Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU Usage


  • This topic is locked This topic is locked
13 replies to this topic

#1 Sobotka

Sobotka

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 14 May 2015 - 06:45 AM

Hi, I initially created this topic: http://www.bleepingcomputer.com/forums/t/575394/laptop-suddenly-borderline-unusable-cpu-usage-at-100/ and after a few scans and removal tools, my problem seemed to be fixed, but the next day the lag was crippling once again. The helpful InaduquateInfirmity walked me through several removal and scanning tools whose logs are all posted in that topic.
 
I sometimes get moments, differing from maybe 20 seconds to 4 minutes, where the CPU usage is at an 'acceptable' level but using the computer to do anything is impossible. I don't exactly know how I can explain my problems, partially because my knowledge of computers is fairly limited and partially because I don't get any error messages or warnings. 
 
It might be of note that I am now using Microsoft Security Essentials instead of F-Secure AntiVirus because, when I uninstalled it for one of the scans recommended by InadequateInfirmity, I forgot that I don't have a subscription code or anything to get an F-Secure account with.
 
If there is any information that someone might need to help me, just tell me and I will do my best to supply it for you.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Felix (administrator) on NTI-DATOR on 14-05-2015 13:15:09
Running from C:\Users\nti\Downloads
Loaded Profiles: Felix (Available profiles: ntiadmin & Felix)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Users\nti\AppData\Local\Temp\33669D4A-6E59-41D5-B9CF-8AE629DF9CF5\DismHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Run: [AdobeBridge] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4178830230-840208190-3737897398-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-01] (Atheros Commnucations)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-13] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150
 
FireFox:
========
FF ProfilePath: C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-05-12] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4178830230-840208190-3737897398-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-4178830230-840208190-3737897398-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\nti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-01] (Unity Technologies ApS)
FF Extension: Twitch.tv Stream Browser - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\Extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi [2014-05-31]
FF Extension: Enhanced Steam - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\Extensions\jid0-SmvlvxGpvCyG252KbVMqIKR79Uc@jetpack.xpi [2014-06-22]
FF Extension: Media Hint - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\Extensions\mediahint@jetpack.xpi [2013-04-18]
FF Extension: Adblock Plus - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-28]
FF HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [Not Found]
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://facebook.com/
CHR StartupUrls: Profile 1 -> "hxxp://google.se/"
CHR DefaultSuggestURL: Profile 1 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-23]
CHR Extension: (Google Drive) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-23]
CHR Extension: (YouTube) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-23]
CHR Extension: (Google Search) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-23]
CHR Extension: (Skype Click to Call) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-23]
CHR Profile: C:\Users\nti\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (WOT) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-13]
CHR Extension: (Bookmark Manager) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-08]
CHR Extension: (Google Wallet) - C:\Users\nti\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2011-04-27] (AMD) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-01] (Atheros) [File not signed]
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-01] (Atheros Commnucations) [File not signed]
S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-31] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
S4 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 Tieto Component Manager Service; C:\Program Files (x86)\Tieto\Welfare\TCMService\tcmservice.exe [1178112 2010-11-29] () [File not signed]
S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-13] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-03-03] (Ericsson AB)
S4 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12036464 2015-05-08] (Zemana Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9319424 2011-04-27] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [303616 2011-04-27] (Advanced Micro Devices, Inc.) [File not signed]
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 FSES; C:\Windows\System32\drivers\fses.sys [46832 2011-03-17] (F-Secure Corporation)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [36352 2014-06-27] (SteelSeries ApS)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-05-06] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [277032 2011-03-03] (Ericsson AB)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [108408 2015-05-07] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [108408 2015-05-07] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 13:15 - 2015-05-14 13:18 - 00020652 _____ () C:\Users\nti\Downloads\FRST.txt.txt
2015-05-14 13:14 - 2015-05-14 13:16 - 00000000 ____D () C:\FRST
2015-05-14 13:13 - 2015-05-14 13:14 - 02105856 _____ (Farbar) C:\Users\nti\Downloads\FRST64.exe
2015-05-14 13:13 - 2015-05-14 13:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-14 13:13 - 2015-05-14 13:13 - 00000000 _____ () C:\Windows\setupact.log
2015-05-14 10:16 - 2015-05-14 10:16 - 00001007 _____ () C:\Users\nti\Desktop\SpeedFan.lnk
2015-05-14 10:16 - 2015-05-14 10:16 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-05-14 10:15 - 2015-05-14 10:26 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-05-14 10:15 - 2015-05-14 10:15 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-05-14 10:14 - 2015-05-14 10:15 - 02218504 _____ () C:\Users\nti\Downloads\instspeedfan451.exe
2015-05-13 23:13 - 2015-05-13 23:13 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 23:12 - 2015-05-13 23:12 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 23:12 - 2015-05-13 23:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 23:11 - 2015-05-13 23:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 23:10 - 2015-05-13 23:11 - 14260416 _____ (Microsoft Corporation) C:\Users\nti\Downloads\mseinstall.exe
2015-05-13 23:08 - 2015-05-13 23:08 - 00005004 _____ () C:\Users\nti\Desktop\startup.txt
2015-05-13 23:07 - 2015-05-13 23:07 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-13 23:06 - 2015-05-13 23:09 - 00000000 ____D () C:\Users\nti\AppData\Local\F-Secure
2015-05-13 23:05 - 2015-05-13 23:06 - 00847912 _____ (F-Secure Corporation) C:\Users\nti\Downloads\F-SecureNetworkInstaller.exe
2015-05-13 23:04 - 2015-05-13 23:05 - 06484352 _____ (Piriform Ltd) C:\Users\nti\Downloads\ccsetup505.exe
2015-05-13 22:13 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:13 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 22:04 - 2015-05-13 22:04 - 00003186 _____ () C:\Windows\System32\Tasks\{0EC49F64-C137-4755-84B0-FA007F378725}
2015-05-13 21:54 - 2015-05-13 22:04 - 11231944 _____ (ESET) C:\Users\nti\Downloads\avremover_nt64_enu.exe
2015-05-13 21:43 - 2015-05-13 21:43 - 00000796 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-05-13 21:43 - 2015-05-13 21:43 - 00000000 ____D () C:\Program Files\Speccy
2015-05-13 21:37 - 2015-05-13 21:37 - 00000975 _____ () C:\DelFix.txt
2015-05-13 21:37 - 2015-05-13 21:37 - 00000000 ____D () C:\Windows\ERUNT
2015-05-13 21:11 - 2015-05-13 21:11 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-13 21:10 - 2015-05-13 21:10 - 00000000 ____D () C:\Program Files\VideoLAN
2015-05-13 21:09 - 2015-05-13 21:09 - 00776280 _____ (Toolwiz.com. ) C:\Users\nti\Downloads\Setup_SmartDefrag.exe
2015-05-13 21:09 - 2015-05-13 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE
2015-05-13 21:09 - 2015-05-13 21:09 - 00000000 ____D () C:\Program Files (x86)\Toolwiz Smart Defrag FREE
2015-05-13 21:07 - 2015-05-13 21:41 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-13 21:07 - 2015-05-13 21:07 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-13 21:07 - 2015-05-13 21:07 - 00001019 _____ () C:\Users\Public\Desktop\Unchecky.lnk
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\ProgramData\Unchecky
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\Program Files\iTunes
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\Program Files\iPod
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-13 21:07 - 2015-05-13 21:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-13 21:06 - 2015-05-13 21:06 - 03020968 _____ (Malwarebytes ) C:\Users\nti\Downloads\mbae-setup-1.06.1.1019.exe
2015-05-13 21:06 - 2015-05-13 21:06 - 00204496 _____ (Malwarebytes) C:\Users\nti\Downloads\startuplite-setup-1.07.exe
2015-05-13 21:05 - 2015-05-13 21:06 - 01142616 _____ (RaMMicHaeL) C:\Users\nti\Downloads\unchecky_setup.exe
2015-05-13 21:04 - 2015-05-13 21:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-13 21:04 - 2015-05-13 21:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-13 21:04 - 2015-05-13 21:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-13 20:52 - 2015-05-13 20:52 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-13 20:52 - 2015-05-13 20:52 - 00001007 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-13 20:45 - 2015-05-13 20:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-05-13 20:44 - 2015-05-13 20:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-05-13 20:44 - 2015-05-13 20:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-05-13 20:44 - 2015-05-13 20:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-13 20:44 - 2015-05-13 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-13 20:44 - 2015-05-13 20:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-13 20:40 - 2015-05-13 21:13 - 00000000 ____D () C:\PatchMyPCUpdates
2015-05-13 20:37 - 2015-05-13 20:37 - 00554528 _____ (www.patchmypc.net) C:\Users\nti\Downloads\PatchMyPC.exe
2015-05-13 19:03 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 19:03 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 19:03 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 19:03 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 19:03 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 19:03 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 19:03 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 19:03 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 19:03 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 19:03 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 19:03 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 19:03 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 19:03 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 19:03 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 19:03 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 19:03 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 19:03 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 19:03 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 19:03 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 19:03 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 19:03 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 19:03 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 19:03 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 19:03 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 19:03 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 19:03 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 19:03 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 19:03 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 19:03 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 19:03 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 19:03 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 19:03 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 19:03 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 19:03 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 19:03 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 19:03 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 19:03 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 19:03 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 19:03 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 19:03 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 19:03 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 19:03 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 19:03 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 19:03 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 19:03 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 19:03 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 19:03 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 19:03 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 19:03 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 19:03 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 19:03 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 19:03 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 19:03 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 19:03 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 19:03 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 19:03 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 19:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 19:03 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 19:03 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 19:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 19:03 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 19:03 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 19:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 19:03 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 19:03 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 19:03 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 19:03 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 19:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 19:03 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 19:03 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 19:03 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 19:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 19:03 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 19:03 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 19:03 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 19:03 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 19:03 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 19:03 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 19:03 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 19:03 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 19:03 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 19:03 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 19:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 19:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 19:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 19:03 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 19:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 19:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 19:03 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 19:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 19:03 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 19:03 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 19:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 19:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 19:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 19:03 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 19:03 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 19:03 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 19:02 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 19:02 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 19:02 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 19:02 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 19:02 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 19:02 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 19:02 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 19:02 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 19:02 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 19:02 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 19:02 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 19:02 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 19:02 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 19:02 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 19:02 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 19:02 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 19:02 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 19:02 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 18:22 - 2015-05-13 18:22 - 00003288 _____ () C:\bootsqm.dat
2015-05-13 18:08 - 2015-05-13 18:09 - 00000000 ____D () C:\Users\nti\Desktop\Tweaking.com - Windows Repair
2015-05-13 18:07 - 2015-05-13 18:08 - 10697996 _____ () C:\Users\nti\Downloads\tweaking.com_windows_repair_aio.zip
2015-05-13 17:34 - 2015-05-13 17:34 - 00000318 _____ () C:\Users\nti\Desktop\Curse Client.appref-ms
2015-05-13 17:34 - 2015-05-13 17:34 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-05-13 17:18 - 2015-05-14 12:45 - 00007380 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 17:49 - 2015-05-11 18:41 - 00001087 _____ () C:\Users\Public\Desktop\Removal Tool.lnk
2015-05-11 17:49 - 2015-05-11 17:49 - 00000000 ____D () C:\Users\nti\AppData\Roaming\9-lab
2015-05-11 17:49 - 2015-05-11 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
2015-05-11 17:49 - 2015-05-11 17:49 - 00000000 ____D () C:\ProgramData\9-lab
2015-05-11 17:49 - 2015-05-11 17:49 - 00000000 ____D () C:\Program Files\9-lab
2015-05-11 17:48 - 2015-05-11 17:48 - 06201160 _____ () C:\Users\nti\Downloads\rmtool-setup-x64.exe
2015-05-11 17:47 - 2015-05-11 18:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-11 17:47 - 2015-05-11 17:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 17:47 - 2015-05-11 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 17:46 - 2015-05-11 17:46 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 17:45 - 2015-05-11 17:45 - 16502728 _____ (Malwarebytes Corp.) C:\Users\nti\Downloads\mbar-1.09.1.1004.exe
2015-05-09 08:44 - 2015-05-10 19:06 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_164
2015-05-09 08:43 - 2015-05-09 08:43 - 00000306 _____ () C:\Users\nti\Desktop\ESETscan.txt
2015-05-07 22:42 - 2015-05-07 22:42 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-07 22:15 - 2015-05-11 20:51 - 00000000 ____D () C:\Users\nti\AppData\Roaming\ZHP.$quar
2015-05-07 22:00 - 2015-05-08 00:22 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-05-07 22:00 - 2015-05-07 22:00 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-05-07 21:59 - 2015-05-13 20:38 - 00117456 _____ () C:\Users\nti\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-07 21:59 - 2015-05-07 21:59 - 00753184 _____ () C:\Users\nti\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-05-07 21:42 - 2015-05-07 21:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NTI-DATOR-Windows-7-Enterprise-(64-bit).dat
2015-05-07 20:50 - 2015-05-11 18:37 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiMalware
2015-05-07 20:50 - 2015-05-11 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-05-07 20:50 - 2015-05-07 20:50 - 00108408 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-05-07 20:49 - 2015-05-07 20:49 - 04720464 _____ (Zemana Ltd. ) C:\Users\nti\Downloads\ZAMv2.11.2.62.Setup.exe
2015-05-07 20:49 - 2015-05-07 20:49 - 00108408 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2015-05-07 20:49 - 2015-05-07 20:49 - 00000000 ____D () C:\Users\nti\AppData\Local\Zemana
2015-05-07 06:14 - 2015-05-07 06:14 - 00024569 _____ () C:\Users\nti\Desktop\MWAV.LOG
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\rundll16.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo1_.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo_1.exe
2015-05-06 22:21 - 2015-05-06 22:21 - 00000029 _____ () C:\Windows\Lic.xxx
2015-05-06 22:21 - 2015-05-06 22:20 - 00350160 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-05-06 22:20 - 2015-05-06 22:20 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-05-06 22:20 - 2015-05-06 22:20 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-05-06 22:20 - 2015-05-06 22:20 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-05-06 22:20 - 2015-05-06 22:20 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2015-05-06 22:20 - 2015-05-06 22:20 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2015-05-06 22:20 - 2015-05-06 22:20 - 00001016 _____ () C:\Users\nti\Desktop\MWAVSCAN.lnk
2015-05-06 22:20 - 2015-05-06 22:20 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-05-06 22:17 - 2015-05-06 22:19 - 158158304 _____ () C:\Users\nti\Downloads\mwav.exe
2015-05-06 22:10 - 2015-05-13 23:36 - 00000000 ____D () C:\Windows\pss
2015-05-06 21:14 - 2015-05-13 23:07 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-06 21:14 - 2015-05-06 21:14 - 00002792 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-05-06 21:09 - 2015-05-06 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2015-05-06 21:08 - 2015-05-06 22:11 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-05-06 21:07 - 2015-05-06 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
2015-05-06 21:06 - 2015-05-13 23:46 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Wipe
2015-05-06 21:06 - 2015-05-06 21:07 - 00000000 ____D () C:\Program Files\Wipe
2015-05-06 21:04 - 2015-05-06 21:04 - 00546456 _____ (www.privacyroot.com) C:\Users\nti\Downloads\setup_wipe.exe
2015-04-19 17:52 - 2015-05-05 17:43 - 00007598 _____ () C:\Users\nti\AppData\Local\Resmon.ResmonCfg
2015-04-19 14:55 - 2015-04-19 14:55 - 00000000 ___HD () C:\Users\nti\InstallAnywhere
2015-04-19 14:51 - 2015-04-19 14:53 - 109567016 _____ (Zenimax Media Inc) C:\Users\nti\Downloads\Install_ESO.exe
2015-04-16 16:06 - 2015-04-16 16:06 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-15 14:53 - 2015-04-18 11:04 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Public Test
2015-04-15 11:29 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 11:29 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 11:29 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 11:29 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 11:29 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 11:29 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 11:29 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 11:29 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 11:29 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 11:29 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 11:29 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 11:29 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 11:29 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 11:29 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 11:29 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 11:29 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 11:29 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 11:29 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 11:29 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 11:28 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 11:28 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 11:28 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 11:28 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 11:28 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 11:26 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 11:25 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 11:25 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 11:25 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 03:38 - 2015-04-14 03:38 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 13:18 - 2009-07-14 06:45 - 00024416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 13:18 - 2009-07-14 06:45 - 00024416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 13:06 - 2013-04-17 14:23 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 12:46 - 2009-07-14 15:04 - 00694338 _____ () C:\Windows\system32\perfh01D.dat
2015-05-14 12:46 - 2009-07-14 15:04 - 00153190 _____ () C:\Windows\system32\perfc01D.dat
2015-05-14 12:46 - 2009-07-14 07:13 - 01695456 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 12:42 - 2013-07-23 19:45 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 12:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 12:31 - 2013-08-20 22:31 - 00000000 ____D () C:\Users\nti\AppData\Local\Battle.net
2015-05-14 10:12 - 2014-08-15 02:00 - 00000000 ____D () C:\Users\nti\AppData\Local\Adobe
2015-05-13 23:56 - 2013-04-21 22:49 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-13 23:33 - 2013-04-17 14:34 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Skype
2015-05-13 23:32 - 2013-04-17 14:43 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Spotify
2015-05-13 23:29 - 2013-10-21 21:12 - 00000000 ____D () C:\Users\nti\AppData\Local\Deployment
2015-05-13 23:29 - 2013-04-17 14:43 - 00000000 ____D () C:\Users\nti\AppData\Local\Spotify
2015-05-13 23:27 - 2011-05-18 14:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-05-13 23:09 - 2011-05-18 14:52 - 00000000 ____D () C:\ProgramData\F-Secure
2015-05-13 23:00 - 2009-07-14 06:45 - 04987720 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 22:57 - 2009-07-14 15:23 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 22:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 22:55 - 2011-05-18 14:52 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-05-13 22:46 - 2011-05-18 14:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 22:41 - 2013-08-19 09:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 22:17 - 2011-05-18 13:13 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:40 - 2013-04-19 21:26 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 21:40 - 2013-04-19 21:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 21:40 - 2013-04-17 14:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-13 21:13 - 2013-04-17 14:33 - 00000000 ____D () C:\ProgramData\Skype
2015-05-13 21:11 - 2015-02-10 11:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-13 21:11 - 2013-04-24 12:26 - 00000000 ____D () C:\Users\nti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-13 21:11 - 2013-04-24 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-13 21:11 - 2013-04-17 20:12 - 00271492 _____ () C:\Program Files\plugins.dat
2015-05-13 21:07 - 2014-06-16 11:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-05-13 21:07 - 2014-01-21 21:15 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-13 20:52 - 2014-12-12 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 20:52 - 2014-04-30 14:44 - 00001019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-13 20:52 - 2014-04-30 14:44 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-05-13 20:52 - 2013-04-17 14:24 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-13 20:49 - 2013-04-19 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 20:43 - 2013-04-17 14:23 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-13 20:43 - 2013-04-17 14:23 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-13 20:43 - 2011-05-18 15:19 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 20:42 - 2011-05-24 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-13 20:34 - 2009-07-14 15:23 - 00000000 ____D () C:\Windows\CSC
2015-05-13 20:23 - 2009-07-14 04:34 - 00000571 _____ () C:\Windows\win.ini
2015-05-12 19:31 - 2015-02-05 13:07 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-05-11 20:51 - 2011-05-19 12:26 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2015-05-11 20:22 - 2013-08-20 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-06 22:06 - 2013-12-17 18:45 - 00000000 ____D () C:\Users\nti\AppData\Local\The Lord of the Rings Online
2015-05-06 22:06 - 2013-12-16 23:41 - 00000000 ____D () C:\Users\nti\AppData\Local\Turbine
2015-05-06 22:06 - 2013-07-24 23:13 - 00000000 ____D () C:\ProgramData\HappyCloud
2015-05-06 22:05 - 2011-05-18 11:02 - 00000000 ____D () C:\Windows\Panther
2015-05-06 22:02 - 2013-04-25 17:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-05-04 20:32 - 2013-05-26 17:31 - 00000000 ____D () C:\ProgramData\Origin
2015-05-01 23:11 - 2011-06-27 11:02 - 00000000 ____D () C:\Users\nti
2015-04-21 13:57 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-17 21:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 21:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 17:28 - 2013-04-17 19:35 - 00000000 ____D () C:\Users\nti\AppData\Roaming\uTorrent
2015-04-16 15:00 - 2014-12-12 13:25 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 15:00 - 2014-05-07 09:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 14:56 - 2011-05-18 14:52 - 01772962 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 21:27 - 2013-11-25 20:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
 
==================== Files in the root of some directories =======
 
2013-04-17 20:12 - 2015-05-13 21:11 - 0271492 _____ () C:\Program Files\plugins.dat
2013-04-24 10:09 - 2013-04-24 10:09 - 0001456 _____ () C:\Users\nti\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-06-21 12:22 - 2014-08-03 14:41 - 0000782 _____ () C:\Users\nti\AppData\Local\PMB Files.聰an
2015-04-19 17:52 - 2015-05-05 17:43 - 0007598 _____ () C:\Users\nti\AppData\Local\Resmon.ResmonCfg
2014-12-03 02:41 - 2014-12-03 02:41 - 0000000 _____ () C:\Users\nti\AppData\Local\{8FF6BEC3-7D17-4135-A556-59B76698BD89}
2014-12-28 13:06 - 2014-12-28 13:20 - 0000821 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\nti\AppData\Local\Temp\sfamcc00001.dll
C:\Users\nti\AppData\Local\Temp\sfextra.dll
C:\Users\ntiadmin\AppData\Local\Temp\InstallAX.exe
C:\Users\ntiadmin\AppData\Local\Temp\InstallPlugin.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-07 00:59
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Felix at 2015-05-14 13:20:38
Running from C:\Users\nti\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-4178830230-840208190-3737897398-500 - Administrator - Disabled)
Felix (S-1-5-21-4178830230-840208190-3737897398-1001 - Administrator - Enabled) => C:\Users\nti
Gäst (S-1-5-21-4178830230-840208190-3737897398-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4178830230-840208190-3737897398-1003 - Limited - Enabled)
ntiadmin (S-1-5-21-4178830230-840208190-3737897398-1000 - Administrator - Enabled) => C:\Users\ntiadmin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (32-bitar) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple-programstöd (64-bitar) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{64C0356C-C3E0-032C-3A3D-341FD4623165}) (Version: 3.0.820.0 - ATI Technologies, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.60 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Curse Client (HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version: - Red Hook Studios)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
FTP Commander (HKLM-x32\...\FTP Commander) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
HP HotKey Support (HKLM\...\{C7DE562C-7AEB-465F-9E71-73023C3917D9}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{0FBB8EF6-477C-463D-B847-DD0E77E761B5}) (Version: 4.0.96.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools för Office Runtime (x64) Language Pack - SVE (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - SVE) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Preinstall90 (HKLM-x32\...\{FB0F8EDB-AE60-44BE-BD7D-9157A20363DD}) (Version: 1.0.5 - Tieto)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.445.23476 - SteelSeries)
SteelSeries Engine 3.2.6 (HKLM\...\SteelSeries Engine 3) (Version: 3.2.6 - SteelSeries ApS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Ninja version 3.0.6 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{52E65A50-082D-46FB-A306-491929B9AD3E}) (Version: 2.0.0.0 - Husdawg, LLC)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version: - Telltale Games)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toolwiz Smart Defrag 2011 (HKLM-x32\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unchecky v0.3.7.5 (HKLM-x32\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
Unity Web Player (HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unreal Development Kit: 2012-10 (HKLM\...\UDK-916f24fe-d665-468e-90bf-099d3820e701) (Version: - Epic Games, Inc.)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wipe (HKLM\...\wipe) (Version: 2015.04 - PrivacyRoot.com)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.11.1.366 - Zemana Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4178830230-840208190-3737897398-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
CustomCLSID: HKU\S-1-5-21-4178830230-840208190-3737897398-1001_Classes\CLSID\{bd0c834d-4d75-495d-abfc-5b15d4a40fcc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points =========================

13-05-2015 21:37:35 End of disinfection
13-05-2015 22:11:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-09 08:44 - 2015-05-13 23:29 - 00002022 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0520E4A6-35ED-4B4F-88D2-9C89380B7E8E} - System32\Tasks\{FC346A65-7E60-40CC-BE4D-474FD907F731} => pcalua.exe -a C:\Users\nti\Downloads\ME2_NormandyCrash.exe -d C:\Users\nti\Downloads
Task: {0CA13DAC-DBF5-4080-8DB8-A279C21A3E01} - System32\Tasks\AdobeAAMUpdater-1.0-NTI-dator-Felix => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {158DEA0F-CDE8-47E4-8AB9-F2CEB40B1673} - System32\Tasks\{D274C665-9A12-436E-8CBD-06F56295947B} => pcalua.exe -a C:\Users\nti\Downloads\setup.exe -d C:\Users\nti\Downloads
Task: {3D70295C-55E2-4AFA-BA35-31168BDFA1FA} - System32\Tasks\{84EA9632-0611-4092-A4E9-52BC16EB87BE} => pcalua.exe -a C:\Users\nti\Downloads\vcredist_x86.exe -d C:\Users\nti\Downloads
Task: {4D866A0E-18A4-44C1-868C-723A15652E96} - System32\Tasks\{C8F97714-0692-42BB-BFBA-D64D820BE6CA} => pcalua.exe -a C:\Users\nti\Downloads\ME2_CerberusWpnArmor.exe -d C:\Users\nti\Downloads
Task: {4F6A0D54-C9DB-478D-862C-48425758C110} - System32\Tasks\{71B0F824-6823-4055-91FA-57813216B98E} => pcalua.exe -a C:\Users\nti\Downloads\ME2_CerberusArc.exe -d C:\Users\nti\Downloads
Task: {52D51A5D-776B-4FD9-A11F-85FE1F51DA0B} - System32\Tasks\AdobeAAMUpdater-1.0-NTI-dator-nti => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {5BF059A5-2D0B-49AF-ADD0-BEE074CD2C8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6A1D6700-030E-4AD1-B1C2-6C5969AA5E3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {79B3AAB4-85F2-41BC-BADF-A442C659AAC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-23] (Google Inc.)
Task: {8548D1CE-2503-415B-8CBB-853F1C724333} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {934FC284-895D-49E6-8894-41D0AC2BD193} - System32\Tasks\AdobeAAMUpdater-1.0-NTI-dator-ntiadmin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {985FA4CF-451D-466D-BFAD-5B8C93C5B7C8} - System32\Tasks\{0EC49F64-C137-4755-84B0-FA007F378725} => pcalua.exe -a "C:\Program Files (x86)\F-Secure\Uninstall\fsuninst.exe" -c /UninstRegKey:"F-Secure Anti-Virus"
Task: {A5396966-ABDD-4F02-9DA9-CA8073D6843C} - System32\Tasks\{02160D40-51EC-4F6F-8047-8A5BC8EF3844} => pcalua.exe -a C:\Users\nti\Downloads\ME2_Hammerhead.exe -d C:\Users\nti\Downloads
Task: {A8A31DDC-5CC2-45A7-8FA7-38951BF69DC0} - System32\Tasks\{1DE8FE3D-7E6D-4CDB-8097-A3A2A3A55A13} => pcalua.exe -a C:\Users\nti\Downloads\ME2_Incisor.exe -d C:\Users\nti\Downloads
Task: {A8AF2A15-97FC-4716-9107-C7EB65AEF826} - System32\Tasks\{31613015-DD5F-483F-A95D-B9C4904F9A56} => pcalua.exe -a C:\Users\nti\Downloads\ME2_Zaeed.exe -d C:\Users\nti\Downloads
Task: {B4395643-F77E-4BF8-90D3-1E8429660517} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
Task: {B538E3AD-B9BA-436E-9712-9AD19792898F} - System32\Tasks\{B673286B-6B21-43D1-9227-2F9388577B93} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/217750
Task: {E92BA92E-9B03-4360-B810-12277887DB42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F9EC26B2-EAE6-4CAB-ACA2-A939F7E0BAC6} - System32\Tasks\{F5E4565A-02C3-4DE1-A645-7446CDF89690} => pcalua.exe -a C:\Users\nti\Downloads\ME2_Collectors.exe -d C:\Users\nti\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-05-18 16:43 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-05-07 20:50 - 2015-05-11 17:43 - 00115568 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-05-13 20:50 - 2015-05-05 05:19 - 26787144 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\nti\Downloads\Retur.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4178830230-840208190-3737897398-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nti\AppData\Local\Temp\BGInfo.bmp
DNS Servers: 83.255.245.11 - 193.150.193.150

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Atheros Bt&Wlan Coex Agent => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: F-Secure Gatekeeper Handler Starter => 2
MSCONFIG\Services: F-Secure Network Request Broker => 3
MSCONFIG\Services: FSDFWD => 3
MSCONFIG\Services: FSMA => 2
MSCONFIG\Services: FSORSPClient => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpHotkeyMonitor => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: Tieto Component Manager Service => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\Services: WMCoreService => 2
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ESO Survey Live.lnk => C:\Windows\pss\ESO Survey Live.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SteelSeries Engine 3.lnk => C:\Windows\pss\SteelSeries Engine 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^nti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^nti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup
MSCONFIG\startupreg: Maintance => "C:\Program Files\\net1.exe" windowsStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\nti\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bginfo => "C:\Program Files (x86)\BgInfo\Bginfo.exe" "C:\Program Files (x86)\BgInfo\myconfig.bgi" /accepteula /timer:0
MSCONFIG\startupreg: F-Secure Manager => "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
MSCONFIG\startupreg: F-Secure TNB => "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: Pokki => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\nti\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\nti\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SteelSeries Engine => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: Wipe Maintance => "C:\Program Files\Wipe\net1.exe" windowsStartup
MSCONFIG\startupreg: Zemana AntiMalware => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{49A8C946-AE26-4647-9043-58EACFC77D0D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{1C0164B7-7C5B-4F9A-87D7-AA69EA012066}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [{A4E9060E-2257-40A0-B0CC-A385A6C5F028}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{AFBF3EBC-03FA-4B15-9A8B-C37DC29CB61C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
FirewallRules: [{5C16587E-3365-49A6-9F61-30A412CE853E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4E58BF09-B72D-4832-9CE5-E8E2C588C4B1}] => (Allow) C:\Users\nti\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{EF2B13DA-1249-4FFF-841D-239E75BD1EA5}] => (Allow) C:\Users\nti\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{79055530-C0A3-45D1-8C9A-C5A300456BDB}] => (Allow) C:\Users\nti\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{D49A06EC-33A5-4F03-894B-7DB4269EAD2D}] => (Allow) C:\Users\nti\AppData\Roaming\Spotify\spotify.exe
FirewallRules: [{5C4EED37-552B-4C6E-9015-58AC2CA2625B}] => (Allow) C:\Users\nti\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E1EABB2-3DBF-4C3A-87A1-6DCF79114804}] => (Allow) C:\Users\nti\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DAF50C09-F2D6-49DF-A31C-061A53126A09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3C908799-5EB7-406B-B1DE-E6D00016393C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{62679625-0F16-4359-B5C7-AE7D383D6836}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{917DA042-E4B1-4E99-B2D8-1C9A098FA646}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{DB026486-F254-479F-9388-41A07AE85ABC}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{3AA52EB1-28B7-4BDC-B434-46C13F2EF92B}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{BAC3F108-B58F-4B54-8260-9824B1FEBF98}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{BF26C011-7982-4FB1-94BC-4A625836C9F7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alan Wake\AlanWake.exe
FirewallRules: [{C7FC86CD-792A-445A-8C0C-2183664D7F80}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{203B0FD0-4283-4FBE-8597-F9B8BBD7A508}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{3D8173EA-7365-498B-BF28-4888BB327039}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{66118D96-D088-49E8-B727-9D5D722F4F59}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{57443F6A-541D-4E7B-AC3E-C8AFAEA255FF}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{DCD07ADF-FFD1-4A7F-B5E0-B2BE35839F24}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{68EF7421-BB11-4BD9-B017-E9EA6ED5A348}] => (Allow) C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe
FirewallRules: [{44A5CD53-8A61-4BE5-B3E3-6CAF93E2222D}] => (Allow) C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Bin\XnaLiveProxy.exe
FirewallRules: [{95A1009F-3877-4F8D-8DD0-5F7211ABA22D}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{4C4CED14-37A3-41E3-A0B6-583C15CCCCDF}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\lotroclient.exe
FirewallRules: [{A3DCF592-B5C8-4B51-9654-F3EB82FEC0B0}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{08413759-87A8-4AEA-9B05-B8D9D98EF72D}] => (Allow) C:\ProgramData\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
FirewallRules: [{D3B2E16D-563E-4FF5-BB7E-67657C9F0888}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{179AFB3C-5C62-43CF-9B03-7586F09DE33A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7A6EECE9-84F8-4A26-A759-DD66612DF8AE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{CA7E79AD-D8B0-4658-8DFE-6895B0AD5AC2}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FEF89924-C18E-465D-A421-1575201968EE}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{CA43DA43-51D6-43F9-B2D9-8F483C1BF768}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{1A7BA246-4B53-44CA-90EE-55B81B2DEE3F}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{D49A6623-0828-4942-AF28-3AB795D091EF}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\launcher.exe
FirewallRules: [{6E7730A9-8F54-4AF9-A443-12C203E1BBE1}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x64.exe
FirewallRules: [{E3046CF1-A5BA-4633-8C7C-0EA2BEBC9545}] => (Allow) C:\Program Files (x86)\Dragon's Prophet\dp_x86.exe
FirewallRules: [{A50818A7-0B7A-487F-8D9D-BEC8C9AE4F2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAEBCEEF-F96A-4D01-A14F-B09DF50FFEDA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C254EFB1-3867-44BA-8285-6504B6C7F1A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69B898D9-D7B6-4A61-83A8-CCAF3973FE23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2B584CD2-04EA-49B6-825D-6F42BA91624A}C:\users\nti\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nti\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CAC1688-B263-4E62-B741-17486E58AB3F}C:\users\nti\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nti\appdata\local\akamai\netsession_win.exe
FirewallRules: [{68A73CA8-64BD-4753-96C8-9662A53CFC2F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{DE5C9767-EE73-4BD2-B88E-C1FA4F30B7FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{83CFA9BB-15BA-441E-866D-D22C4618CC14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{E8FF30D4-90FE-43CE-B6D8-EB22D7B6B962}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{95583B54-93D1-4492-B833-6069D5E0288D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{76DE880C-AD8B-4D82-A7BB-4ACBCCED2B6F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9B5B1F0C-8DE0-4DB5-825A-BAEDD912D430}C:\users\nti\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nti\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{BF1D32E0-6350-4020-9DF1-4C8E93D9B4DD}C:\users\nti\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\nti\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C175FEF7-D8E8-4538-B79D-60FA56629D4B}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
FirewallRules: [{C3C2BA17-888C-48F3-A29A-46B44411B79F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{9C6740F0-3699-4BC9-8986-80166F35BCFF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{36BA96A6-B56C-4890-A083-3CCB21638CFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{4631BE30-B749-4F0B-8E7A-782FDB525638}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{0DE4B86B-EBEE-437C-80AA-55B9C03B427C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C92CE03D-B78D-49A0-9FF9-3E0F9BC1665F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CFB6A9EC-C219-4776-AA8A-6EE2A721EF99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{C5747E76-8FEA-4C80-A4EE-0570FBF4C683}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FA6AE779-C0CF-4351-A26F-E89A313859E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{192C22F3-EF5B-4E8B-900F-598EE720EA1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{76CA844A-FBEF-4DAB-A7B9-BBEBC0B9048F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BC9A8A4A-F1C8-48E1-A078-A31162B495B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{D373F1E7-247E-4122-A977-FCF47417E95E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{1A078FBB-9CC3-487D-8934-7FFB18FB8B44}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{D825F006-2627-4014-BB86-B54E2F60465C}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2C5E6B39-F4A8-40B4-91C0-699F9650367F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{814F3115-5F74-4792-843A-AA50F8C7A4FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8D76E8A9-753A-4255-BCAB-001347665F74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E70522C3-5F72-40BF-AAC3-BE694FBDFEC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C0538E04-CAF8-466E-972A-BC90082D6882}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB25E6AE-2E80-4FCC-AF1C-E87C28EE2208}] => (Allow) LPort=1061
FirewallRules: [{19EF5EBE-1E87-4C18-BB42-FEBF4ED84B72}] => (Allow) LPort=5000
FirewallRules: [{7D25CEED-70C7-4413-BE00-B3BB78FB66B6}] => (Allow) LPort=1061
FirewallRules: [{B78EA839-7F9A-413B-8FD7-7CE04118BE31}] => (Allow) LPort=5000
FirewallRules: [{6146DBE0-7A8C-4A51-AA63-36967B445C19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{33BF1E89-4029-4918-8367-D67B75E467ED}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Standard VGA-bildskärmskort
Description: Standard VGA-bildskärmskort
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardbildskärmstyper)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 00:54:46 PM) (Source: MsiInstaller) (EventID: 1024) (User: NTI-dator)
Description: Produkt: Adobe Reader XI (11.0.10) - Svenska - Uppdateringen {AC76BA86-7AD7-0000-2550-7A8C40011011} kunde inte installeras. Felkod: 1625. Windows Installer kan skapa loggar som kan göra det enklare att felsöka installationsfel. Information om hur du kan göra detta finns på följande URL: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Det gick inte att hämta registerinfo om prestandaräknare för WSearchIdxPi för instansen på grund av följande fel: Åtgärden har slutförts. 0x0.

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Det går inte att initiera prestandaövervakning för insamlingsobjektet eftersom räknarna inte har lästs in eller det delade minnesobjektet inte går att öppna. Detta påverkar endast tillgängligheten för prestandaräknarna. Starta om datorn.

Kontext: program , katalog SystemIndex

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Det går inte att initiera prestandaövervakning för insamlingstjänsten eftersom räknarna inte har lästs in eller det delade minnesobjektet inte går att öppna. Detta påverkar endast tillgängligheten för prestandaräknarna. Starta om datorn.

Error: (05/14/2015 00:32:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: svchost.exe_DiagTrack, version 6.1.7600.16385, tidsstämpel 0x4a5bc3c1
, felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.18839, tidsstämpel 0x553e8bfa
Undantagskod: 0xc000000d
Felförskjutning: 0x000000000006ec12
Process-ID: 0x69c
Programmets starttid: 0xsvchost.exe_DiagTrack0
Sökväg till program: svchost.exe_DiagTrack1
Sökväg till modul: svchost.exe_DiagTrack2
Rapport-ID: svchost.exe_DiagTrack3

Error: (05/14/2015 10:23:09 AM) (Source: MsiInstaller) (EventID: 1024) (User: NTI-dator)
Description: Produkt: Adobe Reader XI (11.0.10) - Svenska - Uppdateringen {AC76BA86-7AD7-0000-2550-7A8C40011011} kunde inte installeras. Felkod: 1625. Windows Installer kan skapa loggar som kan göra det enklare att felsöka installationsfel. Information om hur du kan göra detta finns på följande URL: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/14/2015 10:22:59 AM) (Source: usbperf) (EventID: 2001) (User: )
Description: Det gick inte att läsa värdet för First Counter-värdet under usbperf\Performance-nyckeln. Statuskoden returneras med data.

Error: (05/14/2015 10:01:53 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Det gick inte att hämta registerinfo om prestandaräknare för WSearchIdxPi för instansen på grund av följande fel: Åtgärden har slutförts. 0x0.

Error: (05/14/2015 10:01:51 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Det går inte att initiera prestandaövervakning för insamlingsobjektet eftersom räknarna inte har lästs in eller det delade minnesobjektet inte går att öppna. Detta påverkar endast tillgängligheten för prestandaräknarna. Starta om datorn.

Kontext: program , katalog SystemIndex

Error: (05/14/2015 10:01:50 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Det går inte att initiera prestandaövervakning för insamlingstjänsten eftersom räknarna inte har lästs in eller det delade minnesobjektet inte går att öppna. Detta påverkar endast tillgängligheten för prestandaräknarna. Starta om datorn.


System errors:
=============
Error: (05/14/2015 00:42:15 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Den här datorn är konfigurerad som medlem i en arbetsgrupp,
och inte som medlem i en domän. Tjänsten Netlogon behöver inte vara igång
i den här konfigurationen.

Error: (05/14/2015 00:32:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Diagnostics Tracking Service avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (05/14/2015 10:13:52 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureCommand med följande fel:
%%5.

Error: (05/14/2015 10:13:04 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel:
%%5.

Error: (05/14/2015 10:01:36 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Den här datorn är konfigurerad som medlem i en arbetsgrupp,
och inte som medlem i en domän. Tjänsten Netlogon behöver inte vara igång
i den här konfigurationen.

Error: (05/13/2015 11:50:13 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Den här datorn är konfigurerad som medlem i en arbetsgrupp,
och inte som medlem i en domän. Tjänsten Netlogon behöver inte vara igång
i den här konfigurationen.

Error: (05/13/2015 11:46:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Diagnostics Tracking Service avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (05/13/2015 11:40:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Tjänsten Windows Update stannade under start.

Error: (05/13/2015 11:38:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för Start med följande fel:
%%5.

Error: (05/13/2015 11:35:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (05/14/2015 00:54:46 PM) (Source: MsiInstaller) (EventID: 1024) (User: NTI-dator)
Description: Adobe Reader XI (11.0.10) - Svenska{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiÅtgärden har slutförts. 0x0

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: program , katalog SystemIndex

Error: (05/14/2015 00:42:17 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:

Error: (05/14/2015 00:32:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DiagTrack6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18839553e8bfac000000d000000000006ec1269c01d08e1c339abaf4C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll83080460-fa24-11e4-87d7-68a3c4843a5a

Error: (05/14/2015 10:23:09 AM) (Source: MsiInstaller) (EventID: 1024) (User: NTI-dator)
Description: Adobe Reader XI (11.0.10) - Svenska{AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/14/2015 10:22:59 AM) (Source: usbperf) (EventID: 2001) (User: )
Description:

Error: (05/14/2015 10:01:53 AM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiÅtgärden har slutförts. 0x0

Error: (05/14/2015 10:01:51 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Kontext: program , katalog SystemIndex

Error: (05/14/2015 10:01:50 AM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 63%
Total physical RAM: 4030.36 MB
Available physical RAM: 1452.79 MB
Total Pagefile: 8058.93 MB
Available Pagefile: 5083.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 26 May 2015 - 09:57 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 19 May 2015 - 06:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576142 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 26 May 2015 - 10:03 AM

Greetings Sobotka and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and do this.

Do you recognize this?

C:\Users\nti\AppData\Local\PMB Files.聰an


===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
FF Plugin HKU\S-1-5-21-4178830230-840208190-3737897398-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Extension: No Name - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [Not Found]
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\rundll16.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo1_.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo_1.exe
2015-05-06 22:21 - 2015-05-06 22:21 - 00000029 _____ () C:\Windows\Lic.xxx
C:\Users\nti\AppData\Local\Temp\sfamcc00001.dll
C:\Users\nti\AppData\Local\Temp\sfextra.dll
C:\Users\ntiadmin\AppData\Local\Temp\InstallAX.exe
C:\Users\ntiadmin\AppData\Local\Temp\InstallPlugin.exe
CustomCLSID: HKU\S-1-5-21-4178830230-840208190-3737897398-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
Folder: C:\Users\nti\AppData\Roaming\ZHP.$quar
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Sobotka

Sobotka
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 26 May 2015 - 12:02 PM

Hello, Gary! As you can probably tell from reading the logs I posted, my name is Felix, and you are free to call me that if you want.

 

Thank you for responding to my topic, I will do my best to help you help me. I may not be very knowledgable, but I will make sure to check my mail regularly for a response from you and perform the tasks you issue me as soon as I can.

 

I do not recognise C:\Users\nti\AppData\Local\PMB Files.聰an, should I?

 

I did as you said and removed uTorrent, I haven't even used it in a long time. 

 

I noticed something while waiting for your reply, my computer seems to be charging extremely slowly, and I can no longer use it without the cable connected. Hovering over the battery icon it says (directly translated from swedish, it may not be what it actually says in english) "Connected but not charging". It acts pretty much like a desktop would, shutting off if I disconnect it and pressing the power button then does nothing.

 

When attempting to attatch Summary.rar I get an error. Is it not supposed to be .rar?

 

  • Summary.rar

    You aren't permitted to upload this kind of file

Error You aren't permitted to upload this kind of file

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Felix at 2015-05-26 18:11:12 Run:1
Running from C:\Users\nti\Desktop
Loaded Profiles: Felix (Available Profiles: ntiadmin & Felix)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found
FF Plugin HKU\S-1-5-21-4178830230-840208190-3737897398-1001: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Extension: No Name - C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [Not Found]
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\rundll16.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo1_.exe
2015-05-06 22:28 - 2015-05-06 22:28 - 00000000 ____D () C:\Windows\logo_1.exe
2015-05-06 22:21 - 2015-05-06 22:21 - 00000029 _____ () C:\Windows\Lic.xxx
C:\Users\nti\AppData\Local\Temp\sfamcc00001.dll
C:\Users\nti\AppData\Local\Temp\sfextra.dll
C:\Users\ntiadmin\AppData\Local\Temp\InstallAX.exe
C:\Users\ntiadmin\AppData\Local\Temp\InstallPlugin.exe
CustomCLSID: HKU\S-1-5-21-4178830230-840208190-3737897398-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
Folder: C:\Users\nti\AppData\Roaming\ZHP.$quar
*****************
 
HKU\S-1-5-21-4178830230-840208190-3737897398-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value Removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-4178830230-840208190-3737897398-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
Winsock: Catalog entry 000000000008 => Removed successfully
Winsock: Catalog entry 000000000009 => Removed successfully
Winsock: Catalog entry 000000000008 => Removed successfully
Winsock: Catalog entry 000000000009 => Removed successfully
"HKU\S-1-5-21-4178830230-840208190-3737897398-1001\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0" => key Removed successfully
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
C:\Users\nti\AppData\Roaming\Mozilla\Firefox\Profiles\9oad45zq.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} not found.
C:\Windows\VDLL.DLL => Moved successfully.
C:\Windows\SysWOW64\runouce.exe => Moved successfully.
C:\Windows\rundll16.exe => Moved successfully.
C:\Windows\RUNDL132.EXE => Moved successfully.
C:\Windows\logo1_.exe => Moved successfully.
C:\Windows\logo_1.exe => Moved successfully.
C:\Windows\Lic.xxx => Moved successfully.
"C:\Users\nti\AppData\Local\Temp\sfamcc00001.dll" => File/Folder not found.
"C:\Users\nti\AppData\Local\Temp\sfextra.dll" => File/Folder not found.
C:\Users\ntiadmin\AppData\Local\Temp\InstallAX.exe => Moved successfully.
C:\Users\ntiadmin\AppData\Local\Temp\InstallPlugin.exe => Moved successfully.
"HKU\S-1-5-21-4178830230-840208190-3737897398-1001_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}" => key Removed successfully
 
========================= Folder: C:\Users\nti\AppData\Roaming\ZHP.$quar ========================
 
2015-04-13 19:56 - 2015-04-14 14:25 - 0017542 ____R () C:\Users\nti\AppData\Roaming\ZHP.$quar\Quarantine
 
====== End of Folder: ======
 
 
==== End of Fixlog 18:11:16 ====

Edited by Sobotka, 26 May 2015 - 12:06 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 26 May 2015 - 12:14 PM

Greetings Felix,

We can take a look at the charging situation when we finish cleaning your computer but since I am not a hardware expert I may be referring you to the Hardware Forum for troubleshooting.

No, you shouldn't recognize that entry. I wanted to make sure it was foreign to you before deleting it.

Please be sure to attach the System Summary report requested in my previous post and do this now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2014-06-21 12:22 - 2014-08-03 14:41 - 0000782 _____ () C:\Users\nti\AppData\Local\PMB Files.聰an
2015-05-07 22:15 - 2015-05-11 20:51 - 00000000 ____D () C:\Users\nti\AppData\Roaming\ZHP.$quar
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance, especially CPU usage
  • Attached System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Sobotka

Sobotka
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 26 May 2015 - 12:58 PM

  Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015

Ran by Felix at 2015-05-26 19:50:19 Run:2
Running from C:\Users\nti\Desktop
Loaded Profiles: Felix (Available Profiles: ntiadmin & Felix)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
2014-06-21 12:22 - 2014-08-03 14:41 - 0000782 _____ () C:\Users\nti\AppData\Local\PMB Files.?an
2015-05-07 22:15 - 2015-05-11 20:51 - 00000000 ____D () C:\Users\nti\AppData\Roaming\ZHP.$quar
*****************
 
Could not move "C:\Users\nti\AppData\Local\PMB Files.?an" => Scheduled to move on reboot.
C:\Users\nti\AppData\Roaming\ZHP.$quar => Moved successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-26 19:53:08)<=
 
"C:\Users\nti\AppData\Local\PMB Files.?an" => Could not move
 
==== End of Fixlog 19:53:08 ====

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 26 May 2015 - 01:03 PM

Hi Felix,

I am ending for the evening but wanted to leave you with this. After you do this repeat the previous Fixlist step and post the results. I will check your reply first thing in the morning.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Users\nti\AppData\Local\PMB Files.聰an

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Sobotka

Sobotka
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 26 May 2015 - 01:15 PM

GrantPerms by Farbar 
Ran by Felix (administrator) at 2015-05-26 20:12:06
 
===============================================
ERROR: Parsing the SD of <\\?\C:\Users\nti\AppData\Local\PMB Files.?an> failed with: Felaktig syntax för filnamn, katalognamn eller volymetikett.
 
 
Operating system error message: Felaktig syntax för filnamn, katalognamn eller volymetikett.
 
================ End Of List ================


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 27 May 2015 - 01:05 AM

Using Windows Explorer see if you can navigate to the below file, right click on it and select Delete. It is possible the strange character may look like something else through Windows Explorer. When translated from Chinese to English the character is "Clever" although it may not show that word.

C:\Users\nti\AppData\Local\PMB Files.聰an


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Sobotka

Sobotka
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 27 May 2015 - 01:14 PM

Done.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 27 May 2015 - 10:54 PM

Excellent work, thank you. :thumbsup2:

Just out of curiosity, did the file have the special character when you located it through Windows Explorer?

Please do this now.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log
  • Update on computer performance, especially CPU usage

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Sobotka

Sobotka
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 30 May 2015 - 02:49 AM

Hello again, sorry for not replying. The special character looked like the one you linked here on the forums.

 

After much thought, I came to the conclusion that it was high time for me to buy a new computer, mostly because old one wasn't good enough for the things I want to do. I very much appreciate all the help you have given me and the time you have invested in me. 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 30 May 2015 - 05:12 AM

Sounds good Felix, thank you for letting me know. I will leave you with some information to review in case you are interested.

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:41 AM

Posted 30 May 2015 - 05:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users