24 16:34 - 00612864 _____ () C:\Users\emil\Downloads\FIrePassComponentInstaller (1).msi
2015-04-24 16:33 - 2015-04-24 16:33 - 00612864 _____ () C:\Users\emil\Downloads\FIrePassComponentInstaller.msi
2015-04-24 16:04 - 2015-04-24 16:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 16:03 - 2015-04-24 16:03 - 23635896 _____ (Citrix Systems, Inc.) C:\Users\emil\Downloads\CitrixReceiver (2).exe
2015-04-24 16:02 - 2015-04-24 16:02 - 00561576 _____ (Oracle Corporation) C:\Users\emil\Downloads\chromeinstall-8u45.exe
2015-04-24 15:56 - 2015-04-29 10:35 - 00024836 _____ () C:\Users\emil\Desktop\config.xml
2015-04-24 15:56 - 2014-08-22 09:59 - 00589400 _____ (Citrix Systems, Inc.) C:\Users\emil\Desktop\ReceiverCleanupUtility.exe
2015-04-24 15:50 - 2015-04-29 06:00 - 00251915 _____ () C:\Users\emil\Downloads\ReceiverCleanupUtility.zip
2015-04-24 14:49 - 2015-04-24 14:51 - 111145672 _____ (Oracle Corporation) C:\Users\emil\Downloads\VirtualBox-4.3.26-98988-Win.exe
2015-04-24 14:47 - 2015-04-24 15:26 - 3319478272 _____ () C:\Users\emil\Downloads\X17-24209-1.iso
2015-04-24 14:42 - 2015-04-24 14:42 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\emil\Downloads\readerdc_dk_ha_install.exe
2015-04-24 14:40 - 2015-04-24 14:39 - 00019781 _____ () C:\Users\emil\Desktop\OLS_24APR15.pdf.smcl
2015-04-24 14:39 - 2015-04-24 14:39 - 00019781 _____ () C:\Users\emil\Desktop\OLS_24APR15.smcl
2015-04-24 13:28 - 2015-04-24 13:28 - 59554128 _____ (Citrix Systems, Inc.) C:\Users\emil\Downloads\CitrixReceiver (1).exe
2015-04-23 06:27 - 2015-04-29 05:40 - 43071512 _____ () C:\Users\emil\Desktop\Bela_birthday song 2015.mp4
2015-04-23 03:29 - 2015-04-23 03:29 - 01621568 _____ (NCH Software) C:\Users\emil\Downloads\debutsetup.exe
2015-04-23 03:29 - 2015-04-23 03:29 - 00001320 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2015-04-23 03:29 - 2015-04-23 03:29 - 00001194 _____ () C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2015-04-20 16:38 - 2015-04-29 15:29 - 00000000 ____D () C:\Users\emil\Desktop\Virksomhed_M_M_E
2015-04-20 07:31 - 2015-04-29 06:00 - 00019836 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1101413.zip
2015-04-20 07:29 - 2015-04-29 06:00 - 00020571 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1097380.zip
2015-04-20 07:26 - 2015-04-29 06:00 - 00020530 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1101336.zip
2015-04-19 05:51 - 2015-04-19 05:51 - 00638976 _____ () C:\Users\emil\Downloads\Detection (2).msi
2015-04-19 05:47 - 2015-04-19 05:47 - 43159464 _____ (Oracle Corporation) C:\Users\emil\Downloads\jre-8u45-windows-x64.exe
2015-04-19 05:45 - 2015-04-19 05:45 - 00638976 _____ () C:\Users\emil\Downloads\Detection (1).msi
2015-04-19 05:45 - 2015-04-19 05:45 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-19 05:24 - 2015-04-19 05:24 - 00638976 _____ () C:\Users\emil\Downloads\Detection.msi
2015-04-15 16:54 - 2015-04-29 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 07:06 - 2015-04-15 07:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-04-14 17:27 - 2015-04-14 17:31 - 01746880 _____ (Safe Download-wavtomp3_setup ) C:\Users\emil\Downloads\wavtomp3_setup.exe
2015-04-13 15:43 - 2015-04-29 06:00 - 00018497 _____ () C:\Users\emil\Downloads\game-of-thrones-fifth-season-2015_english-1097518.zip
2015-04-13 15:39 - 2015-04-13 15:39 - 28509232 _____ () C:\Users\emil\Downloads\vlc-2.2.0-win32.exe
2015-04-13 10:48 - 2015-04-13 10:48 - 00081867 _____ () C:\Users\emil\Downloads\[kickass.hid.im]game.of.thrones.s05e01.720p.hdtv.x264.immerse.rarbg.torrent
2015-04-13 10:46 - 2015-04-13 10:46 - 01746520 _____ (BitTorrent Inc.) C:\Users\emil\Downloads\BitTorrent.exe
2015-04-09 08:11 - 2015-04-09 08:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2015-04-08 15:43 - 2015-04-08 15:47 - 02442208 _____ (IO3O LLC ) C:\Users\emil\Downloads\mywifi.exe
2015-04-07 10:48 - 2015-04-07 10:49 - 23635896 _____ (Citrix Systems, Inc.) C:\Users\emil\Downloads\CitrixReceiver.exe
2015-04-07 06:39 - 2015-04-07 06:39 - 00293856 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys
2015-04-04 16:38 - 2015-04-29 05:40 - 00009563 _____ () C:\Users\emil\Desktop\Qubec_trip_Bel&Emi.xlsx
2015-04-04 15:17 - 2015-04-04 15:17 - 05051312 _____ (Phoenix Technologies Ltd.) C:\Users\emil\Downloads\65cn99ww (1).exe
2015-04-04 15:14 - 2015-04-04 15:14 - 16785024 _____ (Lenovo) C:\Users\emil\Downloads\cale15ww.exe
2015-04-04 15:12 - 2015-04-04 15:12 - 05265104 _____ (Lenovo Group ) C:\Users\emil\Downloads\cayz14ww.exe
2015-04-04 14:45 - 2015-04-04 14:45 - 51161656 _____ (Lenovo Group Limited ) C:\Users\emil\Downloads\imei137w81.exe
2015-04-04 14:40 - 2015-04-04 14:40 - 47668768 _____ (Lenovo Group Limited ) C:\Users\emil\Downloads\em8.0.2.3.exe
2015-04-04 14:37 - 2015-04-04 14:38 - 05306810 _____ (Lenovo Group Limited ) C:\Users\emil\Downloads\cayz17ww.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-04 15:22 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-04 15:22 - 2015-02-14 07:17 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-04 15:20 - 2014-06-25 17:08 - 00000000 ____D () C:\Users\emil\Desktop\Billeder
2015-05-04 14:54 - 2015-02-14 07:03 - 00000000 ____D () C:\ProgramData\USOShared
2015-05-04 14:38 - 2015-03-26 13:43 - 00283481 _____ () C:\WINDOWS\WindowsUpdate_AU_deprecated.log
2015-05-04 14:25 - 2015-02-14 07:03 - 00016148 _____ () C:\WINDOWS\system32\ANDERSEN_emil_HistoryPrediction.bin
2015-05-02 14:01 - 2015-01-20 08:09 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-02 13:59 - 2015-03-26 22:12 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-01 22:28 - 2015-02-14 15:29 - 00000000 ____D () C:\Users\emil\AppData\Roaming\Skype
2015-05-01 22:27 - 2014-10-01 22:24 - 00000000 __RDO () C:\Users\emil\OneDrive
2015-05-01 22:26 - 2015-02-14 07:17 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-01 15:48 - 2015-03-26 13:23 - 00000000 ____D () C:\Users\emil
2015-05-01 15:48 - 2015-03-17 12:14 - 00000191 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-30 18:43 - 2015-03-14 05:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-30 12:12 - 2015-03-26 13:13 - 00017410 _____ () C:\WINDOWS\PFRO.log
2015-04-30 12:11 - 2015-03-14 03:38 - 00131072 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-30 04:47 - 2015-01-20 07:35 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-30 04:14 - 2013-10-24 16:10 - 00000000 ____D () C:\Users\emil\Desktop\OmniCryptoFinder
2015-04-30 04:02 - 2015-03-28 06:04 - 00000000 ____D () C:\Users\emil\AppData\Local\Ifsoft
2015-04-29 15:18 - 2015-03-26 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-29 15:18 - 2015-03-26 13:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-29 15:18 - 2015-03-26 13:18 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-29 15:18 - 2015-03-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-29 15:18 - 2015-03-14 06:15 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-29 15:18 - 2015-03-14 05:51 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-04-29 15:18 - 2015-03-14 05:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-29 15:18 - 2015-03-14 05:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-29 15:18 - 2015-03-14 05:47 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ___SD () C:\WINDOWS\SysWOW64\Configuration
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ___SD () C:\WINDOWS\system32\Configuration
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ___RD () C:\WINDOWS\PrintDialog3D
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\Speech_OneCore
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\InputMethod
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\ime
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\WINDOWS\Help
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-29 15:18 - 2015-03-14 04:58 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-29 15:18 - 2015-03-04 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-29 15:18 - 2015-03-03 15:22 - 00000000 ____D () C:\Users\emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Remote
2015-04-29 15:18 - 2015-03-02 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-29 15:18 - 2015-02-24 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-29 15:18 - 2015-02-19 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-04-29 15:18 - 2015-02-15 17:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-29 15:18 - 2015-02-15 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-29 15:18 - 2015-02-14 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-29 15:18 - 2015-02-14 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-29 15:18 - 2015-02-14 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-29 15:18 - 2015-02-14 07:56 - 00000000 ____D () C:\Users\emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 15:18 - 2015-02-14 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-29 15:18 - 2015-02-14 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-29 11:21 - 2015-03-14 03:38 - 00032768 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-29 11:18 - 2015-03-14 04:58 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-29 11:00 - 2015-03-06 12:10 - 00000000 ___RD () C:\Users\emil\Documents\Emil & Bela
2015-04-29 10:51 - 2015-02-27 03:53 - 00000000 ____D () C:\ProgramData\Citrix
2015-04-29 10:50 - 2015-02-27 03:53 - 00000000 ____D () C:\Users\emil\AppData\Local\Citrix
2015-04-29 10:50 - 2015-02-27 03:53 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-04-29 09:21 - 2015-03-02 07:12 - 00000000 ____D () C:\Users\emil\AppData\Roaming\BitTorrent
2015-04-29 06:28 - 2013-09-07 18:08 - 00000000 ____D () C:\Users\emil\AppData\Local\Packages
2015-04-29 06:00 - 2015-03-20 04:27 - 09152512 _____ () C:\Users\emil\Downloads\PP+slides+uge+12%2b13++Bus+Mktg+Planning.ppt
2015-04-29 06:00 - 2015-02-15 18:57 - 00000261 _____ () C:\Users\emil\Downloads\Konsultation - (16-02-2015 1030).ics
2015-04-29 06:00 - 2015-02-15 10:02 - 00000527 _____ () C:\Users\emil\Downloads\calendar (3).ics
2015-04-29 06:00 - 2015-02-15 10:02 - 00000527 _____ () C:\Users\emil\Downloads\calendar (2).ics
2015-04-29 06:00 - 2015-02-15 10:00 - 00000527 _____ () C:\Users\emil\Downloads\calendar (1).ics
2015-04-29 06:00 - 2014-08-10 14:52 - 00037820 _____ () C:\Users\emil\Downloads\ledelsesændringer 2011_2013_ttest_gnmst (2).xlsx
2015-04-29 06:00 - 2014-08-10 14:51 - 00037820 _____ () C:\Users\emil\Downloads\ledelsesændringer 2011_2013_ttest_gnmst (1).xlsx
2015-04-29 06:00 - 2014-08-07 20:38 - 00062464 _____ () C:\Users\emil\Downloads\hlm.ppt
2015-04-29 06:00 - 2014-08-07 18:49 - 00037820 _____ () C:\Users\emil\Downloads\ledelsesændringer 2011_2013_ttest_gnmst.xlsx
2015-04-29 06:00 - 2014-07-17 13:49 - 00000458 _____ () C:\Users\emil\Downloads\donorportalen.regionh.dk (1).ics
2015-04-29 06:00 - 2014-07-16 15:02 - 00013040 _____ () C:\Users\emil\Downloads\analyse af expectation.xlsx
2015-04-29 06:00 - 2014-07-16 13:05 - 00041846 _____ () C:\Users\emil\Downloads\pædagogisk ledelse_indl_analyse.xlsx
2015-04-29 06:00 - 2014-06-26 13:21 - 00013276 _____ () C:\Users\emil\Downloads\Bunkerregnskab_Jambition (1).xlsx
2015-04-29 06:00 - 2014-06-26 13:17 - 00013306 _____ () C:\Users\emil\Downloads\Bunkerregnskab_Jambition.xlsx
2015-04-29 06:00 - 2014-06-20 05:24 - 00127203 _____ () C:\Users\emil\Downloads\Kopi af KOPI OLP+SLP scoreark.xlsx
2015-04-29 06:00 - 2014-06-10 07:07 - 00073893 _____ () C:\Users\emil\Downloads\Budget_skema.xlsx
2015-04-29 06:00 - 2014-05-31 13:18 - 00000469 _____ () C:\Users\emil\Downloads\donorportalen.regionh.dk.ics
2015-04-29 06:00 - 2014-05-29 17:19 - 00000537 _____ () C:\Users\emil\Downloads\calendar.ics
2015-04-29 06:00 - 2014-04-06 16:28 - 00006263 _____ () C:\Users\emil\Downloads\Referat møde den 8. oktober 2013 (1).odt
2015-04-29 06:00 - 2014-03-18 04:51 - 04416699 _____ () C:\Users\emil\Downloads\The Office of 16 Personalities (1).pptx
2015-04-29 06:00 - 2014-03-16 14:00 - 01268736 _____ () C:\Users\emil\Downloads\pp, personlighed.ppt
2015-04-29 06:00 - 2014-03-15 11:40 - 04416699 _____ () C:\Users\emil\Downloads\The Office of 16 Personalities.pptx
2015-04-29 06:00 - 2014-02-25 08:18 - 00162513 _____ () C:\Users\emil\Downloads\Projeckt_Den Gyldne Banan (2).pptx
2015-04-29 06:00 - 2014-02-25 07:41 - 00162513 _____ () C:\Users\emil\Downloads\Projeckt_Den Gyldne Banan (1).pptx
2015-04-29 06:00 - 2014-02-25 07:11 - 00130305 _____ () C:\Users\emil\Downloads\Projeckt_Den Gyldne Banan.pptx
2015-04-29 06:00 - 2014-02-25 05:13 - 00121727 _____ () C:\Users\emil\Downloads\Berivans slides.pptx
2015-04-29 06:00 - 2014-02-25 05:13 - 00060027 _____ () C:\Users\emil\Downloads\Kristine sin Den Gyldne Banan.pptx
2015-04-29 06:00 - 2014-02-25 05:13 - 00047421 _____ () C:\Users\emil\Downloads\JO løsning ide_Den Gyldne Banan.pptx
2015-04-29 06:00 - 2014-01-24 14:09 - 01766240 _____ () C:\Users\emil\Downloads\PowerPoint_Orehoved_Havn.ppsx
2015-04-29 06:00 - 2013-12-19 18:37 - 00010875 _____ () C:\Users\emil\Downloads\deskriptiv table december 2013.xlsx
2015-04-29 06:00 - 2013-12-14 23:24 - 00092382 _____ () C:\Users\emil\Downloads\Three Level Models0 (1).pptx
2015-04-29 06:00 - 2013-12-14 23:23 - 00217015 _____ () C:\Users\emil\Downloads\Random Coefficient Models (4).pptx
2015-04-29 06:00 - 2013-12-14 23:09 - 00094252 _____ () C:\Users\emil\Downloads\Random Intercept Models (2).pptx
2015-04-29 06:00 - 2013-12-14 23:07 - 00121236 _____ () C:\Users\emil\Downloads\Between- and Within-Group Variance (2).pptx
2015-04-29 06:00 - 2013-12-11 23:29 - 00158608 _____ () C:\Users\emil\Downloads\School leadership and student performance in Danish elementary.pptx
2015-04-29 06:00 - 2013-12-11 14:53 - 00010244 _____ () C:\Users\emil\Downloads\descriptive.xlsx
2015-04-29 06:00 - 2013-12-11 01:26 - 00053760 _____ () C:\Users\emil\Downloads\hlm.xls
2015-04-29 06:00 - 2013-12-10 18:21 - 00217015 _____ () C:\Users\emil\Downloads\Random Coefficient Models (3).pptx
2015-04-29 06:00 - 2013-12-10 18:14 - 00121236 _____ () C:\Users\emil\Downloads\Between- and Within-Group Variance (1).pptx
2015-04-29 06:00 - 2013-12-02 16:49 - 02076467 _____ () C:\Users\emil\Downloads\pilot 2010 (4).dta
2015-04-29 06:00 - 2013-12-02 16:49 - 01316123 _____ () C:\Users\emil\Downloads\MI_GPdyads_M (1).dta
2015-04-29 06:00 - 2013-12-02 16:48 - 00217448 _____ () C:\Users\emil\Downloads\hsb (1).dta
2015-04-29 06:00 - 2013-12-02 16:05 - 00094944 _____ () C:\Users\emil\Downloads\Three Level Models0.pptx
2015-04-29 06:00 - 2013-11-25 16:05 - 00051933 _____ () C:\Users\emil\Downloads\Categorical Outcomes in HLM.pptx
2015-04-29 06:00 - 2013-11-18 16:50 - 00320899 _____ () C:\Users\emil\Downloads\Repeated Measures Models (1).pptx
2015-04-29 06:00 - 2013-11-18 16:42 - 02076467 _____ () C:\Users\emil\Downloads\pilot 2010 (3).dta
2015-04-29 06:00 - 2013-11-18 16:28 - 01316123 _____ () C:\Users\emil\Downloads\MI_GPdyads_M.dta
2015-04-29 06:00 - 2013-11-16 16:03 - 00495616 _____ () C:\Users\emil\Downloads\radyakin_usespss.ppt
2015-04-29 06:00 - 2013-11-16 15:34 - 00217015 _____ () C:\Users\emil\Downloads\Random Coefficient Models (2).pptx
2015-04-29 06:00 - 2013-11-16 15:33 - 00094252 _____ () C:\Users\emil\Downloads\Random Intercept Models (1).pptx
2015-04-29 06:00 - 2013-11-13 16:17 - 00320899 _____ () C:\Users\emil\Downloads\Repeated Measures Models.pptx
2015-04-29 06:00 - 2013-11-11 16:34 - 00217448 _____ () C:\Users\emil\Downloads\hsb.dta
2015-04-29 06:00 - 2013-11-11 16:17 - 00217015 _____ () C:\Users\emil\Downloads\Random Coefficient Models (1).pptx
2015-04-29 06:00 - 2013-11-02 21:01 - 00667643 _____ () C:\Users\emil\16 south st.xcf
2015-04-29 06:00 - 2013-10-28 15:04 - 00217015 _____ () C:\Users\emil\Downloads\Random Coefficient Models.pptx
2015-04-29 06:00 - 2013-10-28 15:04 - 00129541 _____ () C:\Users\emil\Downloads\Between- and Within-Group Variance.pptx
2015-04-29 06:00 - 2013-10-28 15:00 - 00094252 _____ () C:\Users\emil\Downloads\Random Intercept Models.pptx
2015-04-29 06:00 - 2013-10-27 16:10 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models (5).pptx
2015-04-29 06:00 - 2013-10-27 16:08 - 00246272 _____ () C:\Users\emil\Downloads\OLS regression (1).ppt
2015-04-29 06:00 - 2013-10-27 16:08 - 00192172 _____ () C:\Users\emil\Downloads\Measurement Models0 (1).pptx
2015-04-29 06:00 - 2013-10-27 16:07 - 00472064 _____ () C:\Users\emil\Downloads\Using Stata.ppt
2015-04-29 06:00 - 2013-10-21 15:04 - 00792628 _____ () C:\Users\emil\Downloads\Multigroup Models.pptx
2015-04-29 06:00 - 2013-10-08 20:35 - 00006263 _____ () C:\Users\emil\Downloads\Referat møde den 8. oktober 2013.odt
2015-04-29 06:00 - 2013-10-07 15:41 - 00567098 _____ () C:\Users\emil\Downloads\Structural Equation Models II (1).pptx
2015-04-29 06:00 - 2013-10-07 15:05 - 00574846 _____ () C:\Users\emil\Downloads\Structural Equation Models II.pptx
2015-04-29 06:00 - 2013-10-02 15:44 - 00207848 _____ () C:\Users\emil\Downloads\Structural Equation Models I (3).pptx
2015-04-29 06:00 - 2013-10-02 14:19 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models (4).pptx
2015-04-29 06:00 - 2013-10-02 14:14 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models (3).pptx
2015-04-29 06:00 - 2013-10-02 14:13 - 00192172 _____ () C:\Users\emil\Downloads\Measurement Models0.pptx
2015-04-29 06:00 - 2013-10-02 14:12 - 00207848 _____ () C:\Users\emil\Downloads\Structural Equation Models I (2).pptx
2015-04-29 06:00 - 2013-09-30 15:01 - 00207848 _____ () C:\Users\emil\Downloads\Structural Equation Models I (1).pptx
2015-04-29 06:00 - 2013-09-30 15:00 - 00207848 _____ () C:\Users\emil\Downloads\Structural Equation Models I.pptx
2015-04-29 06:00 - 2013-09-26 23:03 - 00080896 _____ () C:\Users\emil\Downloads\metodespecifikke variablers effekt 23SEP13 (3).xls
2015-04-29 06:00 - 2013-09-26 21:51 - 00080896 _____ () C:\Users\emil\Downloads\metodespecifikke variablers effekt 23SEP13 (2).xls
2015-04-29 06:00 - 2013-09-25 15:04 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models (2).pptx
2015-04-29 06:00 - 2013-09-25 14:18 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models (1).pptx
2015-04-29 06:00 - 2013-09-23 17:12 - 00080896 _____ () C:\Users\emil\Downloads\metodespecifikke variablers effekt 23SEP13 (1).xls
2015-04-29 06:00 - 2013-09-23 14:58 - 00147088 _____ () C:\Users\emil\Downloads\Structural Models.pptx
2015-04-29 06:00 - 2013-09-23 13:40 - 00080896 _____ () C:\Users\emil\Downloads\metodespecifikke variablers effekt 23SEP13.xls
2015-04-29 06:00 - 2013-09-16 15:33 - 02076467 _____ () C:\Users\emil\Downloads\pilot 2010 (2).dta
2015-04-29 06:00 - 2013-09-16 15:32 - 02076467 _____ () C:\Users\emil\Downloads\pilot 2010 (1).dta
2015-04-29 06:00 - 2013-09-16 15:05 - 00192148 _____ () C:\Users\emil\Downloads\Measurement Models (2).pptx
2015-04-29 06:00 - 2013-09-16 15:01 - 00192148 _____ () C:\Users\emil\Downloads\Measurement Models.pptx
2015-04-29 06:00 - 2013-09-16 15:01 - 00192148 _____ () C:\Users\emil\Downloads\Measurement Models (1).pptx
2015-04-29 06:00 - 2013-09-09 15:50 - 02076467 _____ () C:\Users\emil\Downloads\pilot 2010.dta
2015-04-29 06:00 - 2013-09-09 15:01 - 00244224 _____ () C:\Users\emil\Downloads\OLS regression.ppt
2015-04-29 05:59 - 2014-02-08 18:35 - 20109950 _____ () C:\Users\emil\Documents\hest_16southst.xcf
2015-04-29 05:59 - 2013-12-24 01:29 - 05540527 _____ () C:\Users\emil\Documents\maria 4.xcf
2015-04-29 05:59 - 2013-09-07 18:34 - 806676480 _____ () C:\Users\emil\Documents\OfficeProfessionalPlus_x64_en-us.img
2015-04-29 05:40 - 2015-02-22 09:47 - 00009144 _____ () C:\Users\emil\Desktop\Skyldner Mor og Far.xlsx
2015-04-25 17:47 - 2015-02-14 08:15 - 00000000 ____D () C:\Users\emil\AppData\Roaming\vlc
2015-04-25 16:19 - 2015-03-14 14:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-20 16:31 - 2015-01-20 08:09 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-04-20 16:29 - 2014-02-07 19:30 - 00000000 ____D () C:\Users\emil\Desktop\Misc
2015-04-15 17:02 - 2015-02-15 17:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 16:57 - 2015-01-20 08:10 - 00000167 _____ () C:\WINDOWS\win.ini
2015-04-13 10:43 - 2015-02-14 15:29 - 00000000 ____D () C:\ProgramData\Skype
2015-04-13 10:42 - 2015-02-14 15:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-05 17:30 - 2015-02-14 07:03 - 00000000 ____D () C:\Users\emil\AppData\Local\VirtualStore
2015-04-04 14:47 - 2015-02-14 07:17 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-04 14:43 - 2015-03-02 07:51 - 00000000 ____D () C:\Program Files\lenovo
2015-04-04 14:43 - 2015-03-02 07:51 - 00000000 ____D () C:\Program Files (x86)\Lenovo
 
==================== Files in the root of some directories =======
 
2015-04-29 10:19 - 2015-04-29 10:19 - 0000315 _____ () C:\Users\emil\AppData\Roaming\g2tqhjhewq211sg
2015-04-29 10:19 - 2015-04-29 10:19 - 0270336 _____ () C:\Users\emil\AppData\Roaming\Saving.Private.Ryan.1998.1080p.BrRip.x264.YIFY.mp4
 
Files to move or delete:
====================
C:\Users\emil\temp.dat
 
 
Some content of TEMP:
====================
C:\Users\emil\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\emil\AppData\Local\Temp\OLMAPI32.DLL
C:\Users\emil\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-01 22:39
 
==================== End Of Log ============================
 
And the ADDITION.log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by emil at 2015-05-04 15:36:42
Running from C:\Users\emil\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2272510467-948179748-2387830927-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2272510467-948179748-2387830927-503 - Limited - Disabled)
emil (S-1-5-21-2272510467-948179748-2387830927-1002 - Administrator - Enabled) => C:\Users\emil
Guest (S-1-5-21-2272510467-948179748-2387830927-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programunderstøttelse (32 bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple-programunderstøttelse (64 bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.3.0.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4339 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
BitTorrent (HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CCleaner, версия 4.14.4808 (HKLM-x32\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3993 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Juniper Citrix Services Client (HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Juniper_Citrix_Services) (Version: 7.1.0.19757 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\Juniper_Setup_Client) (Version: 7.1.5.14305 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.170 - Realtek Semiconductor Corp.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.45.6 - Synaptics Incorporated)
System Requirements Lab Detection (HKLM-x32\...\{672A3FC7-A947-437D-BE45-B976F439B4D0}) (Version: 6.1.1.0 - Husdawg, LLC)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2272510467-948179748-2387830927-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\emil\AppData\Local\Microsoft\OneDrive\17.3.4726.0226_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
29-04-2015 11:05:48 Installed AVG 2015
29-04-2015 11:06:58 Installed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-03-14 04:58 - 2015-03-14 04:57 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0729B92B-C756-4F9F-8DD9-9FE3AAECBB7E} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-03-25] (Synaptics Incorporated)
Task: {0C09EA99-2FA7-4CC6-BA60-0046A7502290} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_WnfDisplay => C:\windows\system32\MusNotification.exe [2015-03-14] (Microsoft Corporation)
Task: {1578AAF5-F18E-4B22-9AC5-EC42398D0F94} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-03-14] (Microsoft Corporation)
Task: {1C271648-FBF9-42FE-B30B-6A45AE4105B6} - \Microsoft\Windows\RAC\RacTask No Task File <==== ATTENTION
Task: {2073DC63-6F4F-4662-ACC1-9F28CA8EFD1E} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {24E7D347-C6B6-421F-8739-D4BA85C0EFD5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {2A8B98EB-3946-48E6-B46E-B520DF56BE64} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {2B914D57-EC7F-4B34-B681-70AA3DB8E1F0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {35FB7F99-049D-42BC-8EFF-12B67F3CF721} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-03-14] (Microsoft Corporation)
Task: {4BA00475-E00B-4DFD-B179-55E4073E8E4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {4C3E505D-6508-4E6D-9005-51A5D293C66A} - System32\Tasks\Microsoft\Windows\ContextManager\Triggers => C:\Windows\system32\ContextManagerNotificationHandler.exe
Task: {51AF124C-D430-4850-9741-4BAF9EB390A4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {553BB5D1-DECA-4939-AF56-95F3DFB8361A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ANDERSEN-emil Andersen => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {5ACAB365-3176-4648-8FAF-B25C3060DDCA} - System32\Tasks\Microsoft\Windows\ContextManager\Logon => C:\Windows\system32\ContextManagerNotificationHandler.exe
Task: {5E4759D6-53C1-4363-AB67-C52D4A0C42E8} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {5EB7B674-F765-4ED8-B79E-DCEFF742C9D4} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {710FFA34-340A-4E8D-AD9E-650B09B9E441} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {78DF3C32-B55A-4F39-9F09-94CDA211996C} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-03-14] (Microsoft Corporation)
Task: {7ED43EAD-070E-418B-A42D-5DEBD80ECEB9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-03-14] (Microsoft Corporation)
Task: {85E628D5-F70A-4C35-B18E-3E72C6A595C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {8C0D3280-4F9F-4EA5-945C-180B6B663622} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_RebootDisplay => C:\windows\system32\MusNotification.exe [2015-03-14] (Microsoft Corporation)
Task: {8E9C29E3-035C-4A20-88A1-242D647AB476} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-03-14] (Microsoft Corporation)
Task: {9AFF561F-7B0B-46E6-B77F-7D72C579DE1E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-03-14] (Microsoft Corporation)
Task: {A244FF79-8619-437F-A180-FB01B8460504} - System32\Tasks\Microsoft\Windows\User Data Service\Unistore Logon => C:\Windows\System32\UnistackSvcWrapper.exe [2015-03-14] (Microsoft Corporation)
Task: {A65DB340-2EA6-4875-970F-57AB72AC1AB6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-03-14] (Microsoft Corporation)
Task: {A9EB41F5-CB86-4FBA-BA8B-E861A38F7DF6} - System32\Tasks\Microsoft\Windows\Service Configuration\ConfigurationClient
Task: {AB9AFB2D-71F0-48DB-8965-A8AAFE331697} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AEAD4A8E-59B9-4939-917B-2A52FC91E519} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-03-14] (Microsoft Corporation)
Task: {B1A22C91-8F36-427D-A4AF-A4264F0039B0} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-03-14] (Microsoft Corporation)
Task: {B23F69AD-89D3-441E-8819-675802471972} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {B3B229C9-7E69-4BC9-AAB7-F5337A4B38F8} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-03-14] (Microsoft Corporation)
Task: {B7095521-DA9C-46BB-B3F3-91F6E73BF358} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {B8C98E5E-9A38-4AC0-BA3B-B9EED7D5EE2E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C8A23626-DD41-41B0-A459-63AF15ABC8AE} - System32\Tasks\Microsoft\Windows\NetworkDriverPlatform\TelemetryGatherer => C:\Windows\system32\NetCfgDiagnostics.exe [2015-03-14] (Microsoft Corporation)
Task: {C9F4BBDD-EA53-441E-A282-F5B85D986611} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {D3B971A4-AF52-49EF-B78E-2DF021891758} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\HypervisorFlightingTask
Task: {D72A07B1-5374-403A-BC2C-E792910C56F4} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {DA9DD096-A0DB-4B6D-A4F9-288DD4056D4F} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {E131D2A2-80ED-4733-8F25-26662293E2BF} - \Microsoft\Windows\SettingSync\BackupTask No Task File <==== ATTENTION
Task: {EEAB0498-AA46-43F7-9ABC-55B3C4A8DC4D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-11-21] (Lenovo)
Task: {F7CC0B29-231E-40FA-88A8-540239A2CF3A} - System32\Tasks\SpeechRuntimeTask => C:\Windows\system32\speech_onecore\common\SpeechRuntime.exe [2015-03-14] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-29 11:24 - 2015-04-29 11:24 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-03-14 04:50 - 2015-03-14 04:50 - 00348672 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-02-12 23:20 - 2015-02-12 23:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-12 23:20 - 2015-02-12 23:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-29 11:24 - 2015-04-29 11:24 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-02-15 17:29 - 2015-02-05 17:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-26 13:19 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-14 04:52 - 2015-03-14 04:52 - 02143960 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-03-14 04:52 - 2015-03-14 04:52 - 02143960 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-18 08:08 - 2015-03-18 08:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 05292544 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 01555968 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.ActionCenter.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00987648 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpViewUI.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00201728 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\BatteryFlyoutExperience.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00462336 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ClockFlyoutExperience.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 01180160 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\NetworkUX.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00312832 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00802816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickConnectUI.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00349696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SampleTrayFlyout.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00710656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SplitApp1.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00338432 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\TrayFlyoutTemplate.dll
2015-03-14 04:50 - 2015-03-14 04:50 - 00122880 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-04-29 11:24 - 2015-04-29 11:24 - 03033112 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-03-14 05:52 - 2015-03-14 05:52 - 05613568 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\SearchUI.exe
2015-03-14 05:52 - 2015-03-14 05:52 - 00131584 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Settings.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 02981888 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\CortanaApi.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 01966080 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\RemindersUI.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00097792 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Authentication.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00065024 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Greetings.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00250368 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.BackgroundTask.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00619008 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Actions.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00308224 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.LiveTiles.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 01023488 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.IntentExtraction.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00133632 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Dss.BackgroundTask.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00080896 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\PersonaX.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00310784 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Places.ViewModels.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00461312 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.NodeWinrtWrap.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00215040 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Persona.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00100352 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.Location.dll
2015-03-14 05:52 - 2015-03-14 05:52 - 00179200 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00395776 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00793600 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00957440 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00202752 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00556544 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\cortana.settings\bin\NodeRT_Cortana_Settings.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00092160 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-03-14 05:52 - 2015-03-14 05:52 - 01538560 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.storage\bin\NodeRT_Windows_Storage.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00300544 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\windows.system.userprofile\bin\NodeRT_Windows_System_UserProfile.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00177664 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\cortana.authentication\bin\NodeRT_Cortana_Authentication.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00053760 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\dss_service\node_modules\cortana.system\bin\NodeRT_Cortana_System.node
2015-03-14 05:52 - 2015-03-14 05:52 - 00037376 _____ () C:\Program Files\WindowsApps\Microsoft.Cortana_1.4.2.152_x64__8wekyb3d8bbwe\Cortana.System.dll
2015-04-29 11:24 - 2015-04-29 11:24 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll
2015-04-29 11:24 - 2015-04-29 11:24 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-04-29 11:24 - 2015-04-29 11:24 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-02-15 17:29 - 2015-02-05 17:01 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-04-29 06:39 - 2015-04-27 22:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-29 06:39 - 2015-04-27 22:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\emil\OneDrive:ms-properties
AlternateDataStreams: C:\Users\emil\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreUIRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreUIRegistrar => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\emil\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img-20150201-wa0004.jpg
DNS Servers: 192.168.11.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2272510467-948179748-2387830927-1002\...\StartupApproved\Run: => "Ifsoft"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{5923ABAE-FA2A-41C4-A5AF-C86F2509B648}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{2B1B74EF-4F40-4B55-B094-89B0D2AEE735}] => (Allow) C:\WINDOWS\explorer.exe
FirewallRules: [{2CE45C76-EEB0-4F98-8E99-2DC9F801F6F1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E0BDB2CB-6F47-48EE-8EFE-5AA6DBA29813}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{86F2D050-CE17-4758-9E52-91DF756B0365}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0F52424D-48E4-4358-9635-5CAAF2187697}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{857223B0-2BB4-4D00-9123-6DB9EC3FE4E6}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [TCP Query User{D57A5C0D-9D4F-41DF-BBBA-911033E86AF0}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [{52AC547D-D1B7-47B2-8732-5BB8EEBEFCEF}] => (Allow) C:\Users\emil\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{930484C7-63C5-45FF-8B2A-E5EBCFAACCCF}] => (Allow) C:\Users\emil\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8A07C6FA-4ABE-4BDF-B4A6-4AC8BF186DEA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{58F886AE-4830-4B72-B7AD-9A2107EE5DD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1FF0FEC0-5B0F-4F81-9ECB-97FBDCAA768E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{95398EE9-0B8C-4DD3-8E48-E8EC9B94084F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B2A66DD-D390-4778-A70E-21784F59D659}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DEC19C7-A6D6-4C19-BD0E-521903758297}] => (Allow) C:\Program Files\Microsoft Office\Office15\outlook.exe
FirewallRules: [{30435954-97C8-4482-BD76-E51C41571A5E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D0425344-4414-4F54-92DC-1F810196F26A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{902CE6B3-2C7A-4EC9-B9F3-F1195257B10E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{57AB3F3A-38EB-4FF5-820E-EA69FB9BEBB1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{444FD2AA-DA42-49F4-95F4-5BA61E4AD566}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{320F87E1-4B34-4890-952F-56725C81E958}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{87896BD8-B84E-41DA-A8A3-8CC730F4D930}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BE7CF938-7385-48B7-B6C0-2C15B2A79D40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1D6AB7DA-1140-4AE1-BAD2-375635BA67BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF0AD7C5-180B-4F09-9C6A-E195858F916E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{E1884537-5573-41C4-8BF3-AE45B0688FAF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3563728E-E144-4438-BAE4-D36C63D2375A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{84A92562-C147-40DF-BF5B-31361D9382A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1607C1F3-00A7-4795-B69C-6470ED6601F8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0C203EB4-1E87-42D4-92A4-068C4842074B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{2BF7529C-34C4-4A18-ABFB-4F03D082C75E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{A92B9210-7574-4A3D-BC6C-1AF3110A97DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{5DDA1FBF-7FA9-47C0-B0E1-B5E6EE6F71A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{400FA58D-793D-4209-ABED-50734E953220}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{DD310907-4469-4756-8C94-71FA8E14FA40}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{B26289CE-4F10-458E-BF69-721950D48C02}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
 
==================== Faulty Device Manager Devices =============
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: USB Audio Device
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: TV (Intel® Display Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service: 
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Microsoft Streaming Quality Manager Proxy
Description: Microsoft Streaming Quality Manager Proxy
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: MSPQM
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Currently, this hardware device is not connected to the computer. (Code 45).
Resolution: The device is not present or was previously attached to the computer.
To fix this problem, reconnect this hardware device to the computer.
If Device Manager is started with the environment variable DEVMGR_SHOW_NONPRESENT_DEVICES set to 1 (which means show these devices), then any previously attached (NONPRESENT) devices are displayed in the device list and assigned this error code.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/04/2015 02:25:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/01/2015 01:58:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/01/2015 01:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program lockapp.windows.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: e90
 
Start Time: 01d08398001e1acb
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbwe\lockapp.windows.exe
 
Report Id: bda5e996-f02a-11e4-ab59-089e0132d065
 
Faulting package full name: Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbwe
 
Faulting package-relative application ID: LockApp
 
Error: (05/01/2015 01:52:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANDERSEN)
Description: Activation of app Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (05/01/2015 01:51:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ANDERSEN)
Description: App Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbwe+LockApp did not launch within its allotted time.
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7875
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7875
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:48:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (860) {11EAB1EC-C7F7-4781-835B-A2BF80BBE1FC}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\emil\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
 
Error: (04/30/2015 06:48:55 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (860) {11EAB1EC-C7F7-4781-835B-A2BF80BBE1FC}: An attempt to open the file "C:\Users\emil\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (05/02/2015 02:01:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: Microsoft.ZuneVideo.
 
Error: (05/02/2015 02:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: E046963F.LenovoCompanion.
 
Error: (05/02/2015 02:01:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: Microsoft.BingFoodAndDrink.
 
Error: (05/02/2015 02:01:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf1: Microsoft.Reader.
 
Error: (05/01/2015 11:08:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: Microsoft.ZuneVideo.
 
Error: (05/01/2015 11:07:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: E046963F.LenovoCompanion.
 
Error: (05/01/2015 11:07:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: Microsoft.BingFoodAndDrink.
 
Error: (05/01/2015 11:07:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073cf1: Microsoft.Reader.
 
Error: (05/01/2015 10:36:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: Microsoft.ZuneVideo.
 
Error: (05/01/2015 10:36:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070006: E046963F.LenovoCompanion.
 
 
Microsoft Office Sessions:
=========================
Error: (05/04/2015 02:25:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"c:\program files (x86)\steam\steamlibrary\steamapps\common\total war shogun 2\benchmarks\benchmark_output.exe
 
Error: (05/01/2015 01:58:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"c:\program files (x86)\steam\steamlibrary\steamapps\common\total war shogun 2\benchmarks\benchmark_output.exe
 
Error: (05/01/2015 01:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: lockapp.windows.exe0.0.0.0e9001d08398001e1acb4294967295C:\Program Files\WindowsApps\Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbwe\lockapp.windows.exebda5e996-f02a-11e4-ab59-089e0132d065Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbweLockApp
 
Error: (05/01/2015 01:52:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ANDERSEN)
Description: Microsoft.WindowsDefaultLockScreen_8wekyb3d8bbwe!LockApp-2144927142
 
Error: (05/01/2015 01:51:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ANDERSEN)
Description: Microsoft.WindowsDefaultLockScreen_1.0.0.0_x64_NorthAmerica_8wekyb3d8bbwe+LockApp
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7875
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7875
 
Error: (04/30/2015 06:50:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/30/2015 06:48:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost860{11EAB1EC-C7F7-4781-835B-A2BF80BBE1FC}: C:\Users\emil\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log-1032 (0xfffffbf8)
 
Error: (04/30/2015 06:48:55 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost860{11EAB1EC-C7F7-4781-835B-A2BF80BBE1FC}: C:\Users\emil\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-29 11:13:28.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:28.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.759
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.589
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.544
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-04-29 11:13:27.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 47%
Total physical RAM: 8050.64 MB
Available physical RAM: 4233.16 MB
Total Pagefile: 9330.64 MB
Available Pagefile: 5070.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:650.96 GB) (Free:394.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: D8238520)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: F1A1AB98)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 


BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 PM

Posted 09 May 2015 - 05:22 AM

Hi!

Welcome to the Bleeping Computer Technical Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.
  • Rules about advices from me:
    • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
    • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
    • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
    • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • You can check here if you're not sure if your computer is 32-bit or 64-bit.
    Rules about posting results:
    • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
    • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
    • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.
    Things I want you to do before performing the steps below:
    • Please enable your system to show hidden files: How to see hidden files in Windows.
    • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
    • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.
    -------------------------------------------------------------------------------------------------------------------------------------------------------
    Thanks in advance for keeping above rules in mind. :)
    Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

    Now, let's continue with the steps you need to do:
    -------------------------------------------------------------------------------------------------------------------------------------------------------
     
    1. IDToolbyNathan.pngIDTool
    • Please download IDTool and save the file to your Desktop.
    • Right-Click idtool.zip and click Extract All. Select your Desktop and click Extract.
    • Right-Click IDTool.exe and click AVOiBNU.jpg Run as administrator to run the programme.
    • If you're prompted to download and install Micorsoft .NET Framework, please agree.
    • Allow the programme to collect the necessary data.
    • Once the main console is loaded, click Rescan Computer and Generate a New Report.
    • Upon completion, and when prompted that the rescan is complete, click Generate Text Friendly Report for Forums.
    • Copy the contents of the report and paste in your next reply.
    2. Download Malwarebytes' Anti-Malware and save it to your Desktop.
    If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 1-A.2-A. Start Malwarebytes' Anti-Malware.
    • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
    • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
    • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
    • Follow the instructions given by Malwarebytes' Anti-Malware.
    • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
    • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
    • Save the logfile in txt-format and copy/paste it in your next reply.
    • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).
    3. Start Farbar Recovery Scan Tool
    • If asked, click Yes at the Disclaimer window.
    • Click Scan once the program has opened.
    • It will create a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    4. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6. Also, please tell me if you lost any personal files due to this crypto-ransomware infection or if you got back-ups from these files.

    Good luck! :)

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 PM

Posted 21 May 2015 - 05:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users