Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and for a short time it shows total ad performance , HELP


  • This topic is locked This topic is locked
8 replies to this topic

#1 joe76

joe76

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 01 July 2015 - 10:18 AM

Hi,

My problem is when I surf trough the web sometimes it pop ups a new tab in chrome where it shows a ad, and for a short time I can see in the search bar a adress with total ad performance at the beginning. I crated a scan log with farbar recovery scan tool, here is the log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Johannes (administrator) on JOHANNES-TOWER on 01-07-2015 16:55:22
Running from C:\Users\Johannes\Downloads
Loaded Profiles: Johannes (Available Profiles: Johannes)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\System\cm106eye.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\puush\puush.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.86.89.0\OverwolfHelper64.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.86.89.0\Purplizer\Purplizer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Johannes\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\0.86.89.0\OverwolfBrowser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [Cm106Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590656 2015-05-15] (Razer Inc.)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [Spotify Web Helper] => C:\Users\Johannes\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [Spotify] => C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe [7415864 2015-06-17] (Spotify Ltd)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [GoogleChromeAutoLaunch_3E2C5043558CDB62EFA406FBD44692A5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-12] ()
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7457336 2015-05-29] (GOG.com)
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [41200 2015-06-21] (Overwolf LTD)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
HKU\S-1-5-21-3956501921-1545536216-2601806419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Johannes\AppData\Local\PriceFountain\PriceFountainIE.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-30] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-03-30] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{2ED3154D-AFF1-41F1-95AC-FE6F2E5A6CC2}: [DhcpNameServer] 10.0.0.138 10.0.0.138
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-30] (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-03-30] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3956501921-1545536216-2601806419-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Johannes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-14]
CHR Extension: (HD for YouTube™) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2015-03-14]
CHR Extension: (Google Docs) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-14]
CHR Extension: (Google Drive) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-14]
CHR Extension: (Please enter your password) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-03-14]
CHR Extension: (Poper Blocker) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2015-03-14]
CHR Extension: (YouTube) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-14]
CHR Extension: (Google Search) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-14]
CHR Extension: (Google Sheets) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-14]
CHR Extension: (Adblock Super) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-03-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Favorite Doodle) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-14]
CHR Extension: (MegaStar Sliding) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaogkfljpdfmodbmbogiiblppijleen [2015-03-14]
CHR Extension: (Gmail) - C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1060352 2015-06-22] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-29] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-06-20] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62784 2015-03-11] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1000688 2015-06-21] (Overwolf LTD)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-18] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-06-11] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-04-20] (Disc Soft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 USBMULCD; C:\Windows\system32\drivers\CM10664.sys [4120576 2014-04-02] (C-Media Electronics Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 16:55 - 2015-07-01 16:55 - 00027269 _____ C:\Users\Johannes\Downloads\FRST.txt
2015-07-01 16:54 - 2015-07-01 16:55 - 00000000 ____D C:\FRST
2015-07-01 16:50 - 2015-07-01 16:50 - 02112512 _____ (Farbar) C:\Users\Johannes\Downloads\FRST64.exe
2015-07-01 15:32 - 2015-03-14 19:20 - 00000979 _____ C:\Users\Johannes\Desktop\Steam.lnk
2015-06-28 09:17 - 2015-06-28 09:17 - 00002179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-28 09:15 - 2015-06-28 09:15 - 00931408 _____ (Google Inc.) C:\Users\Johannes\Downloads\GoogleEarthSetup.exe
2015-06-27 22:11 - 2015-06-27 22:12 - 22291991 _____ C:\Users\Johannes\Downloads\KAX_v2.5.1.zip
2015-06-26 21:29 - 2015-07-01 16:04 - 00000000 ____D C:\Users\Johannes\AppData\Local\Purplizer
2015-06-26 21:28 - 2015-06-30 14:20 - 00000000 ____D C:\Program Files (x86)\Overwolf
2015-06-26 21:28 - 2015-06-26 21:29 - 00000000 ____D C:\ProgramData\Overwolf
2015-06-26 21:28 - 2015-06-26 21:28 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2015-06-26 21:28 - 2015-06-26 21:28 - 00001990 _____ C:\Users\Public\Desktop\Overwolf.lnk
2015-06-26 21:28 - 2015-06-26 21:28 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2015-06-26 21:27 - 2015-07-01 15:07 - 00000000 ____D C:\Users\Johannes\AppData\Local\Overwolf
2015-06-26 21:27 - 2015-06-26 21:27 - 01600240 _____ (Overwolf) C:\Users\Johannes\Downloads\OverwolfInstaller.exe
2015-06-24 20:28 - 2015-06-24 20:28 - 00461428 _____ C:\Users\Johannes\Downloads\PPv0.98r.rar
2015-06-23 17:27 - 2015-06-17 08:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-23 17:25 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-23 17:25 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-23 17:25 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-23 17:25 - 2015-06-17 11:10 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-06-23 16:02 - 2015-06-23 16:02 - 00000000 ____D C:\Users\Johannes\AppData\Local\UnrealEngineLauncher
2015-06-23 15:56 - 2015-06-23 15:56 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\java
2015-06-23 15:56 - 2015-06-23 15:56 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\.minecraft
2015-06-20 14:33 - 2015-06-20 14:33 - 00000000 ____D C:\Users\Johannes\Documents\EA Games
2015-06-20 13:27 - 2015-06-20 13:27 - 00000000 ____D C:\Users\Johannes\Documents\Square Enix
2015-06-20 12:27 - 2015-06-20 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher® 3 - Wild Hunt [GOG.com]
2015-06-19 18:32 - 2015-06-19 18:32 - 00000027 _____ C:\Users\Johannes\Desktop\config.txt
2015-06-18 15:23 - 2015-06-18 15:23 - 00000000 ____D C:\Users\Johannes\AppData\Local\ESN
2015-06-18 14:58 - 2015-06-18 14:58 - 00000000 ____D C:\NVIDIA
2015-06-17 14:27 - 2015-06-17 14:27 - 00000000 ____D C:\Users\Johannes\Desktop\intel
2015-06-17 14:23 - 2015-06-17 14:23 - 00000000 ____D C:\Users\Johannes\AppData\Local\Intel
2015-06-17 14:23 - 2015-06-17 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-06-17 14:23 - 2015-06-17 14:23 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-06-17 13:37 - 2015-06-17 13:41 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\BetterBudgetMod
2015-06-16 19:42 - 2015-06-16 19:42 - 00000000 ____D C:\Users\Johannes\Documents\TrialsFusion
2015-06-16 15:59 - 2015-06-16 16:27 - 00000000 ____D C:\Users\Johannes\AppData\Local\Ori and the Blind Forest
2015-06-13 08:14 - 2015-06-13 08:14 - 00000000 ____D C:\Users\Johannes\Documents\MeinSpore-Kreationen
2015-06-13 08:14 - 2015-06-13 08:14 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Spore
2015-06-13 07:47 - 2015-06-13 07:47 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Rogue Legacy
2015-06-13 01:30 - 2015-06-13 01:30 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\LolClient
2015-06-13 00:57 - 2015-06-13 00:57 - 00000000 ____D C:\ProgramData\Riot Games
2015-06-12 14:57 - 2015-06-12 14:57 - 00000195 _____ C:\Users\Johannes\Desktop\Hotline Miami.url
2015-06-11 23:35 - 2015-06-11 23:35 - 00669184 _____ C:\Windows\SysWOW64\pbsvc.exe
2015-06-11 23:35 - 2015-06-11 23:35 - 00000774 _____ C:\Users\Public\Desktop\Crysis.lnk
2015-06-11 23:35 - 2015-06-11 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis
2015-06-11 23:11 - 2015-06-11 23:11 - 00000000 ____D C:\Users\Johannes\AppData\Local\next car game technology sneak peek
2015-06-11 22:49 - 2015-06-11 22:49 - 00000222 _____ C:\Users\Johannes\Desktop\NARUTO SHIPPUDEN Ultimate Ninja STORM Revolution.url
2015-06-11 14:39 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 14:39 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-11 14:39 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 14:39 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 14:39 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-11 14:39 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-11 14:39 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 14:39 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 14:39 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-11 14:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-11 14:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-11 14:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-11 14:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-11 14:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-11 14:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-11 14:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-11 14:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-11 14:38 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-11 14:38 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-11 14:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-11 14:38 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-11 14:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-11 14:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-11 14:38 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-11 14:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-11 14:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-11 14:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-11 14:38 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 14:38 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 14:38 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 14:38 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 14:38 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 14:38 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 14:38 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 14:38 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 14:38 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-11 14:38 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 14:38 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-11 14:38 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-11 14:38 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 14:38 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 14:38 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 14:38 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 14:38 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 14:38 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-11 14:38 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 14:38 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-11 14:38 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 22:32 - 2015-06-10 22:36 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Notepad++
2015-06-10 22:32 - 2015-06-10 22:32 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-10 22:32 - 2015-06-10 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-06-10 22:32 - 2015-06-10 22:32 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-06-09 16:12 - 2015-06-09 16:12 - 00000222 _____ C:\Users\Johannes\Desktop\GamersGoMakers.url
2015-06-09 15:55 - 2015-06-09 15:55 - 00000000 ____D C:\Users\Johannes\AppData\Local\SKIDROW
2015-06-09 15:01 - 2015-06-09 15:01 - 00000222 _____ C:\Users\Johannes\Desktop\Audiosurf 2.url
2015-06-08 18:25 - 2015-06-08 18:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2015-06-08 18:25 - 2015-06-08 18:25 - 00002037 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2015-06-08 18:25 - 2015-06-08 18:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-08 18:25 - 2015-06-08 18:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-07 20:34 - 2015-06-07 20:34 - 00000000 ____D C:\ProgramData\ROCCAT
2015-06-07 20:34 - 2015-06-07 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2015-06-07 20:34 - 2015-06-07 20:34 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2015-06-06 20:44 - 2015-06-06 20:44 - 00000000 ____D C:\Users\Johannes\Documents\Ubisoft
2015-06-05 10:07 - 2015-06-05 10:07 - 00000295 _____ C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2015-06-04 18:35 - 2015-06-04 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2015-06-04 15:02 - 2015-06-04 15:02 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\New Technology Studio
2015-06-04 15:02 - 2015-06-04 15:02 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2015-06-04 15:02 - 2015-06-04 15:02 - 00000000 ____D C:\Users\Johannes\AppData\Local\New Technology Studio
2015-06-03 19:55 - 2015-06-03 19:55 - 00000000 ____D C:\Users\Johannes\AppData\Local\CrashRpt
2015-06-01 18:00 - 2015-06-01 18:00 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-01 16:57 - 2015-06-01 16:57 - 00000000 ____D C:\Users\Johannes\Documents\VideoPad Projects
2015-06-01 14:46 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-01 14:46 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-01 14:46 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-01 14:46 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-01 14:46 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-01 14:46 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-01 14:46 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-01 14:46 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-01 14:46 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-01 14:46 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-01 14:46 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-01 14:46 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-01 14:46 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-01 14:46 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-01 14:46 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-01 14:46 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-01 14:46 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-01 14:46 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-01 14:46 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-01 14:46 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-01 14:46 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-01 14:46 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-01 14:46 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-01 14:46 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-01 14:46 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-01 14:46 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-01 14:46 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-01 14:46 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-01 14:43 - 2015-06-01 14:43 - 00000000 ____D C:\Users\Johannes\AppData\Local\GWX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 16:26 - 2015-03-14 19:16 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 16:02 - 2015-05-02 10:45 - 00044353 _____ C:\Windows\SysWOW64\Gms.log
2015-07-01 16:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-01 15:59 - 2015-03-14 19:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-01 15:42 - 2015-03-14 19:45 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Spotify
2015-07-01 15:28 - 2015-05-03 21:15 - 00005170 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JOHANNES-TOWER-Johannes JOHANNES-TOWER
2015-07-01 15:07 - 2015-05-02 00:11 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2015-07-01 15:07 - 2015-03-18 17:23 - 00000000 ___DO C:\Users\Johannes\OneDrive
2015-07-01 15:07 - 2015-03-14 19:47 - 00000000 ____D C:\Users\Johannes\AppData\Local\Spotify
2015-07-01 15:07 - 2015-03-14 19:16 - 00001144 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 15:04 - 2015-03-14 19:08 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-01 15:04 - 2013-08-23 01:24 - 00765378 _____ C:\Windows\system32\perfh007.dat
2015-07-01 15:04 - 2013-08-23 01:24 - 00159696 _____ C:\Windows\system32\perfc007.dat
2015-07-01 14:59 - 2015-04-15 16:13 - 00106874 _____ C:\Windows\setupact.log
2015-07-01 14:59 - 2015-03-14 19:26 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-01 14:59 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 23:33 - 2015-03-14 19:46 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\ClassicShell
2015-06-30 19:38 - 2014-11-12 22:34 - 00000000 ____D C:\Users\Johannes\Documents\Assassin's Creed Unity
2015-06-30 16:53 - 2015-03-14 19:02 - 01895240 _____ C:\Windows\WindowsUpdate.log
2015-06-30 14:32 - 2015-03-20 17:31 - 00000000 ____D C:\Users\Johannes\AppData\Local\LogMeIn Hamachi
2015-06-29 20:16 - 2015-03-14 19:25 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\TS3Client
2015-06-29 20:01 - 2015-03-14 19:09 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3956501921-1545536216-2601806419-1001
2015-06-29 19:36 - 2015-03-14 19:53 - 00001400 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-29 19:36 - 2015-03-14 19:26 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-28 19:59 - 2015-03-19 21:35 - 00000000 ____D C:\Users\Johannes\AppData\Local\Arma 3
2015-06-28 10:21 - 2015-05-23 19:43 - 00000000 ____D C:\Users\Johannes\Documents\The Witcher 3
2015-06-28 10:09 - 2015-05-23 19:43 - 00000000 ____D C:\Users\Johannes\AppData\Local\GalaxyCommunicationService
2015-06-28 09:17 - 2015-03-14 19:16 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-27 18:06 - 2015-04-10 14:28 - 00000000 ____D C:\Users\Johannes\AppData\Local\2K Games
2015-06-27 18:05 - 2015-03-14 20:19 - 00900658 _____ C:\Windows\DirectX.log
2015-06-27 16:18 - 2015-03-15 01:14 - 00000000 ____D C:\ProgramData\Origin
2015-06-27 11:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-24 20:49 - 2015-05-07 19:33 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-24 18:09 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-24 18:09 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-24 13:36 - 2015-03-14 19:52 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 13:36 - 2015-03-14 19:52 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 13:36 - 2015-03-14 19:52 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-24 13:36 - 2015-03-14 19:52 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-23 17:37 - 2015-03-14 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-23 17:36 - 2015-03-14 19:01 - 00037196 _____ C:\Windows\PFRO.log
2015-06-23 17:25 - 2015-05-29 22:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-23 17:25 - 2015-03-20 16:49 - 00000000 __SHD C:\Users\Johannes\AppData\Local\EmieBrowserModeList
2015-06-23 17:25 - 2015-03-18 20:46 - 00000000 __SHD C:\Users\Johannes\AppData\Local\EmieUserList
2015-06-23 17:25 - 2015-03-18 20:46 - 00000000 __SHD C:\Users\Johannes\AppData\Local\EmieSiteList
2015-06-23 16:27 - 2015-03-14 19:02 - 00000000 ____D C:\Users\Johannes
2015-06-23 16:03 - 2015-02-17 17:34 - 00000000 ____D C:\Users\Johannes\Documents\BioWare
2015-06-23 16:02 - 2015-03-14 20:22 - 00000000 ____D C:\ProgramData\Epic
2015-06-23 16:02 - 2015-03-04 01:09 - 00000000 ____D C:\Users\Johannes\Documents\Unreal Projects
2015-06-23 15:45 - 2015-03-14 20:22 - 00000000 ____D C:\Program Files\Epic Games
2015-06-23 14:27 - 2015-03-30 21:43 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 20:27 - 2015-03-14 19:17 - 00002198 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 15:23 - 2014-10-18 01:09 - 00000000 ____D C:\Users\Johannes\Documents\my games
2015-06-21 18:20 - 2015-03-15 19:44 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-21 14:46 - 2015-04-14 06:53 - 00000080 _____ C:\Users\Johannes\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-06-21 14:41 - 2015-04-14 06:52 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-21 14:41 - 2015-04-14 06:52 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-21 12:52 - 2015-03-15 19:44 - 00226680 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-21 11:44 - 2014-10-17 14:53 - 00000000 __RDO C:\Users\Johannes\SkyDrive
2015-06-20 05:02 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-20 01:44 - 2014-10-25 16:11 - 00000000 ____D C:\Users\Johannes\Documents\SavedGames
2015-06-19 22:40 - 2015-04-05 20:57 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-18 16:31 - 2015-04-06 22:52 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-06-17 14:28 - 2015-05-02 00:19 - 00000000 ____D C:\Program Files\Intel
2015-06-17 14:27 - 2015-03-15 07:41 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-17 11:10 - 2015-05-18 14:57 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-17 11:10 - 2015-03-18 20:47 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-17 11:10 - 2015-03-14 19:26 - 00112784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-06-17 11:10 - 2015-03-14 19:26 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-06-17 11:10 - 2015-02-20 02:44 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-17 11:10 - 2015-02-20 02:43 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-17 11:10 - 2015-02-20 02:43 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 11:10 - 2015-02-20 02:43 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-17 11:10 - 2015-02-20 02:43 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 11:10 - 2015-02-20 02:42 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 08:48 - 2015-03-18 20:47 - 01059472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-06-17 08:48 - 2015-03-18 20:47 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-06-17 08:48 - 2015-03-14 19:26 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 08:48 - 2015-03-14 19:26 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 08:48 - 2015-03-14 19:26 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 08:48 - 2015-03-14 19:26 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 08:48 - 2015-03-14 19:26 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 08:48 - 2015-03-14 19:26 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-15 14:07 - 2015-03-17 15:46 - 00000000 ____D C:\Windows\system32\MRT
2015-06-15 14:05 - 2015-03-17 15:46 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 02:31 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-12 15:05 - 2015-04-02 20:07 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-06-12 15:05 - 2015-04-02 20:07 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-06-12 15:05 - 2015-04-02 20:07 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-06-12 15:05 - 2015-04-02 20:07 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-06-11 23:35 - 2015-03-15 19:44 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-06-11 22:29 - 2013-08-22 16:44 - 00524656 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 22:28 - 2015-04-15 07:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 22:28 - 2015-04-15 07:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 22:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-07 20:34 - 2015-03-14 19:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-07 20:34 - 2015-03-14 19:03 - 00000000 ____D C:\Users\Johannes\AppData\Local\VirtualStore
2015-06-06 22:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-02 22:17 - 2015-03-15 02:04 - 00000000 ____D C:\Users\Johannes\AppData\Roaming\Origin
2015-06-02 22:17 - 2015-03-15 01:14 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-02 16:11 - 2015-03-14 19:26 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-06-01 23:03 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-01 15:18 - 2015-03-14 19:52 - 00000000 ____D C:\Users\Johannes\AppData\Local\NVIDIA Corporation
 
==================== Files in the root of some directories =======
 
2015-03-21 11:51 - 2015-06-15 16:33 - 0002147 _____ () C:\Users\Johannes\AppData\Roaming\SpeedRunnersLog.txt
2015-03-28 17:18 - 2015-05-02 00:20 - 0007608 _____ () C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
2015-05-02 00:24 - 2015-05-02 00:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Johannes\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Johannes\AppData\Local\Temp\ICReinstall_CR_Downloader_fuer_metal-gear-solid-(disc-2)-(v1.1).exe
C:\Users\Johannes\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Johannes\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Johannes\AppData\Local\Temp\nvStInst.exe
C:\Users\Johannes\AppData\Local\Temp\sonarinst.exe
C:\Users\Johannes\AppData\Local\Temp\utils.dll
C:\Users\Johannes\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-29 18:28
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 03 July 2015 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Johannes\AppData\Local\PriceFountain\PriceFountainIE.dll No File
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 08 July 2015 - 09:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 29 July 2015 - 08:14 AM

This topic has been re-opened at the request of the person who originally posted.

#5 joe76

joe76
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 29 July 2015 - 12:54 PM

So, thanks for the reo-opening,

Her a the reports :

 

Anti - Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 28.07.2015
Scan Time: 00:00
Logfile: anti malware.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.27.07
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Johannes
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366697
Time Elapsed: 5 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.OpenCandy, C:\Users\Johannes\AppData\Local\Temp\HYD4C88.tmp.1437952326\HTA\install.1437952326.zip, , [04bf4b9b6525ec4ab6b5075c90757987], 
PUP.Optional.OpenCandy, C:\Users\Johannes\AppData\Local\Temp\HYDC0CC.tmp.1437961007\HTA\install.1437961007.zip, , [497acc1a6228c5711556adb6be4714ec], 
PUP.Optional.OpenCandy, C:\Users\Johannes\AppData\Local\Temp\HYDC0CC.tmp.1437961007\HTA\3rdparty\OCSetupHlp.dll, , [9d263fa76a2060d6f17a6df6a95cd42c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
And from AdwCleaner:
 
# AdwCleaner v4.208 - Bericht erstellt 28/07/2015 um 00:14:22
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-26.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Johannes - JOHANNES-TOWER
# Gestarted von : C:\Users\Johannes\Downloads\adwcleaner_4.208.exe
# Option : Löschen
 
***** [ Dienste ] *****
 
 
***** [ Dateien / Ordner ] *****
 
Ordner Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nedjejdfkkjgebciefdfofjhmeogiaga_0.localstorage
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nedjejdfkkjgebciefdfofjhmeogiaga_0.localstorage-journal
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage
Datei Gelöscht : C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage-journal
 
***** [ Geplante Tasks ] *****
 
 
***** [ Verknüpfungen ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PriceFountain
Schlüssel Gelöscht : HKCU\Software\PRODUCTSETUP
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RCRN v3.6 - Steam Workshop Optimized
 
***** [ Internetbrowser ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v44.0.2403.107
 
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1400695334&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF310879H&q={searchTerms}
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_19&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dat%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyyDzzzytCyCtDtAzzyB0FtN0D0Tzu0StCtBtCzytN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBzyyBtB0BtByEyBtG0A0A0DyEtGzzyE0FyDtG0B0B0D0FtGtD0EtCyD0E0EtCyDyC0B0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Dzz0B0AtB0BtD0BtG0D0E0AzytGyE0D0B0BtG0AtB0AtBtGyCyEyBtD0AyBtByDtAtCtA0C2QtN0A0LzutD%26cr%3D547219894%26a%3Dwncy_ir_15_19%26os%3DWindows 8.1&p={searchTerms}
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://do-search.com/web/?type=ds&ts=1430747934&from=corna&uid=SamsungXSSDX850XEVOX500GB_S21JNSAG211861V&q={searchTerms}
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : 
[C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : 16B12BC5423156B86BEED5C9171E1053D5AB3F1B8D1B50A437E80930E2FD574A"},"software_reporter":{"prompt_reason":"D1DAB7929EB37C2A5470754D94BB086195AEA2A5C38CADE0DAB7EC9DF2268D95","prompt_seed":"D30E77C12C59EDD1C4CC7EC795DEBC12F5FA601295433FC722089F5AC2E75CF2","prompt_version":"ADB6AE6E4BB54D82851A2D55F2319A2476B3FCBFBE6B39458DFBF8EFAA47BA62"},"sync":{"remaining_rollback_tries":"F6C0AE267A23204D25E5DD83567E22BFE571FF6A478C04C162B56FF0C09DEA70"}},"super_mac":"2ACF625828FC231AFC66C892ACDC8C204308A32A3774E9298ECE4E06B7BCF661"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.sweet-page.com/?type=hp&ts=1400695334&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF310879H
 
*************************
 
AdwCleaner[R0].txt - [9746 Bytes] - [28/07/2015 00:09:54]
AdwCleaner[S0].txt - [4197 Bytes] - [28/07/2015 00:14:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4256  Bytes] ##########
 
 
 
I hope this can help you.
 
And thanks for the help!


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 30 July 2015 - 07:19 AM

Please post the Fixlog.txt that was created when you have executed my suggested fix.

If the problem persists do this.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome
===

How is the computer running now?

#7 joe76

joe76
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:26 PM

Posted 03 August 2015 - 09:55 AM

Thanks that worked for me!Problem solved!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 03 August 2015 - 12:55 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:26 PM

Posted 09 August 2015 - 07:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users