Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Pile Malware


  • This topic is locked This topic is locked
8 replies to this topic

#1 blinksi

blinksi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2015 - 04:47 AM

hello,

 

I seem to have a malware installed on my computer but I don't know how to get rid of it. everytime I open a new tab in google Chrome it opens up ''search pile'' even though I don't have it set as default site when I open up a new tab.

 

 

qgYOfnX.png

 

I can't use my address bar for searches anymore. Everytime I search for something it first shows it in google searches and a few seconds later it redirects me to VC.org search engine. 

 

f6bquf5.png

 

 

At first I thought a program just changed my Chrome settings when I was installing it. But it didn't, the default search engine is still set to google. It just redirects me to a different site somehow.

I have tried everything.. I went through 5 different tutorials on removing this thing and it's still here. I also uninstalled chrome and installed it again which works for a day but then it comes back again :( Please help.

 


Edited by blinksi, 03 October 2015 - 04:48 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 03 October 2015 - 05:00 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 blinksi

blinksi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2015 - 05:27 AM

Here is the scan :)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by andrej (administrator) on ANDREJ (03-10-2015 12:21:55)
Running from C:\Users\andrej\Desktop
Loaded Profiles: andrej (Available Profiles: andrej)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Genius\Gila\mousehid.exe
() C:\Program Files (x86)\Genius\Gila\trayicon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [Gila] => C:\Program Files (x86)\Genius\Gila\mousehid.exe [307712 2013-01-07] ()
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\Run: [GoogleChromeAutoLaunch_B9E2C160BE613EFA9ECC256CF7F29F84] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [871240 2015-09-24] (Google Inc.)
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\MountPoints2: {577f6001-3051-11e5-8257-0025225c39fb} - "D:\setup.exe" 
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\MountPoints2: {caa27a1d-565b-11e5-826c-0025225c39fb} - "H:\setup.exe" 
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\MountPoints2: {e9d55912-52f2-11e5-826c-0025225c39fb} - "G:\setup.EXE" /AUTORUN
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-30] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{36BDE13E-CAED-4CB2-A809-74B5CDCB4A57}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2015-09-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-30] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-09-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2015-09-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-30] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2015-09-27] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2015-09-27] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-09-27] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2015-09-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-28] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=187388df00000000000000116b48570b
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE","hxxp://websearch.youwillfind.info/?pid=821&r=2013/04/28&hid=1309233196&lg=EN&cc=SI"
CHR Profile: C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Diapozitivi) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-28]
CHR Extension: (Google Dokumenti) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-28]
CHR Extension: (Google Drive) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-28]
CHR Extension: (YouTube) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Cast) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-09-30]
CHR Extension: (Google Search) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-28]
CHR Extension: (Google Preglednice) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-28]
CHR Extension: (Google Dokumenti brez povezave) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-28]
CHR Extension: (AdBlock) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-28]
CHR Extension: (Avast Online Security) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-28]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-09-28]
CHR Extension: (Plačila v spletni trgovini Chrome) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-28]
CHR Extension: (Gmail) - C:\Users\andrej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-30] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-10-02] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-30] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-07-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-30] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-23] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-30] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-30] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2015-08-03] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 12:21 - 2015-10-03 12:22 - 00019417 _____ C:\Users\andrej\Desktop\FRST.txt
2015-10-03 12:20 - 2015-10-03 12:21 - 00000000 ____D C:\FRST
2015-10-03 12:19 - 2015-10-03 12:20 - 02193408 _____ (Farbar) C:\Users\andrej\Desktop\FRST64.exe
2015-10-02 21:08 - 2015-10-02 21:08 - 00000540 _____ C:\Windows\system32\.crusader
2015-10-02 20:02 - 2015-10-02 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-10-02 20:02 - 2015-10-02 20:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-10-02 20:01 - 2015-10-02 21:08 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-02 19:45 - 2015-10-02 21:17 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 19:45 - 2015-10-02 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 19:45 - 2015-10-02 19:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 19:45 - 2015-10-02 19:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-02 19:45 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-02 19:45 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-02 19:45 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-10-02 19:11 - 2015-10-02 19:20 - 00000000 ____D C:\AdwCleaner
2015-10-02 18:51 - 2015-10-02 18:51 - 00000000 _____ C:\autoexec.bat
2015-10-01 17:23 - 2015-10-02 19:27 - 00000000 ____D C:\Users\andrej\AppData\LocalLow\uTorrent
2015-09-30 23:27 - 2015-09-13 23:50 - 00574072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-09-30 23:25 - 2015-09-30 23:26 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-09-30 23:24 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-30 23:24 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00117552 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-09-30 23:24 - 2015-09-14 02:29 - 00039032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-09-28 21:36 - 2015-10-03 11:41 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-28 21:36 - 2015-10-03 10:35 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-28 21:36 - 2015-09-28 21:36 - 00004042 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-28 21:36 - 2015-09-28 21:36 - 00003806 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-28 21:36 - 2015-09-28 21:36 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-28 21:36 - 2015-09-28 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-28 21:35 - 2015-09-28 21:35 - 00000000 ____D C:\Users\andrej\AppData\Local\Deployment
2015-09-28 21:35 - 2015-09-28 21:35 - 00000000 ____D C:\Users\andrej\AppData\Local\Apps\2.0
2015-09-27 20:49 - 2015-09-27 20:49 - 00003398 _____ C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-09-27 18:43 - 2015-09-27 18:43 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-09-27 18:43 - 2015-09-27 18:43 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-09-27 18:39 - 2015-10-02 18:47 - 00000000 ____D C:\Program Files\Office 2016  KMS Activator Ultimate v1.1 Final
2015-09-27 18:35 - 2015-09-27 18:35 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive za podjetja.lnk
2015-09-27 18:35 - 2015-09-27 18:35 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype za podjetja 2016.lnk
2015-09-27 18:35 - 2015-09-27 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orodja zbirke Microsoft Office 2016
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-09-27 11:42 - 2015-09-27 18:35 - 00002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-09-27 11:42 - 2015-09-27 18:35 - 00002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-09-27 11:42 - 2015-09-27 18:35 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-09-27 11:42 - 2015-09-27 18:35 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-09-27 11:42 - 2015-09-27 18:35 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-09-27 11:36 - 2015-09-27 11:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-26 19:17 - 2015-09-28 15:50 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-26 00:13 - 2015-07-17 15:51 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:51 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 00:13 - 2015-07-17 15:47 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 00:11 - 2015-09-26 16:56 - 00003094 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3061060685-619067132-2358629409-1001
2015-09-26 00:11 - 2015-09-26 00:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-09-25 23:56 - 2015-09-26 12:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-23 14:18 - 2015-09-23 14:18 - 00038640 _____ C:\Windows\unins000.dat
2015-09-23 14:18 - 2015-09-23 14:18 - 00000000 ____D C:\Users\andrej\AppData\Roaming\KYE Gila
2015-09-23 14:18 - 2015-09-23 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius
2015-09-23 14:18 - 2015-09-23 14:18 - 00000000 ____D C:\Program Files (x86)\Genius
2015-09-23 14:18 - 2015-09-23 14:17 - 01215871 _____ C:\Windows\unins000.exe
2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____D C:\Users\andrej\Documents\m4p to mp3
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\Users\andrej\AppData\Roaming\freemkvtomp4converter
2015-09-19 20:50 - 2015-09-19 20:50 - 00000000 ____D C:\Users\andrej\AppData\Local\SkinSoft
2015-09-19 20:50 - 2015-09-19 20:49 - 10500646 _____ (Convert Audio Free) C:\Users\andrej\Documents\m4ptomp3_setup [1].exe
2015-09-19 20:49 - 2015-09-19 20:49 - 00000000 ____D C:\Program Files (x86)\m4ptomp3_setup
2015-09-19 20:29 - 2015-09-19 20:29 - 00000000 ____D C:\Users\andrej\Downloads\Aimersoft.DRM.Media.Converter.1.4.7
2015-09-19 10:49 - 2015-09-19 20:56 - 00000000 ____D C:\Program Files (x86)\Aimersoft
2015-09-19 10:49 - 2015-09-19 11:09 - 00000000 ____D C:\Users\andrej\Documents\Aimersoft DRM Media Converter
2015-09-19 10:49 - 2015-09-19 10:49 - 00000000 ____D C:\Users\andrej\AppData\Local\Aimersoft
2015-09-19 10:49 - 2015-08-03 10:55 - 00675840 _____ () C:\Windows\SysWOW64\ac3filter.ax
2015-09-19 10:49 - 2015-08-03 10:54 - 00892928 _____ (Free Software Foundation) C:\Windows\SysWOW64\iconv.dll
2015-09-19 10:49 - 2015-08-03 10:54 - 00496640 _____ C:\Windows\SysWOW64\xvid.ax
2015-09-19 10:49 - 2015-08-03 10:51 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio1.sys
2015-09-19 10:48 - 2015-09-19 11:07 - 00000000 ____D C:\Users\andrej\Desktop\song
2015-09-18 21:32 - 2015-09-18 21:32 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-18 21:32 - 2015-09-18 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-18 21:30 - 2015-09-18 21:32 - 00000000 ____D C:\Program Files\iTunes
2015-09-18 21:30 - 2015-09-18 21:30 - 00000000 ____D C:\Program Files\iPod
2015-09-18 21:30 - 2015-09-18 21:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-18 21:26 - 2015-09-18 21:26 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-18 21:26 - 2015-09-18 21:26 - 00000000 ____D C:\Program Files\Bonjour
2015-09-18 21:26 - 2015-09-18 21:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-18 21:26 - 2015-09-18 21:26 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-18 21:21 - 2015-09-18 21:22 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-18 21:21 - 2015-09-18 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-18 21:20 - 2015-09-18 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-09-18 21:19 - 2015-09-18 21:19 - 00000000 ____D C:\Users\andrej\AppData\LocalLow\Apple Computer
2015-09-17 21:47 - 2015-09-17 21:47 - 00000000 ____D C:\Users\andrej\Documents\WB Games
2015-09-17 16:50 - 2015-09-17 16:50 - 00002092 _____ C:\Users\andrej\Desktop\Mad Max.lnk
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2015-09-17 16:05 - 2015-09-17 16:05 - 00000000 ____D C:\Program Files (x86)\GMT-MAX.ORG
2015-09-16 21:07 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-16 21:07 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-16 20:51 - 2015-09-17 00:56 - 00000000 ____D C:\Users\andrej\Downloads\Mad.Max.All.DLC.with.crack.v3.RePack-MAXAGENT
2015-09-14 23:05 - 2015-09-16 20:35 - 00000000 ____D C:\Users\andrej\Downloads\Black.Swan.2010.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 22:51 - 2015-09-16 20:35 - 00000000 ____D C:\Users\andrej\Downloads\Memento.2000.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 22:43 - 2015-09-19 19:43 - 00000000 ____D C:\Users\andrej\Downloads\The.Silence.of.the.Lambs.1991.SLOSubs.DVDRip.Xvid-DrSi
2015-09-14 22:27 - 2015-09-16 20:36 - 00000000 ____D C:\Users\andrej\Downloads\Se7en.1995.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 21:56 - 2015-09-16 20:36 - 00000000 ____D C:\Users\andrej\Downloads\Side.Effects.2013.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 21:38 - 2015-09-16 20:35 - 00000000 ____D C:\Users\andrej\Downloads\Mr.Brooks.2007.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 21:17 - 2015-09-16 20:38 - 00000000 ____D C:\Users\andrej\Downloads\We.Need.To.Talk.About.Kevin.2011.LiMiTED.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 19:09 - 2015-09-14 20:01 - 00000000 ____D C:\Users\andrej\Downloads\Good.Will.Hunting.1997.SLOSubs.DVDRip.XviD-THR
2015-09-14 19:01 - 2015-09-14 21:02 - 00000000 ____D C:\Users\andrej\Downloads\The Breakfast Club [1985-DVDRip]-NewArtRiot SLOsub
2015-09-14 18:51 - 2015-09-14 20:01 - 00000000 ____D C:\Users\andrej\Downloads\Almost.Famous.2000.SLOSubs.DVDRip.XViD
2015-09-14 18:35 - 2015-09-14 21:02 - 00000000 ____D C:\Users\andrej\Downloads\Juno.2007.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 18:17 - 2015-09-14 18:17 - 00000000 ____D C:\Users\andrej\Downloads\American Beauty
2015-09-14 17:52 - 2015-09-14 20:01 - 00000000 ____D C:\Users\andrej\Downloads\Into.The.Wild.2007.SLOSubs.DVDRip.XviD-DrSi
2015-09-14 17:07 - 2015-09-19 19:43 - 00000000 ____D C:\Users\andrej\Downloads\Wild.2014.SLOSubs.BRRip.XviD-DrSi
2015-09-12 19:43 - 2015-09-23 15:34 - 00000000 ____D C:\Users\andrej\Downloads\Lost.In.Translation.2003.SLOSubs.DVDRip.XviD-DrSi
2015-09-12 19:16 - 2015-10-03 12:20 - 00000000 ____D C:\Users\andrej\Downloads\The.Virgin.Suicides.1999.SLOSubs.DVDRip.XViD-Jeseničan
2015-09-12 19:12 - 2015-09-12 20:58 - 00000000 ____D C:\Users\andrej\Downloads\El.Laberinto.del.Fauno.(Pan's.Labyrinth).2006.SLOsubs.BRrip.720p.nikolas
2015-09-12 19:12 - 2015-09-12 19:38 - 00000000 ____D C:\Users\andrej\Downloads\Clueless.1995.DVDivX-VAJSY
2015-09-12 19:11 - 2015-10-03 12:20 - 00000000 ____D C:\Users\andrej\Downloads\The.Pianist.2002.DVDRip.XviD-dila
2015-09-10 19:20 - 2015-09-10 19:20 - 00001236 _____ C:\Users\andrej\Desktop\Far Cry 4 - Gold Edition.lnk
2015-09-10 18:56 - 2015-09-10 20:11 - 00000000 ____D C:\Users\andrej\Documents\My Games
2015-09-10 18:51 - 2015-09-10 18:51 - 00000000 ____D C:\Users\andrej\AppData\LocalLow\Twice Circled
2015-09-10 17:04 - 2015-09-10 17:04 - 00000000 ____D C:\ProgramData\Orbit
2015-09-10 16:52 - 2015-09-10 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-09-10 15:52 - 2015-09-10 16:52 - 00000000 ____D C:\Program Files (x86)\Far Cry 4 - Gold Edition
2015-09-09 15:46 - 2015-09-09 15:46 - 00000000 ____D C:\01fdd2e7f0ec03c79d9e
2015-09-09 15:41 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 15:41 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-09 15:41 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-09 15:41 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-09 15:41 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-09 15:41 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 15:41 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 15:41 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 15:41 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 15:41 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 15:41 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 15:41 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 15:40 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 15:40 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-09 15:40 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 15:40 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-09 15:40 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 15:40 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-09 15:40 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 15:40 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 15:40 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 15:40 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-09 15:40 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 15:40 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 15:40 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 15:40 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 15:40 - 2015-07-22 16:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 15:40 - 2015-07-22 15:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 15:40 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 15:40 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 15:40 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 15:40 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 15:40 - 2015-07-17 16:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 15:40 - 2015-07-17 16:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-09 15:40 - 2015-07-03 23:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-09 15:40 - 2015-07-03 16:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-09 15:40 - 2015-06-27 13:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 15:40 - 2015-06-19 19:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-09 15:39 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 15:39 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 15:39 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 15:39 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 15:39 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-09 15:39 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 15:39 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 15:39 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 15:39 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 15:39 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 15:39 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 15:39 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-09 15:39 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 15:39 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-09 15:39 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 15:39 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-09 15:39 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-09 15:39 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 15:39 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-09 15:39 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 15:39 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-09 15:39 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-09 15:39 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-09 15:39 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-09 15:39 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-09 15:39 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 15:39 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-09 15:39 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-09 15:39 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-09 15:39 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-09 15:39 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-09 15:39 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-09 15:39 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 15:39 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-09 15:39 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-09 15:39 - 2015-07-13 21:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-09 15:39 - 2015-07-09 18:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-09 15:38 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 15:38 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-09 15:38 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 15:38 - 2015-07-14 05:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-07 21:28 - 2015-09-07 21:28 - 00000000 ____D C:\Users\andrej\Documents\My Cheat Tables
2015-09-07 21:28 - 2015-09-07 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-09-07 21:28 - 2015-09-07 21:28 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-09-07 15:19 - 2015-09-07 15:19 - 00000000 ____D C:\Users\andrej\AppData\Roaming\PaintersGuild
2015-09-06 14:20 - 2015-09-06 14:29 - 00000000 ____D C:\Users\andrej\Documents\Universe Sandbox ²
2015-09-06 14:18 - 2015-09-06 14:18 - 00000000 ____D C:\Users\andrej\AppData\LocalLow\Giant Army
2015-09-06 13:51 - 2015-09-06 13:58 - 665506608 _____ C:\Users\andrej\Downloads\Universe.Sandbox.2.zip
2015-09-05 14:14 - 2015-09-05 14:14 - 00000000 ____D C:\Users\andrej\AppData\Roaming\WB Games
2015-09-05 14:09 - 2015-09-05 14:09 - 00000000 ____D C:\Program Files (x86)\WB Games
2015-09-04 22:42 - 2015-09-04 22:44 - 00000000 ____D C:\Users\andrej\Downloads\VA - R3HAB Inspired - Ministry of Sound  (2015) [MuSi]
2015-09-04 18:29 - 2015-09-04 19:26 - 00000000 ____D C:\Users\andrej\Downloads\Capitalism.A.Love.Story.2009.SLOSubs.DVDRip.XviD-DrSi
2015-09-04 17:57 - 2015-09-04 18:01 - 00000000 ____D C:\Users\andrej\Downloads\Dear.Zachary.A.Letter.to.a.Son.About.His.Father.2008.720p.WEB-DL.H264-TC [PublicHD] [PublicHD]
2015-09-04 17:41 - 2015-09-04 19:26 - 00000000 ____D C:\Users\andrej\Downloads\Blackfish.2013.SLOSubs.BRRip.XviD-DrSi
2015-09-04 17:28 - 2015-09-04 19:26 - 00000000 ____D C:\Users\andrej\Downloads\Jesus.Camp.2006.SLOSubs.LIMITED.DVDRip.XviD-iMBT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-10-03 11:33 - 2015-07-17 22:00 - 00153600 ___SH C:\Users\andrej\Desktop\Thumbs.db
2015-10-03 11:09 - 2015-07-04 21:51 - 01371374 _____ C:\Windows\WindowsUpdate.log
2015-10-03 10:36 - 2015-07-04 22:05 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1C9860B-5DD3-48E1-B701-3B607220C031}
2015-10-03 10:35 - 2015-07-04 22:03 - 00000000 ___DO C:\Users\andrej\OneDrive
2015-10-03 10:34 - 2015-07-17 13:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-02 21:32 - 2015-07-04 22:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3061060685-619067132-2358629409-1001
2015-10-02 21:23 - 2015-07-18 18:28 - 00000000 ___RD C:\Users\andrej\Desktop\porgrami
2015-10-02 21:16 - 2015-07-04 22:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-02 21:16 - 2014-11-21 09:29 - 00062836 _____ C:\Windows\PFRO.log
2015-10-02 21:16 - 2013-08-22 16:46 - 00040710 _____ C:\Windows\setupact.log
2015-10-02 21:16 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 21:08 - 2015-07-17 13:34 - 00000000 ____D C:\Users\andrej\AppData\Roaming\uTorrent
2015-10-02 20:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\L2Schemas
2015-10-02 20:03 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-01 23:24 - 2015-08-03 12:28 - 00000000 ____D C:\Users\andrej\Desktop\šola
2015-10-01 23:21 - 2015-07-04 21:58 - 00000000 ____D C:\Users\andrej\AppData\Local\Packages
2015-10-01 15:25 - 2015-08-01 21:42 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1438458137
2015-10-01 15:25 - 2015-08-01 21:42 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-10-01 15:25 - 2015-08-01 21:40 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-30 23:27 - 2015-07-04 22:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-30 23:27 - 2015-07-04 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-09-28 21:36 - 2015-07-04 22:11 - 00000000 ____D C:\Users\andrej\AppData\Local\Google
2015-09-28 21:36 - 2015-07-04 22:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-28 21:35 - 2015-07-04 22:05 - 00000000 __SHD C:\Users\andrej\AppData\Local\EmieUserList
2015-09-28 21:35 - 2015-07-04 22:05 - 00000000 __SHD C:\Users\andrej\AppData\Local\EmieSiteList
2015-09-28 21:35 - 2015-07-04 22:05 - 00000000 __SHD C:\Users\andrej\AppData\Local\EmieBrowserModeList
2015-09-28 15:40 - 2015-07-30 23:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-28 14:54 - 2013-08-22 16:44 - 00473176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-27 22:21 - 2015-07-17 14:52 - 00000000 ____D C:\Users\andrej\AppData\Roaming\vlc
2015-09-27 11:57 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-26 00:14 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-23 20:00 - 2015-07-17 16:03 - 00000080 _____ C:\Users\andrej\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-09-23 14:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-09-20 11:29 - 2015-07-17 15:37 - 00002140 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2015-09-20 10:44 - 2015-07-17 14:55 - 00000000 ____D C:\Users\andrej\AppData\Roaming\Apple Computer
2015-09-18 21:30 - 2015-08-17 18:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-18 21:26 - 2015-08-17 18:50 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-18 17:08 - 2015-07-17 15:59 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-09-18 17:08 - 2015-07-17 13:09 - 00000000 ____D C:\Program Files\Rockstar Games
2015-09-17 20:19 - 2015-08-15 17:37 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-17 20:19 - 2015-07-18 16:33 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-09-17 20:19 - 2015-07-18 16:33 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-09-16 20:46 - 2015-07-04 22:09 - 00001393 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-09-16 19:45 - 2015-07-04 21:53 - 00000000 ____D C:\Users\andrej
2015-09-15 03:18 - 2014-11-21 17:20 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2014-11-21 17:20 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-07-31 11:48 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-09-14 02:29 - 2015-07-04 22:19 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2015-07-04 22:19 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2015-07-04 22:18 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2015-07-04 22:18 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-14 02:29 - 2015-07-04 22:18 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-14 02:29 - 2015-07-04 22:18 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-14 02:29 - 2015-07-04 22:18 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2015-07-04 22:19 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2015-07-04 22:19 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2015-07-04 22:19 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2015-07-04 22:19 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2015-07-04 22:19 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2015-07-04 22:19 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-13 13:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-12 19:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-09-12 16:58 - 2015-08-12 10:16 - 02208256 ___SH C:\Users\andrej\Downloads\Thumbs.db
2015-09-12 16:52 - 2015-08-05 21:08 - 00000000 ____D C:\Users\andrej\Downloads\The.Good.Lie.2014.SLOSubs.BRRip.XviD-DrSi
2015-09-12 11:59 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-11 21:35 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-11 14:17 - 2015-07-04 22:19 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 14:02 - 2014-11-21 09:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 15:46 - 2015-07-08 18:05 - 00000000 ____D C:\Windows\system32\MRT
2015-09-06 14:18 - 2015-08-26 00:55 - 00000000 ____D C:\Users\andrej\Downloads\Universe.Sandbox.2
2015-09-05 13:50 - 2015-08-18 11:15 - 00000000 ____D C:\Users\andrej\Downloads\LEGO.Harry.Potter.Years.1-4-RELOADED
2015-09-04 20:00 - 2015-07-17 16:26 - 00000000 ____D C:\Users\andrej\AppData\Roaming\.minecraft
2015-09-04 19:29 - 2014-11-21 09:38 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
 
Some files in TEMP:
====================
C:\Users\andrej\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\andrej\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\andrej\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\andrej\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\andrej\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\andrej\AppData\Local\Temp\nvStInst.exe
C:\Users\andrej\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\andrej\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\andrej\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 15:10
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-10-2015
Ran by andrej (2015-10-03 12:22:36)
Running from C:\Users\andrej\Desktop
Windows 8.1 Pro (X64) (2015-07-04 19:57:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3061060685-619067132-2358629409-500 - Administrator - Disabled)
andrej (S-1-5-21-3061060685-619067132-2358629409-1001 - Administrator - Enabled) => C:\Users\andrej
Guest (S-1-5-21-3061060685-619067132-2358629409-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3061060685-619067132-2358629409-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Far Cry 4 - Gold Edition version 1.9.0 (HKLM-x32\...\{E9F9EC2B-2447-4BA4-A81F-837D7CA62DC5}_is1) (Version: 1.9.0 - Ubisoft)
Fingered (HKLM-x32\...\Steam App 384360) (Version:  - Edmund McMillen)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gila Gaming Mouse (HKLM-x32\...\{FB3A54A3-F867-456E-971F-712CC13DC830}}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.246 - SurfRight B.V.)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
LEGO Pirates Of The Caribbean (HKLM-x32\...\LEGO Pirates Of The Caribbean_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
LEGO Star Wars II (HKLM-x32\...\InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LEGO® Harry Potter™: Years 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)
Mad Max version 1.0.1.1 (HKLM-x32\...\Mad Max_is1) (Version: 1.0.1.1 - GMT-MAX.ORG)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - sl-si (HKLM\...\ProPlusRetail - sl-si) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Opera Stable 32.0.1948.69 (HKLM-x32\...\Opera 32.0.1948.69) (Version: 32.0.1948.69 - Opera Software)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version:  - Outerlight Ltd.)
The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version:  - Outerlight)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-3061060685-619067132-2358629409-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
29-09-2015 16:12:09 Scheduled Checkpoint
02-10-2015 19:28:46 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26350331-30C0-427D-B15F-72F1A446D689} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {28032836-6256-40AD-B25F-6A1C370EF5EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {3954D0A5-FF3C-48B2-87FB-5A99AAA39AA8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {3F6F647F-798A-4A01-8455-E50DA23A902A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.)
Task: {4054627E-6755-46E6-8B2F-7574D65CBD4B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {478BEDDA-D5C1-4A98-BF12-27C8F1AA0AC3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2015-09-27] (Microsoft Corporation)
Task: {529F2D0D-6179-49FF-B65B-0166B9E4910C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {54DD26E3-B353-456C-BF24-99F9D698E3F0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2015-09-27] (Microsoft Corporation)
Task: {856424C1-E624-4B6C-A649-54513488C7EC} - System32\Tasks\Opera scheduled Autoupdate 1438458137 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-25] (Opera Software)
Task: {8AB67EE5-CBFF-404E-B825-3338E576D0BF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-08-16] (Microsoft Corporation)
Task: {8FE37700-1590-4AB6-B8FA-03B7A364B308} - System32\Tasks\AutoPico Daily Restart => C:\Users\andrej\AppData\Local\Temp\RarSFX1\AutoPico.exe <==== ATTENTION
Task: {B7B94A68-463D-4FB7-BC3F-381D01D43F46} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-30] (AVAST Software)
Task: {EF3704BB-2045-4943-AFA4-779494793DF9} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3061060685-619067132-2358629409-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-27 11:36 - 2015-08-16 00:21 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-07-04 22:19 - 2015-09-14 00:09 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-27 11:41 - 2015-09-27 11:41 - 08901800 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-09-28 21:36 - 2015-09-24 21:50 - 01868104 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-28 21:36 - 2015-09-24 21:50 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-23 14:18 - 2013-01-07 19:27 - 00307712 _____ () C:\Program Files (x86)\Genius\Gila\mousehid.exe
2015-09-23 14:18 - 2012-06-10 19:01 - 00222720 _____ () C:\Program Files (x86)\Genius\Gila\trayicon.exe
2015-09-28 21:36 - 2015-09-24 21:51 - 28850504 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
2015-07-30 23:54 - 2015-07-30 23:54 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-30 23:54 - 2015-07-30 23:54 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-02 18:46 - 2015-10-02 18:46 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100202\algo.dll
2015-07-04 22:09 - 2015-08-27 02:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-17 13:37 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-17 13:37 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-17 13:37 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-17 13:37 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-17 13:37 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-17 13:36 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-17 13:36 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-17 13:36 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-17 13:36 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-17 13:36 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-17 13:37 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 11:59 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-07-30 23:54 - 2015-07-30 23:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-23 14:18 - 2011-09-05 09:41 - 00061440 _____ () C:\Program Files (x86)\Genius\Gila\HidDevice.dll
2015-07-17 13:36 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\andrej\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3061060685-619067132-2358629409-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\andrej\Desktop\iron_tunnel_fireworks_ultra_hd_4k_wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{403D8AA9-C86F-4ED7-A4DF-DA373E23E76B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F01B56DB-33AE-497D-BF3D-51D68CE7498D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0700AEDE-7A33-487B-BBC9-43067AA461A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9C5B5582-20D2-4CCA-A2F6-402F8BA8DCE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{86987129-59BA-480E-A918-B7D239AC0611}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4E295FBB-DB9A-4D8D-8AE3-940A1F9AA854}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{47CB7680-B4FD-4E93-912B-17CC9404EDB9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A32FC157-3B00-4CF8-BB37-9B11E5F7D56D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{03E4DC77-B28E-4413-80C2-78636B1B4018}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6031E1D0-B52F-4B70-9828-FE37E32E9189}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9834F331-1923-4CCF-A36B-7DB8A5E987A2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3F66DA4F-5411-4BAC-8544-4C3F407BB65C}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{149EF03D-1462-4B9C-811C-BD4C0739A581}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D866B612-F9F1-45D1-A397-57336058A021}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9565482E-B393-4226-BAE6-16C3524179B2}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0BFF3D0-2A7F-4F46-9EB4-42DD9FF264B1}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E7B64D96-EF71-484F-A5A8-E10239544EC1}] => (Allow) C:\Users\andrej\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{91C20E86-CC18-4495-ACFA-12180C559E32}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{5BCD0EDF-5DD9-49BB-A690-713F98C4E8E5}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{EB638FFD-14B5-42D8-8DFF-564344AC752A}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{BF3AE07A-C1AC-4F46-A2D6-7C6CFBEE7D3E}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{676500D6-E7C2-46AC-820B-71A6EC6297EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F1A1E628-AA61-43D8-99A7-05C58D646935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{42EBFEF8-3A65-4A42-BFAB-5B78721D680D}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{997A0EF8-D18F-4F8B-B1B3-3CF946A5FB82}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{4DAA7FC8-B64D-4113-94CB-721F34966EF0}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{3A132141-92F3-49FE-BAAA-46C17A903F3D}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{1F12F75E-176F-4055-ADA9-5DC64B7AD5F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6D8EADF0-8A8B-4697-BA1A-6533DFFB1B7D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F771D6F8-551C-419F-BAEA-39FCC12BBFAA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{566277D1-A8A6-4CDB-9A1F-51FCC3BF899E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CB08830F-58AA-4A36-AA8A-1BDB9CF9D991}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EFD2E1B0-2EEE-4B38-8FD8-AE492866D692}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{52F35AE1-6131-46CD-A4E9-AE3BDBB491E3}C:\users\andrej\downloads\hitman closed alpha-3dm\hitman closed alpha-3dm\hitman_ca.exe] => (Allow) C:\users\andrej\downloads\hitman closed alpha-3dm\hitman closed alpha-3dm\hitman_ca.exe
FirewallRules: [UDP Query User{9F754819-1705-4010-8AF7-D6A8AFFD5812}C:\users\andrej\downloads\hitman closed alpha-3dm\hitman closed alpha-3dm\hitman_ca.exe] => (Allow) C:\users\andrej\downloads\hitman closed alpha-3dm\hitman closed alpha-3dm\hitman_ca.exe
FirewallRules: [{77E9A701-83FA-4D4E-A453-8E01A9050072}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CE5C321B-ED9B-4E57-A277-69443E427DD6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EC341A46-3C98-4D21-BDFE-C1439552B2E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fingered\nw.exe
FirewallRules: [{E8356C2C-2780-49B0-986E-951D7BC94E1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fingered\nw.exe
FirewallRules: [{30ED0715-C666-4BEC-A147-4F1F2F61B6FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{0CFB3334-2938-4200-B618-9A88225FBEF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{D8868073-8756-4EFF-A3F4-A2B1466F89EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{34C63D6A-3168-4C5D-9FE5-824562DA9EE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Tutorial\ship.exe
FirewallRules: [{41641124-1B43-49F8-BAA9-A54F1B7857AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{2BD4EB15-3F01-41E5-AEC8-DFC9E7CD015E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{6E1EDE7A-21A6-409A-8EF1-505596C425F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{7016D46A-BCCE-4B79-9685-DC3F67FCDE0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{CA6DF947-5DEC-4569-B207-1C20172FD75E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{52D3BEA8-B72B-4C52-B5DE-D72AD0EA4ED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{33DCA9F7-3857-467A-BA0B-1D57CF7793F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{948C40CD-B115-47C9-895F-ECD8E98C61A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ship\ship.exe
FirewallRules: [{568897F4-AF45-46F1-A514-44915CCB2535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BFB1C8F3-B7B6-490D-8923-C793CDC8A2A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BDE46276-E04B-47D7-9F12-E26ECF6BF408}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{31230D5C-8EE6-4EE2-8F29-5F0EFAB2AD22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{A0D13AFA-D85B-4079-A791-A946891C0B24}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.4_40911.exe] => (Block) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.4_40911.exe
FirewallRules: [UDP Query User{B1BF24AB-07A8-4360-BB8E-55591CA73139}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.4_40911.exe] => (Block) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.4_40911.exe
FirewallRules: [TCP Query User{A1BED1E8-863C-4F80-82D3-A3C66C8388DB}C:\program files (x86)\far cry 4 - gold edition\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [UDP Query User{22D15FC5-50EA-4878-81B1-71B04E05D97A}C:\program files (x86)\far cry 4 - gold edition\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4 - gold edition\bin\farcry4.exe
FirewallRules: [TCP Query User{6370970A-CE29-4C91-979C-9956B3CC24D5}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41073.exe] => (Allow) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41073.exe
FirewallRules: [UDP Query User{2921ABDB-8378-44A1-AE17-E51CD29AE68F}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41073.exe] => (Allow) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41073.exe
FirewallRules: [{E9652635-CCDA-43F9-B082-9C7F0CC18475}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DD7096C-EB31-4EBF-9E9E-AA78C506DC98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9CF6BCCA-7662-40C6-852B-487C19CCFA55}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A03D2494-3128-48F3-82A2-02AF659001BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BDF3AB9-AB3B-4F3E-94F0-EFCCDE8A4634}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EEE99544-2470-4C6D-864E-860A584738FF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8DBA0827-F45B-4699-8F87-42DB8692DAC8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{03F669DF-BB27-496B-AD06-83FD6B6C33C9}] => (Allow) C:\Users\andrej\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{2263A5AC-3EAF-4A53-BF50-943F9C0C7A6D}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41162.exe] => (Block) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41162.exe
FirewallRules: [UDP Query User{31EB577C-3618-42D0-8D00-ED0873CA3EBE}C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41162.exe] => (Block) C:\users\andrej\appdata\roaming\utorrent\updates\3.4.5_41162.exe
FirewallRules: [{6E310E0B-EB1B-4732-83D3-C474F494F6A7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2CE9835A-A5A9-4DD8-A9D4-ECBA81142F37}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{422ED6BB-A816-4524-A637-DBD13C1E4737}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{02C2CD8E-6AB3-428D-9142-43E686394B67}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5F9AEFB5-D5E8-4978-8CD1-4098DFC0F116}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3BEAF971-6795-415D-AC90-37C9299532E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2015 10:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3731703
 
Error: (10/02/2015 10:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3731703
 
Error: (10/02/2015 10:56:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/02/2015 06:51:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.3.2225.1181, time stamp: 0x55d36220
Faulting module name: HTMLayout.dll, version: 3.3.2.170, time stamp: 0x550afee5
Exception code: 0xc000041d
Fault offset: 0x00289d10
Faulting process id: 0x191c
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3
Faulting package full name: avastui.exe4
Faulting package-relative application ID: avastui.exe5
 
Error: (10/02/2015 06:50:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avastui.exe, version: 10.3.2225.1181, time stamp: 0x55d36220
Faulting module name: HTMLayout.dll, version: 3.3.2.170, time stamp: 0x550afee5
Exception code: 0xc0000005
Fault offset: 0x00289d10
Faulting process id: 0x191c
Faulting application start time: 0xavastui.exe0
Faulting application path: avastui.exe1
Faulting module path: avastui.exe2
Report Id: avastui.exe3
Faulting package full name: avastui.exe4
Faulting package-relative application ID: avastui.exe5
 
Error: (10/01/2015 11:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15453
 
Error: (10/01/2015 11:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15453
 
Error: (10/01/2015 11:46:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/01/2015 06:28:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17844 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 175c
 
Start Time: 01d0fc49a87a0b8a
 
Termination Time: 31
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 703ac01f-6859-11e5-8276-0025225c39fb
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/29/2015 11:56:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15547
 
 
System errors:
=============
Error: (10/02/2015 09:16:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
%%0
 
Error: (10/02/2015 07:29:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:29:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:29:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:29:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:29:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:29:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:29:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:29:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:29:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 31%
Total physical RAM: 8183.05 MB
Available physical RAM: 5611.27 MB
Total Virtual: 9463.05 MB
Available Virtual: 6147.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:683.25 GB) (Free:159.61 GB) NTFS
Drive d: (20150329_1340) (CDROM) (Total:28.89 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:247.92 GB) (Free:203.03 GB) NTFS
Drive g: (16.0.4266.1003) (CDROM) (Total:2.26 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2FBD3227)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=683.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=247.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 03 October 2015 - 05:29 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: sh.PNG
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Shortcut.txt) in the same directory the tool was run from.
    Please copy and paste the content of Shortcut.txt in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 blinksi

blinksi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2015 - 05:45 AM

I can't post the text.. idk why?

 

KqKCc2A.png

 

I'm new on this forum and i don't know what i'm doing wrong.


Edited by blinksi, 03 October 2015 - 05:49 AM.


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 03 October 2015 - 05:48 AM

attachlogs.png
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 blinksi

blinksi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 03 October 2015 - 05:51 AM

Hope it works now.

 

Attached Files


Edited by blinksi, 03 October 2015 - 05:51 AM.


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 03 October 2015 - 06:06 AM

 

If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:00 AM

Posted 08 October 2015 - 04:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users