Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bios infection / possible virus / rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 MagicTux

MagicTux

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 15 April 2016 - 10:05 AM

Yo guys

I'm in serious trouble but I'm not sure if this is the right place to do a thread but I'm struggling with some kind of BIOS/UEFI rootkit.

I have for a while been getting weird entries in the Rootkit/Malware tab in Gmer. I have also noticed some strange executables running among processes.
All described as Windows services but you could easily see that those executables didn't belong to a clean Windows 7 install.

I have been using DBAN to wipe all disks, formatted them and reinstalled but I keep getting infected. All above mentioned returns.
To ensure that I'm infected I have compared processes running in the Task Manager with my neighbour. He has almost the same setup as me but most importantly he has the same motherboard as I.

We've compared the DMI information inside the BIOS and we can confirm that mine has been modified. My problem is that if I try to reflash the motherboard through USB it seems like the Virus/Rootkit just will write to the USB and execute its own code cause a USB is writable.

With that said I have also been working on making a bootable DOS-CD with a new BIOS version and a DOS Flash Utility with no success either. It's like the DOS can't read the files from the CD, even though I meddle a little with CONFIG.SYS and AUTOEXEC.BAT. It's like the DOS can't find any cd drivers.

Another mysterious thing that indicates infection is when I set the clear CMOS jumper or clear CMOS button with no effect, it looks like that the motherboard resets and runs normally for 3-5 seconds, and then it executes some other code.

A reason for me believing it runs another code is that I am using a Corsair H100i water cooling kit which you can't change the LED color on, unless you install Corsair Link in Windows and change the LED color.
When I reset the CMOS and want to boot, it lights up the cooler LED as white, as it should per default, if you don't change the color in Corsair Link it should show a damn white light! But then after 3-5 seconds the LED lights turns up as red. If I go to my neighbour with exact same motherboard, CPU and cooler the LED light is white all the time.

In the BIOS you have two functions, GO2BIOS and boot BIOS from file if I use the first function it just reboots to the screen where I can either enter BIOS or Boot Menu by pressing F2 or F11.
If I use the boot BIOS from file I get an error saying "The data mapping running is different from the BIOS you want to boot, if you press enter your system might not start." If I press enter it just reboots to the same screen as mentioned above.

Should the two functions act like that? Or is it the Rootkit messing things up?
I think my laptop has been infected too. Any feedback would be awesome since I'm becoming quite desperate!


Edited by MagicTux, 15 April 2016 - 05:01 PM.


BC AdBot (Login to Remove)

 


#2 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 18 April 2016 - 01:49 PM

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 01
Ran by TM (administrator) on TM-PC (18-04-2016 21:05:33)
Running from C:\Users\TM\Desktop
Loaded Profiles: TM (Available Profiles: TM)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\TM\AppData\Local\Akamai\netsession_win.exe
() C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
(Akamai Technologies, Inc.) C:\Users\TM\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\TM\Desktop\n6vfg5fm.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8628224 2014-10-30] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [Akamai NetSession Interface] => C:\Users\TM\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [MP3 Skype recorder] => C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1561472 2015-02-11] ()
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [pwPresnenter] => E:\QPresenter-02b1\pwPresenter.exe
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [TinyTake by MangoApps] => C:\Users\TM\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake by MangoApps.exe [362584 2015-10-13] (MangoApps)
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2015-11-26]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43E9F581-3009-4BE4-9121-90729B64085E}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A368D551-AA72-4802-B9C5-8B9F3E8E1366}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2868644708-361947219-3011323284-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2868644708-361947219-3011323284-1000 -> DefaultScope {B7376A68-3C7C-47F7-944B-1B08485FC38F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2868644708-361947219-3011323284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2868644708-361947219-3011323284-1000 -> {B7376A68-3C7C-47F7-944B-1B08485FC38F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-14] (Oracle Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-14] (Oracle Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: delta-homes
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2868644708-361947219-3011323284-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\TM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Codebender.cc Plugin - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\codebender@codebender.cc [2016-03-08]
FF Extension: British English Dictionary (Updated) - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\Extensions\en-gb@flyingtophat.co.uk [2015-04-28] [not signed]
FF Extension: BetterTTV - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\Extensions\firefox@betterttv.net.xpi [2016-01-28]
FF Extension: Adblock Plus - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\cg95lmf7.default-1416079236148\extensions\detgdp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\sweetsearch@gmail.com => not found

Chrome:
=======
CHR Profile: C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Præsentation) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Dokumenter) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drev) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google-søgning) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Google Ark) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - C:\Users\TM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [317032 2014-08-22] (Intel Corporation)
R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2013-08-20] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-10-30] (Broadcom Corporation) [File not signed]
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316120 2014-08-18] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-06-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2013-08-20] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3603424 2014-02-04] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [35344 2014-10-30] (CACE Technologies, Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-04-07] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-16] ()
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64; C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [48784 2014-12-13] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 pxldipoc; \??\C:\Users\TM\AppData\Local\Temp\pxldipoc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 21:05 - 2016-04-18 21:05 - 00021341 _____ C:\Users\TM\Desktop\FRST.txt
2016-04-18 21:04 - 2016-04-18 21:05 - 00000000 ____D C:\FRST
2016-04-18 21:04 - 2016-04-18 21:04 - 02375680 _____ (Farbar) C:\Users\TM\Desktop\FRST64.exe
2016-04-18 20:52 - 2016-04-18 20:52 - 00372512 _____ () C:\Users\TM\Desktop\NoBot.exe
2016-04-18 20:52 - 2016-04-18 20:52 - 00000000 ____D C:\NoBot
2016-04-17 22:29 - 2016-04-17 22:29 - 00000993 _____ C:\Users\Public\Desktop\WinImage (administrator).lnk
2016-04-17 22:29 - 2016-04-17 22:29 - 00000961 _____ C:\Users\Public\Desktop\WinImage.lnk
2016-04-17 22:29 - 2016-04-17 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinImage
2016-04-17 22:29 - 2016-04-17 22:29 - 00000000 ____D C:\Program Files (x86)\WinImage
2016-04-16 13:57 - 2016-04-16 13:57 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-16 13:56 - 2016-04-16 13:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-16 13:51 - 2016-04-16 13:52 - 24003656 _____ C:\Users\TM\Desktop\RogueKillerX64.exe
2016-04-16 13:34 - 2016-04-16 13:34 - 00380928 _____ C:\Users\TM\Desktop\n6vfg5fm.exe
2016-04-16 13:28 - 2016-04-16 13:28 - 06206564 _____ C:\Users\TM\Desktop\7821v19.zip
2016-04-15 14:56 - 2016-04-15 17:47 - 00000404 __RSH C:\ProgramData\ntuser.pol
2016-04-15 14:47 - 2016-04-18 00:26 - 00000000 ____D C:\Users\TM\Desktop\Mo
2016-04-15 06:43 - 2016-04-15 06:43 - 01235221 _____ C:\Users\TM\Desktop\Report Med3-6-E15.pdf
2016-04-15 06:38 - 2016-04-15 06:38 - 01228841 _____ C:\Users\TM\Desktop\Report second final draft.pdf
2016-04-15 06:36 - 2016-04-15 06:36 - 00087802 _____ C:\Users\TM\Desktop\receipt.pdf
2016-04-15 04:06 - 2016-04-15 04:06 - 00160636 _____ C:\Users\TM\Desktop\reportTemplate.pdf
2016-04-15 02:16 - 2016-04-15 02:16 - 00050340 _____ C:\Users\TM\Desktop\VijayaManerikar_SumeetManerikar.pdf
2016-04-15 01:45 - 2016-04-15 01:50 - 00201942 _____ C:\Users\TM\Desktop\QAQA.pdf
2016-04-14 16:35 - 2016-04-14 16:35 - 00067521 _____ C:\Users\TM\Desktop\Prensky-Marc-2005 .pdf
2016-04-14 16:31 - 2016-04-14 16:31 - 01562606 _____ C:\Users\TM\Desktop\Theory_HenryJenkins_GameDesignNarrativeArchitecture.pdf
2016-04-14 16:14 - 2016-04-14 16:14 - 00786764 _____ C:\Users\TM\Desktop\1989_McAuleyDuncanandTammen_PsychometricPropertiesofIMIinSport.pdf
2016-04-14 15:10 - 2016-04-14 15:10 - 01027733 _____ C:\Users\TM\Desktop\1-s2.0-S095354380900109X-main.pdf
2016-04-14 13:08 - 2015-06-22 03:27 - 14211195 _____ C:\Users\TM\Desktop\INTERACTION DESIGN 3rd edition.pdf
2016-04-13 21:02 - 2016-04-13 21:02 - 00014871 _____ C:\Users\TM\Desktop\random ting 1.xlsx
2016-04-13 19:45 - 2016-04-13 19:45 - 139350013 _____ C:\Users\TM\Desktop\Field & Hole How to Design and Report Experiments.pdf
2016-04-13 17:16 - 2016-04-13 17:16 - 00719190 _____ C:\Users\TM\Desktop\p249-vandijk.pdf
2016-04-13 17:12 - 2016-04-13 17:12 - 00384692 _____ C:\Users\TM\Desktop\eurasia_v6n3_leng.pdf
2016-04-13 17:10 - 2016-04-13 17:10 - 00084231 _____ C:\Users\TM\Desktop\1-s2.0-S0091743500907357-main.pdf
2016-04-13 17:08 - 2016-04-13 17:08 - 00234189 _____ C:\Users\TM\Desktop\1-s2.0-S2211335514000096-main.pdf
2016-04-13 17:06 - 2016-04-13 17:06 - 00393784 _____ C:\Users\TM\Desktop\1479-5868-8-103.pdf
2016-04-13 17:02 - 2016-04-13 17:02 - 00217223 _____ C:\Users\TM\Desktop\1-s2.0-S0749379705001108-main.pdf
2016-04-13 16:51 - 2016-04-13 16:51 - 00259776 _____ C:\Users\TM\Desktop\Physical Activity Enjoyment Scale Short Form Does It Fit for Children.pdf
2016-04-13 16:33 - 2016-04-13 16:33 - 00661483 _____ C:\Users\TM\Desktop\Young Childrens Enjoyment of Physical Activity.pdf
2016-04-13 16:31 - 2016-04-13 16:31 - 00068449 _____ C:\Users\TM\Desktop\nihms98507.pdf
2016-04-13 16:23 - 2016-04-13 16:23 - 00135850 _____ C:\Users\TM\Desktop\pms%2E2000%2E90%2E2%2E601.pdf
2016-04-13 15:21 - 2016-04-13 15:21 - 00132922 _____ C:\Users\TM\Desktop\Questionnaire.pdf
2016-04-13 14:18 - 2016-04-14 13:19 - 00439864 _____ C:\Users\TM\Desktop\p9-hanna.pdf
2016-04-13 11:06 - 2016-04-13 11:06 - 06503237 _____ C:\Users\TM\Desktop\Lecture4-2016 version.pdf
2016-04-13 10:04 - 2016-04-04 20:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 10:04 - 2016-04-04 20:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 10:04 - 2016-04-02 15:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 10:04 - 2016-03-31 21:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 10:04 - 2016-03-31 20:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 10:04 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 10:04 - 2016-03-31 02:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 10:04 - 2016-03-31 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 10:04 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 10:04 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 10:04 - 2016-03-31 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 10:04 - 2016-03-31 02:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 10:04 - 2016-03-31 02:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 10:04 - 2016-03-31 02:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 10:04 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 10:04 - 2016-03-31 02:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 10:04 - 2016-03-31 02:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 10:04 - 2016-03-31 02:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 10:04 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 10:04 - 2016-03-31 02:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 10:04 - 2016-03-31 02:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 10:04 - 2016-03-31 02:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 10:04 - 2016-03-31 02:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 10:04 - 2016-03-31 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 10:04 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 10:04 - 2016-03-31 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 10:04 - 2016-03-31 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 10:04 - 2016-03-31 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 10:04 - 2016-03-31 01:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 10:04 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 10:04 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 10:04 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 10:04 - 2016-03-31 01:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 10:04 - 2016-03-31 01:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 10:04 - 2016-03-31 01:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 10:04 - 2016-03-31 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 10:04 - 2016-03-31 01:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 10:04 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 10:04 - 2016-03-31 01:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 10:04 - 2016-03-31 01:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 10:04 - 2016-03-31 01:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 10:04 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 10:04 - 2016-03-31 01:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 10:04 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 10:04 - 2016-03-31 01:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 10:04 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 10:04 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 10:04 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 10:04 - 2016-03-31 01:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 10:04 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 10:04 - 2016-03-31 01:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 10:04 - 2016-03-31 01:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 10:04 - 2016-03-31 01:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 10:04 - 2016-03-31 01:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 10:04 - 2016-03-31 01:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 10:04 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 10:04 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 10:04 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 10:04 - 2016-03-31 01:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 10:04 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 10:04 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 10:04 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 10:04 - 2016-03-31 01:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 10:04 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 10:04 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 10:04 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 10:04 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 10:04 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 10:04 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 10:04 - 2016-03-29 19:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 10:04 - 2016-03-23 16:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 10:04 - 2016-03-18 01:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 10:04 - 2016-03-18 01:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 10:04 - 2016-03-18 01:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 10:04 - 2016-03-18 01:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 10:04 - 2016-03-18 01:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 10:04 - 2016-03-18 01:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 10:04 - 2016-03-18 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 10:04 - 2016-03-18 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 10:04 - 2016-03-18 00:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 10:04 - 2016-03-18 00:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 10:04 - 2016-03-18 00:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 10:04 - 2016-03-18 00:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 10:04 - 2016-03-18 00:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 10:04 - 2016-03-18 00:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 10:04 - 2016-03-18 00:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 10:04 - 2016-03-18 00:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 10:04 - 2016-03-18 00:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 10:04 - 2016-03-18 00:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 10:04 - 2016-03-18 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 10:04 - 2016-03-18 00:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 10:04 - 2016-03-18 00:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 10:04 - 2016-03-18 00:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 10:04 - 2016-03-18 00:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 10:04 - 2016-03-18 00:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 10:04 - 2016-03-18 00:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 10:04 - 2016-03-18 00:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 10:04 - 2016-03-18 00:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 10:04 - 2016-03-18 00:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 10:04 - 2016-03-18 00:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 10:04 - 2016-03-18 00:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 10:04 - 2016-03-18 00:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 10:04 - 2016-03-18 00:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 10:04 - 2016-03-18 00:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 10:04 - 2016-03-18 00:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 10:04 - 2016-03-18 00:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 10:04 - 2016-03-18 00:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 10:04 - 2016-03-18 00:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 10:04 - 2016-03-18 00:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 10:04 - 2016-03-18 00:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 10:04 - 2016-03-18 00:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 10:04 - 2016-03-18 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 10:04 - 2016-03-18 00:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 10:04 - 2016-03-18 00:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 10:04 - 2016-03-18 00:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 10:04 - 2016-03-17 23:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 10:04 - 2016-03-17 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 10:04 - 2016-03-17 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 10:04 - 2016-03-17 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 10:04 - 2016-03-17 23:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 10:04 - 2016-03-17 23:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 10:04 - 2016-03-17 23:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 10:04 - 2016-03-17 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 10:04 - 2016-03-17 23:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 10:04 - 2016-03-17 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 10:04 - 2016-03-17 23:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 10:04 - 2016-03-17 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 10:04 - 2016-03-17 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 10:04 - 2016-03-17 23:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 10:04 - 2016-03-17 23:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 10:04 - 2016-03-17 23:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 10:04 - 2016-03-17 23:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 10:04 - 2016-03-17 23:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 10:04 - 2016-03-17 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 10:04 - 2016-03-17 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 10:04 - 2016-03-17 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 10:04 - 2016-03-17 20:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 10:04 - 2016-03-17 20:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 10:04 - 2016-03-17 20:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 10:04 - 2016-03-17 20:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 10:04 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 10:04 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 10:04 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 10:04 - 2016-03-16 02:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 10:04 - 2016-03-16 02:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 10:04 - 2016-03-16 01:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 10:04 - 2016-03-11 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 10:04 - 2016-03-11 20:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 10:04 - 2016-03-06 20:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 10:04 - 2016-03-06 20:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 10:04 - 2016-03-06 20:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 10:04 - 2016-03-06 20:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 10:04 - 2016-02-05 21:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-04-13 10:04 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 10:04 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 10:04 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 10:04 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 10:04 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 10:04 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 09:40 - 2016-04-13 09:40 - 03977109 _____ C:\Users\TM\Desktop\Lecture11-2016 version.pdf
2016-04-13 09:36 - 2016-04-13 09:36 - 04009263 _____ C:\Users\TM\Desktop\Lecture2-2016.pdf
2016-04-12 09:47 - 2016-04-12 09:47 - 00193210 _____ C:\Users\TM\Desktop\Brev_fra_Region_Syddanmark.PDF
2016-04-12 09:29 - 2016-04-12 09:29 - 00168370 _____ C:\Users\TM\Desktop\p924-monk(1).pdf
2016-04-12 09:20 - 2016-04-14 16:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 13:17 - 2016-04-11 13:17 - 00168370 _____ C:\Users\TM\Desktop\p924-monk.pdf
2016-04-09 10:43 - 2016-04-09 10:43 - 00034093 _____ C:\Users\TM\Desktop\n4.pdf
2016-04-09 10:42 - 2016-04-09 10:42 - 00023786 _____ C:\Users\TM\Desktop\n80.pdf
2016-04-07 13:55 - 2016-04-11 09:04 - 04674472 _____ C:\Users\TM\Desktop\Lecture10-2016 version.pdf
2016-04-07 12:44 - 2016-04-07 12:54 - 00000000 ____D C:\Users\TM\Desktop\Arduino
2016-04-06 14:06 - 2016-04-06 14:06 - 00832131 _____ C:\Users\TM\Desktop\unov3pdf.pdf
2016-04-06 14:04 - 2016-04-06 14:04 - 00033516 _____ C:\Users\TM\Desktop\arduino-uno-schematic.pdf
2016-04-06 14:01 - 2016-04-06 14:01 - 00041427 _____ C:\Users\TM\Desktop\KY031+code.pdf
2016-04-05 21:59 - 2016-04-05 22:00 - 06470612 _____ C:\Users\TM\Desktop\Lecture3-2016.pdf
2016-03-28 13:51 - 2016-03-29 14:27 - 00598408 _____ C:\Users\TM\Desktop\PCSS_Example Exam Questions.pdf
2016-03-24 11:49 - 2016-03-24 11:49 - 00106988 _____ C:\Users\TM\Desktop\joc05105_772_778.pdf
2016-03-24 10:25 - 2016-03-24 10:25 - 00108733 _____ C:\Users\TM\Desktop\Health Educ. Res.-2009-Vogel-1043-50 adolescents have hearing loss.pdf
2016-03-23 11:42 - 2016-03-23 12:38 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2016-03-23 11:42 - 2016-03-23 11:42 - 00462174 _____ C:\Users\TM\Desktop\ASIO4ALL_2_13_English.exe
2016-03-23 11:42 - 2016-03-23 11:42 - 00000000 ____D C:\Users\TM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2016-03-23 11:36 - 2016-03-23 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pd-extended
2016-03-23 11:36 - 2012-11-27 19:05 - 05405480 _____ C:\Windows\SysWOW64\libgavl-1.dll
2016-03-23 11:36 - 2012-11-27 18:48 - 00227830 _____ C:\Windows\SysWOW64\libpng-3.dll
2016-03-23 11:36 - 2012-11-27 18:48 - 00223734 _____ C:\Windows\SysWOW64\libpng12-0.dll
2016-03-23 11:36 - 2012-10-22 15:14 - 00591381 _____ C:\Windows\SysWOW64\libsndfile-1.dll
2016-03-23 11:36 - 2012-10-21 22:57 - 00362501 _____ C:\Windows\SysWOW64\libcurl-4.dll
2016-03-23 11:36 - 2012-10-20 21:41 - 00326482 _____ C:\Windows\SysWOW64\libtheora-0.dll
2016-03-23 11:36 - 2012-10-20 21:41 - 00274689 _____ C:\Windows\SysWOW64\libtheoraenc-1.dll
2016-03-23 11:36 - 2012-10-20 21:41 - 00108867 _____ C:\Windows\SysWOW64\libtheoradec-1.dll
2016-03-23 11:36 - 2012-10-20 21:31 - 01641255 _____ C:\Windows\SysWOW64\libvorbisenc-2.dll
2016-03-23 11:36 - 2012-10-20 21:31 - 00201488 _____ C:\Windows\SysWOW64\libvorbis-0.dll
2016-03-23 11:36 - 2012-10-20 21:31 - 00063120 _____ C:\Windows\SysWOW64\libvorbisfile-3.dll
2016-03-23 11:36 - 2012-10-20 19:59 - 00041498 _____ C:\Windows\SysWOW64\libogg-0.dll
2016-03-23 11:36 - 2012-10-20 11:33 - 01178108 _____ C:\Windows\SysWOW64\libx264-116.dll
2016-03-23 11:36 - 2012-10-20 11:33 - 00176340 _____ C:\Windows\SysWOW64\libopenjpeg-2.dll
2016-03-23 11:36 - 2012-10-20 11:24 - 00172274 _____ C:\Windows\SysWOW64\libdca-0.dll
2016-03-23 11:36 - 2012-10-20 11:15 - 00014999 _____ C:\Windows\SysWOW64\libtiffxx-3.dll
2016-03-23 11:36 - 2012-10-20 11:14 - 00348710 _____ C:\Windows\SysWOW64\libtiff-3.dll
2016-03-23 11:36 - 2012-10-20 11:06 - 00201706 _____ C:\Windows\SysWOW64\libjpeg.dll
2016-03-23 11:36 - 2012-10-20 00:39 - 01736059 _____ C:\Windows\SysWOW64\libfftw3-3.dll
2016-03-23 11:36 - 2012-10-20 00:18 - 01701533 _____ C:\Windows\SysWOW64\libfftw3f-3.dll
2016-03-23 11:36 - 2012-10-19 23:38 - 00381298 _____ C:\Windows\SysWOW64\libmp3lame-0.dll
2016-03-23 11:36 - 2012-10-19 21:34 - 00667958 _____ C:\Windows\SysWOW64\libfreetype-6.dll
2016-03-23 11:36 - 2012-10-19 21:30 - 00010752 _____ C:\Windows\SysWOW64\libdl.dll
2016-03-23 11:36 - 2012-05-13 03:01 - 00101390 _____ C:\Windows\SysWOW64\libz-1.dll
2016-03-23 11:36 - 2012-03-31 13:24 - 01019406 _____ C:\Windows\SysWOW64\libstdc++-6.dll
2016-03-23 11:36 - 2012-03-31 13:24 - 00117248 _____ C:\Windows\SysWOW64\libgcc_s_dw2-1.dll
2016-03-23 11:36 - 2011-09-18 16:45 - 00086030 _____ C:\Windows\SysWOW64\libbz2-2.dll
2016-03-23 11:36 - 2011-05-20 17:51 - 00094300 _____ (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.dll
2016-03-23 11:36 - 2007-05-07 15:54 - 00076800 _____ C:\Windows\SysWOW64\libgnurx-0.dll
2016-03-23 11:35 - 2016-03-23 11:36 - 00000000 ____D C:\Program Files (x86)\pd
2016-03-23 11:35 - 2013-01-24 04:36 - 00042971 _____ C:\Windows\SysWOW64\pdreceive.exe
2016-03-23 11:35 - 2013-01-24 04:36 - 00035836 _____ C:\Windows\SysWOW64\pdsend.exe
2016-03-23 11:35 - 2012-12-28 11:01 - 00037587 _____ C:\Windows\SysWOW64\cyclist.exe
2016-03-23 11:34 - 2016-03-23 11:34 - 44660842 _____ (puredata.info ) C:\Users\TM\Desktop\Pd-0.43.4-extended-windowsxp-i386.exe
2016-03-22 15:32 - 2016-03-22 15:32 - 00013761 _____ C:\Users\TM\Desktop\Skatteopgørelse 2015.pdf
2016-03-22 14:35 - 2016-03-22 14:35 - 00000000 ____D C:\Windows\jack
2016-03-22 14:35 - 2016-03-22 14:35 - 00000000 ____D C:\Users\TM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jack
2016-03-22 14:24 - 2016-03-22 14:35 - 00000000 ____D C:\Program Files (x86)\Jack
2016-03-22 14:23 - 2016-03-22 14:24 - 29185211 _____ C:\Users\TM\Desktop\Jack_v1.9.10_64_setup.exe
2016-03-22 11:08 - 2016-03-22 11:08 - 00270320 _____ C:\Users\TM\Desktop\Sociology-1971-Bechhofer-422-3.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 21:01 - 2015-09-20 20:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-18 20:57 - 2014-11-07 10:34 - 00000000 ____D C:\Users\TM\AppData\Roaming\Skype
2016-04-18 15:18 - 2014-11-10 15:34 - 00000000 ____D C:\Users\TM\AppData\Local\Battle.net
2016-04-18 15:18 - 2014-11-10 15:34 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-18 14:34 - 2009-07-14 06:45 - 00026512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-18 14:34 - 2009-07-14 06:45 - 00026512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-17 11:01 - 2011-04-12 11:42 - 00512404 _____ C:\Windows\system32\perfh006.dat
2016-04-17 11:01 - 2011-04-12 11:42 - 00099656 _____ C:\Windows\system32\perfc006.dat
2016-04-17 11:01 - 2009-07-14 07:13 - 01387022 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-17 11:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-17 10:57 - 2015-12-07 10:24 - 00003562 _____ C:\Windows\System32\Tasks\TinyTakeUpgrade
2016-04-17 10:57 - 2015-05-13 10:01 - 00000145 _____ C:\HaxLogs.txt
2016-04-17 10:57 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-16 14:45 - 2014-12-03 21:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-15 22:46 - 2015-09-27 15:36 - 00000000 ____D C:\Windows\rescache
2016-04-15 14:56 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-15 14:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-04-15 01:37 - 2015-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-14 23:47 - 2015-09-07 09:15 - 00000000 ____D C:\Users\TM\Desktop\Semester 3
2016-04-14 17:19 - 2016-03-15 01:40 - 00000000 ____D C:\Users\TM\Desktop\New report references
2016-04-14 16:18 - 2015-05-28 14:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 16:18 - 2009-07-14 06:45 - 00435120 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 16:17 - 2014-12-11 22:04 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-14 16:12 - 2014-10-30 18:38 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 16:09 - 2014-10-30 18:38 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-14 01:45 - 2010-11-21 05:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-13 18:15 - 2015-03-27 22:42 - 00000000 ____D C:\Users\TM\AppData\Roaming\TS3Client
2016-04-09 11:01 - 2015-09-20 20:03 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-09 11:01 - 2015-09-20 20:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-09 11:01 - 2015-09-20 20:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 13:33 - 2016-02-14 14:17 - 00000000 ____D C:\Users\TM\Documents\Arduino
2016-04-06 11:56 - 2016-01-13 16:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-06 11:56 - 2014-11-07 10:34 - 00000000 ____D C:\ProgramData\Skype
2016-04-06 11:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-01 10:24 - 2016-02-08 13:52 - 00000000 ____D C:\Users\TM\Desktop\Semester 4
2016-04-01 09:47 - 2015-05-28 14:06 - 00117856 _____ C:\Users\TM\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-29 14:15 - 2015-09-21 10:41 - 00000000 ____D C:\Users\TM\IdeaProjects
2016-03-22 15:29 - 2014-11-07 10:16 - 00000000 ____D C:\Users\TM\AppData\Roaming\vlc
2016-03-22 14:42 - 2015-05-29 08:51 - 00000000 ____D C:\Users\TM\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-05-06 09:28 - 2015-06-01 12:45 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-07-10 08:16 - 2014-07-10 08:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-06-24 10:41 - 2015-06-24 10:41 - 0000020 _____ () C:\Users\TM\AppData\Roaming\appdataFr2.bin
2015-12-20 19:36 - 2015-12-20 19:37 - 0003584 _____ () C:\Users\TM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-20 17:03 - 2015-12-20 17:03 - 0005184 _____ () C:\Users\TM\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\TM\temp.dat


Some files in TEMP:
====================
C:\Users\TM\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 01:07

==================== End of FRST.txt ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by TM (2016-04-18 21:06:01)
Running from C:\Users\TM\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2014-10-30 13:40:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2868644708-361947219-3011323284-500 - Administrator - Disabled)
Gæst (S-1-5-21-2868644708-361947219-3011323284-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2868644708-361947219-3011323284-1002 - Limited - Enabled)
TM (S-1-5-21-2868644708-361947219-3011323284-1000 - Administrator - Enabled) => C:\Users\TM

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Altitude (HKLM-x32\...\Steam App 41300) (Version:  - Nimbly Games)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Aseprite 1.0.5 (HKLM-x32\...\{11AD6B99-637C-47B7-8925-A541A95AC1F0}_is1) (Version:  - David Capello)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden
Autodesk Mudbox 2015 (HKLM\...\Autodesk Mudbox 2015) (Version: 9.0.0.1383 - Autodesk)
Autodesk Mudbox 2015 (Version: 9.0.0.1383 - Autodesk) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.181 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.8.1124 - Foxit Software Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Git version 2.5.2.2 (HKLM\...\Git_is1) (Version: 2.5.2.2 - The Git Development Community)
GitHub (HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\5f7eb300e2ea4ebf) (Version: 3.0.9.0 - GitHub, Inc.)
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.4.2 - Greenfoot Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.0.01.09151 - Sony Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3324 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
IntelliJ IDEA Community Edition 15.0.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 15.0.1) (Version: 143.382.35 - JetBrains s.r.o.)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Kinect for Windows Developer Toolkit v1.8.0 (HKLM\...\{44E46B4E-CB12-42A9-8784-BBE390EB9C0B}) (Version: 1.8.0.572 - Microsoft Corporation)
Kinect for Windows Drivers v1.8 (HKLM\...\{AA62B868-5D5C-46CF-BA88-386BE71D4F87}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows Runtime v1.8 (HKLM\...\{2700FAD3-F82C-4ED1-862C-5F425B2A88E6}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows SDK v1.8 (HKLM\...\{6702DAC4-51E7-440C-8012-9C0AE9D524DB}) (Version: 1.8.0.595 - Microsoft Corporation)
Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.5.0.0 - Lightworks)
Microsoft .NET Framework 4.6.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Office Professionel Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.2 (x86 da) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 da)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{9D33E74E-3799-4343-9F16-13AFF983366C}) (Version: 4.11.1.0 - Alexander Nikiforov)
Mumble 1.2.8 (HKLM-x32\...\{B36AA3DF-CE93-46B8-95C1-021DCF47B53B}) (Version: 1.2.8 - Thorvald Natvig)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.5 - NETGEAR)
Pd-0.43.4-extended (HKLM-x32\...\pd_is1) (Version:  - puredata.info)
Python 2.7 numpy-1.6.1 (HKLM-x32\...\numpy-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
sbt (HKLM-x32\...\{CE07BE71-510D-414A-92D4-DFF47631848A}) (Version: 0.13.9.1 - Typesafe, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Soldat 1.7.0 (HKLM-x32\...\Soldat_is1) (Version: 1.7.0 - Michal Marcinkowski)
SourceTree (HKLM-x32\...\SourceTree 1.6.20) (Version: 1.6.20 - Atlassian)
SourceTree (x32 Version: 1.6.20 - Atlassian) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.9.2014.1 - SteelSeries)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TinyTake by MangoApps (HKLM-x32\...\{cbb7c584-20c0-4426-9921-ac1cc52ff54d}) (Version: 4.0.1 - MangoApps)
TinyTake by MangoApps (x32 Version: 4.0.1 - MangoApps) Hidden
Town of Salem (HKLM-x32\...\Steam App 334230) (Version:  - BlankMediaGames)
Unity (HKLM-x32\...\Unity) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2868644708-361947219-3011323284-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Adafruit Industries LLC (usbser) Ports  (05/06/2014 6.2.2600.0) (HKLM\...\DCB075664682927C9BBCC4197B223FD46536AC11) (Version: 05/06/2014 6.2.2600.0 - Adafruit Industries LLC)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows Driver Package - ATMEL, Inc. (usbser) Ports  (01/08/2013 6.0.0.0) (HKLM\...\0ED695C81FAE1F3FF0020BB04E14E01EC7AFA041) (Version: 01/08/2013 6.0.0.0 - ATMEL, Inc.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (07/12/2013 2.08.30) (HKLM\...\22CCD58B53472BE3FCAFF05631111C4062959A43) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (07/12/2013 2.08.30) (HKLM\...\BD00013670D26C16E19F284BF8E15DAF813497C7) (Version: 07/12/2013 2.08.30 - FTDI)
Windows Driver Package - LightUp (usbser) Ports  (04/01/2014 1.1.0.0) (HKLM\...\7C0ED5A12A230FF7D0EE5DB7580F3FC9B888E410) (Version: 04/01/2014 1.1.0.0 - LightUp)
Windows Driver Package - SparkFun Electronics (usbser) Ports  (10/27/2014 5.1.2600.0) (HKLM\...\AF341C2811B6988C95D1BE33E4541B80FBEEC07E) (Version: 10/27/2014 5.1.2600.0 - SparkFun Electronics)
Windows Driver Package - wch.cn (CH341SER_A64) Ports  (08/08/2014 3.4.2014.08) (HKLM\...\E46668F0267651C248944766291791B0DEF36F1D) (Version: 08/08/2014 3.4.2014.08 - wch.cn)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-driverpakke - BirdBrain Technologies LLC (www.birdbraintechnologies.com) Hummingbird Duo USB Driver (12/03/2014 0.1.0.0) (HKLM\...\D3CF67D79398A460216FE982E95D3F3ED9D00969) (Version: 12/03/2014 0.1.0.0 - BirdBrain Technologies LLC (www.birdbraintechnologies.com))
Windows-driverpakke - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows-driverpakke - libusbK AVRISP mkII (04/27/2014 3.0.7.0) (HKLM\...\053CDDAAECC24EBC2DB6F865540D8056F5FE3FCA) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows-driverpakke - libusbK USBasp (04/27/2014 3.0.7.0) (HKLM\...\B5255A6AF36AB651D9EFB929ACA27523F06F35E5) (Version: 04/27/2014 3.0.7.0 - libusbK)
Windows-driverpakke - libusbK USBTinyISP (04/27/2014 3.0.7.0) (HKLM\...\DE72E36F3DC9C272561882EBE57C16AD6CA1A9CE) (Version: 04/27/2014 3.0.7.0 - libusbK)
WinImage (HKLM-x32\...\WinImage) (Version:  - )
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version:  - Xvid Development Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2868644708-361947219-3011323284-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TM\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E49D58-66C5-4119-8430-5246D62162F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {664D81FA-F6D6-4047-98CB-BD14461CB8BD} - System32\Tasks\TinyTakeUpgrade => C:\Users\TM\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe [2015-10-13] (MangoApps Inc.)
Task: {7925A4A3-8AA9-4880-88C3-D5B5EAF87BAC} - System32\Tasks\{3C7969FA-C782-4052-A5E4-85D4B87CCCDB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -c -runfromtemp -removeonly
Task: {7F8CCED8-865F-4436-902D-1BC1BAD69725} - System32\Tasks\{9E350745-2739-467C-A59B-9EAA21118027} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MOV Converter 6\Uninstall.exe"
Task: {84261EE5-AB17-4007-8B4D-8B390B8F9F12} - System32\Tasks\{3C21593B-89C8-4768-9F40-5F9BDF2B875E} => pcalua.exe -a C:\ProgramData\DealsFactor\DealsFactor.exe -c /progname=DealsFactor /progver=3.4.2 /progpub=DealsFactor /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
Task: {97A090F6-7729-4C96-ADE5-F17E9B0401DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-26 10:21 - 2014-08-18 18:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-11-20 21:09 - 2015-02-27 15:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2015-02-11 02:41 - 2015-02-11 02:41 - 01561472 _____ () C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
2015-11-26 10:21 - 2014-12-11 19:48 - 08397536 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2016-04-16 13:34 - 2016-04-16 13:34 - 00380928 _____ () C:\Users\TM\Desktop\n6vfg5fm.exe
2014-11-04 09:39 - 2016-02-24 06:48 - 00062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-11-04 09:39 - 2016-02-24 06:47 - 00110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2015-11-26 10:21 - 2015-03-05 19:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-11-26 10:21 - 2014-07-22 11:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2015-11-20 21:09 - 2014-10-31 17:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-11-20 21:09 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-12-20 14:18 - 2014-09-11 19:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-20 14:18 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-04-09 11:01 - 2016-04-09 11:01 - 19403968 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-09-20 20:04 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2868644708-361947219-3011323284-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6686303F-25C0-4479-B1C1-CF1412E028B0}C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe
FirewallRules: [UDP Query User{00E65C0A-539A-4A46-84BF-92C4E0C2CE7F}C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe
FirewallRules: [TCP Query User{A868FFBB-76F9-4E0D-8B56-5F13FCE190D4}C:\users\tm\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tm\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B414CC54-FDFC-46DE-8687-3FE00E5C51FA}C:\users\tm\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tm\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{ECA56FAE-58A8-414E-8C86-8D473892128E}C:\users\tm\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tm\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{42D3326D-3084-491A-B1E5-0396F139CFDE}C:\users\tm\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\tm\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4A5BD441-D024-4F13-9E99-7841F1D370E7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E08B593E-5F82-432B-AAAC-1DD946A57BD5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{71BB6DCC-9AEC-4CD5-B32B-24235BD3B478}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA8F091A-90D0-4CFB-87FD-114560910F20}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E3CB20CF-52D9-499F-91F3-A4BA9B7E1A10}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{01E3DFD5-3219-4120-900B-5374FBFBD1C8}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2DAC9942-C75F-4F5F-80E9-A041EEDD08DB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{9538E2BD-535D-4F51-BC2C-0CBFDA179FC7}C:\users\tm\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tm\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{356A3841-757D-4EB2-B01E-874BCD0CAB90}C:\users\tm\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\tm\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{216D2917-BA1C-4F4B-AFF7-1272402DCB0C}C:\program files\autodesk\maya2015\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2015\bin\maya.exe
FirewallRules: [UDP Query User{735163BC-FAE8-4013-B9C8-B6448DCBDFE4}C:\program files\autodesk\maya2015\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2015\bin\maya.exe
FirewallRules: [{84DBD40F-CC93-47EB-8F18-E07A9E02F97B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FDAA67C6-BD9E-4768-8A41-AD212087EECF}] => (Allow) LPort=2869
FirewallRules: [{AC0DC903-FDB1-4B9D-B675-0A257B2B80F1}] => (Allow) LPort=1900
FirewallRules: [{872E135B-D997-4AF9-ACAC-F555BD7DBBDD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{AB617C58-96E8-4B0C-826E-E87E4D438C1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{9D742B41-BB76-4D26-9CBF-3EF8ADA4ECE4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{3919BFB4-FA3B-42F5-95D7-AF116CE3003D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{9B3837E7-B8BA-4D27-B60F-2018C0507569}C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe
FirewallRules: [UDP Query User{9A514263-74BC-4DF4-B18C-851E8D018DBB}C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe] => (Allow) C:\users\tm\documents\processing-2.2.1-windows64\processing-2.2.1\java\bin\java.exe
FirewallRules: [TCP Query User{E2B93F94-382A-4893-B623-93CB0C05D0AD}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{029E27FA-5AE3-489A-BCE2-E0F2C516BEB9}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{FF9AC879-075F-48E7-9573-23A2F9CD0DFD}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{22C333D2-0CBA-40D6-82C0-8E8706773608}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{B317AEB3-CFE1-4F2A-9CBF-6D6E22B09699}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{06B85C42-12DF-4A44-AEFC-5B64A3ECEDD2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{69EFFFE7-E451-4EB7-81F4-444C9A61C758}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [UDP Query User{30BF2AA0-F906-46E8-891A-C599B16A2D2A}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [TCP Query User{B9056BD3-B22C-47B0-8890-80B2FA845D55}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{6E16C7B9-5476-440F-89BB-EC41B68B9825}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [{AEC73329-8AEB-4E27-89CA-526B37E148D5}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{A76A5888-624F-4A09-9F5F-3246D121C916}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [TCP Query User{883400B3-193B-4E8C-87FB-01BBD6B16D25}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{2720FD6F-5768-444C-8563-6E29C4729D65}C:\program files\unity\monodevelop\bin\monodevelop.exe] => (Allow) C:\program files\unity\monodevelop\bin\monodevelop.exe
FirewallRules: [TCP Query User{06BD80AA-9F52-4B6F-9C81-3356282364D2}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{A7D7817D-E258-4E15-A45F-112539299672}C:\program files\unity\editor\unity.exe] => (Allow) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{D8CD3403-20D8-48B1-AF2E-289230D238F5}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [UDP Query User{72B9E778-05DB-4633-A088-587B8AD205F3}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [TCP Query User{68E26CD3-F0C1-42B3-A6FC-3510202815EF}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{E59D1D48-8FC4-48FE-B4A0-44D56602D59A}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{4A037D2A-5DEC-4305-8E0D-56369BA7B8D5}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{FB3F0BC3-4FAE-4400-9C1F-36146AE43169}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D6A5413C-81D8-4077-92AF-F7D16A72091A}C:\users\tm\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tm\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3598E57C-83A5-4AAB-BE78-886CEDF0C28F}C:\users\tm\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tm\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AE741C23-5E82-4495-8687-A0F3C93D0D20}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{061EB889-76BA-4A15-A527-E347AC43A497}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{0CC9BC55-97B5-4FE5-91A2-74E348B85D40}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [UDP Query User{12821CE4-D333-417F-A262-47439663221E}C:\program files\java\jdk1.7.0_79\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\jmc.exe
FirewallRules: [{1B5109DA-B4DC-4098-BA3C-DCBE5810EB18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88A76A46-FA95-4F54-B7E8-48EDA994A9E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3E501BC3-FF1A-4C38-A638-721D936D5656}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [UDP Query User{73BB43A4-60B4-4D17-BAC5-D1D21F3717DE}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe
FirewallRules: [TCP Query User{0AB436EE-6718-432F-A35F-596D1EA9E5A2}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [UDP Query User{4EB451E4-C969-437F-99FC-4B3B22014691}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [TCP Query User{A747C141-D0AD-4880-95F1-867BA8B515E6}C:\program files\java\jdk1.7.0_79\jre\bin\java.exe] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\java.exe
FirewallRules: [UDP Query User{AE53B5D4-485C-40FF-B25D-9F0D4584DF37}C:\program files\java\jdk1.7.0_79\jre\bin\java.exe] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\java.exe
FirewallRules: [TCP Query User{CA0983B2-9FB9-4DE4-8CA8-D35F41F1E8FA}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{ECDF9243-3A3B-44C0-BFBB-8762DBFCC30F}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{2D7DF03E-2D56-4323-882B-9537C45894DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{78BE0D64-0A5B-406F-9803-0F2F6CE4C982}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [TCP Query User{5713AC0E-23A0-4F21-8C76-B30268BA5823}C:\users\tm\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tm\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{39E74C6A-03F0-48E9-A7F7-D14ECC30E454}C:\users\tm\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tm\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{718CE9AD-12B0-482E-9D9E-47C351E0EA96}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{3CCFEEE9-1A82-44CC-BD58-7259071589AC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{26269DBA-7B37-405A-ADD5-2D8FC2F7B7C0}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [TCP Query User{30ED1B46-0B9E-44AF-BD13-DA6ED2F41A4B}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [UDP Query User{9E7E2D43-1A4C-412D-BEA4-2EE6169C0588}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [TCP Query User{6E370C5E-2DDD-4F3C-8F68-BC0B1BD9EC73}C:\users\tm\desktop\imagej\imagej.exe] => (Allow) C:\users\tm\desktop\imagej\imagej.exe
FirewallRules: [UDP Query User{990C4304-815E-4D0A-A037-1F2137953729}C:\users\tm\desktop\imagej\imagej.exe] => (Allow) C:\users\tm\desktop\imagej\imagej.exe
FirewallRules: [{1F1DD137-8FF8-4B3F-8E3E-3C50B3F30E9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Altitude\altitude.exe
FirewallRules: [{367473B6-BC0D-4A02-B51A-ADE00E2365F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Altitude\altitude.exe
FirewallRules: [TCP Query User{4387F9B7-8D0B-4529-9CE5-2BCA147F9837}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [UDP Query User{CB7E086B-2B75-41B8-A532-14AE42A8109F}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.4\bin\idea.exe
FirewallRules: [TCP Query User{9C8D0640-9464-4410-902A-A7EE4BB09E1D}C:\program files (x86)\eyesweb 5.5.0\eywgui.exe] => (Allow) C:\program files (x86)\eyesweb 5.5.0\eywgui.exe
FirewallRules: [UDP Query User{5A0D87F4-4120-4007-8D5C-51D04B7246B5}C:\program files (x86)\eyesweb 5.5.0\eywgui.exe] => (Allow) C:\program files (x86)\eyesweb 5.5.0\eywgui.exe
FirewallRules: [TCP Query User{B35E8914-E11E-4456-8CA5-8BE49F67FE31}E:\qpresenter-02b1\pwpresenter.exe] => (Allow) E:\qpresenter-02b1\pwpresenter.exe
FirewallRules: [UDP Query User{F0226E8B-5EF4-4C11-ADBD-D18EDCA328A2}E:\qpresenter-02b1\pwpresenter.exe] => (Allow) E:\qpresenter-02b1\pwpresenter.exe
FirewallRules: [TCP Query User{709E5335-A851-4553-AC59-B6927BF82A08}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\bin\idea.exe
FirewallRules: [UDP Query User{F7E6DDE5-C927-4073-B671-74F924243D49}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\bin\idea.exe
FirewallRules: [TCP Query User{E9DCA945-D19B-4C21-BFD8-21D039793F7D}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{C29A5F21-ABAA-4803-A89D-967948D09CDE}C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.1.5\jre\jre\bin\java.exe
FirewallRules: [{6A2C3C09-A72F-424C-B161-77AFD595A2E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F35B7FCF-453B-4119-8D3E-66A66F51E84B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{61E8F08F-8233-443B-949E-0D01C5BACD1A}E:\first build\network test.exe] => (Allow) E:\first build\network test.exe
FirewallRules: [UDP Query User{DD5C4D66-6949-4B42-B524-7F9D96452ED0}E:\first build\network test.exe] => (Allow) E:\first build\network test.exe
FirewallRules: [TCP Query User{0D4D218B-D2D7-4C35-A7CD-6F1DA627AF66}C:\program files\java\jdk1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{DE40F492-7AE6-4259-8750-419733FC2FD5}C:\program files\java\jdk1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_66\bin\java.exe
FirewallRules: [TCP Query User{96ABD97D-BF9C-4CF4-B969-8652B3FD06C7}C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe
FirewallRules: [UDP Query User{893E1EF5-0AE2-445A-BFF6-E1306E38C8B5}C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe
FirewallRules: [TCP Query User{7B6BCAE4-81B1-47DB-A130-D74EEB2BC04B}C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe
FirewallRules: [UDP Query User{AF37420C-6839-44E2-B510-F7D015E51E84}C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 15.0.1\bin\idea.exe
FirewallRules: [TCP Query User{30580AF9-0F13-43BD-8623-EBA5BB4A4B6F}C:\program files\java\jdk1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{C05C364D-9C33-4FFF-B778-FAF70D85B6B6}C:\program files\java\jdk1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_66\bin\java.exe
FirewallRules: [{5B1047F5-87F7-4A55-B977-5DD7810B19E3}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{3105F623-E113-4A09-9DDF-103627286511}] => (Allow) D:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D20D794D-FE65-4873-A7E9-872011B4FBC0}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{85B52E3F-8888-43B6-8978-EA5D10527137}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{61648886-939F-4F47-A577-8B1981E9F02B}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0779DBF5-0BB4-46F8-96FE-6051C7A0123C}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [TCP Query User{307443F8-02ED-4777-BB5C-C66FDB3F4615}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B5D159D2-A47F-479C-94ED-2C38730FD317}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{2634BD46-25CC-4D9E-AC5A-8F6151AE9E14}C:\program files\pd\bin\pd.exe] => (Allow) C:\program files\pd\bin\pd.exe
FirewallRules: [UDP Query User{8E62B0D3-7CF5-45CE-9020-606D804207A0}C:\program files\pd\bin\pd.exe] => (Allow) C:\program files\pd\bin\pd.exe
FirewallRules: [TCP Query User{C0C081FE-FA69-4A21-97A4-3F201EFEE536}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{F4BDECA2-81F8-4BDF-9B3C-57589BCEC65D}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{EC7F9BE1-D373-40FC-8830-CE038497B1BF}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{25BDB499-379A-4ECB-9F67-5CA80E96F6D4}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{643982B6-2803-46A6-BA5F-FF90EE4E3F54}C:\users\tm\appdata\local\temp\codebender\node.exe] => (Allow) C:\users\tm\appdata\local\temp\codebender\node.exe
FirewallRules: [UDP Query User{FFAB7CA8-AF74-4F6F-9FCC-EDB14A53AA0C}C:\users\tm\appdata\local\temp\codebender\node.exe] => (Allow) C:\users\tm\appdata\local\temp\codebender\node.exe
FirewallRules: [TCP Query User{21E6E0F4-F61B-483E-95EA-368F7BDA0378}C:\soldat\soldat.exe] => (Allow) C:\soldat\soldat.exe
FirewallRules: [UDP Query User{28B8A651-3136-4FED-BFBF-4BA928CFAFFB}C:\soldat\soldat.exe] => (Allow) C:\soldat\soldat.exe
FirewallRules: [TCP Query User{CCDB98F3-7FA4-4941-A818-652B8CE0E5A7}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
FirewallRules: [UDP Query User{EAFD69A8-8164-4E47-9F20-25146F9323DC}C:\program files (x86)\jack\jackd.exe] => (Allow) C:\program files (x86)\jack\jackd.exe
FirewallRules: [TCP Query User{D86EAD89-A89D-4BFE-A603-BFB15A07AC79}C:\program files (x86)\pd\bin\pd.exe] => (Allow) C:\program files (x86)\pd\bin\pd.exe
FirewallRules: [UDP Query User{CBD32B5A-D7DF-4F31-BD2F-506AF6CB6429}C:\program files (x86)\pd\bin\pd.exe] => (Allow) C:\program files (x86)\pd\bin\pd.exe

==================== Restore Points =========================

18-04-2016 14:39:58 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth-audio
Description: Bluetooth-audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Intel® lyd til skærm
Description: Intel® lyd til skærm
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2016 10:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 10:07:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 09:42:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/16/2016 01:46:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 09:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/14/2016 04:18:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2016 10:26:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2016 11:50:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2016 11:55:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2016 11:17:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/17/2016 10:59:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Google Update Tjeneste (gupdate) kunne ikke starte pga. følgende fejl:
%%2

Error: (04/17/2016 10:57:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:
cdrom

Error: (04/17/2016 10:57:42 AM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled

Error: (04/17/2016 10:56:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (04/17/2016 08:22:09 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil derfor ikke blive brugt. Driveren vil ikke blive indlæst.

Error: (04/17/2016 08:21:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/16/2016 10:09:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Google Update Tjeneste (gupdate) kunne ikke starte pga. følgende fejl:
%%2

Error: (04/16/2016 10:07:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:
cdrom

Error: (04/16/2016 10:07:24 PM) (Source: IntelHaxm) (EventID: 10) (User: )
Description: HAXM can't work on system with VT disabled

Error: (04/16/2016 10:07:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den foregående systemlukning kl. 21:57:43 d. ‎16-‎04-‎2016 var uventet.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210M CPU @ 2.60GHz
Percentage of memory in use: 55%
Total physical RAM: 8105.11 MB
Available physical RAM: 3632.13 MB
Total Virtual: 16208.41 MB
Available Virtual: 12014.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:9.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7BAB62B6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by MagicTux, 18 April 2016 - 02:09 PM.


#3 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 18 April 2016 - 02:18 PM

GMER:
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-04-18 21:17:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 MTFDDAK128MAY-1AH1ZABHA rev.M504 119,24GB
Running: n6vfg5fm.exe; Driver: C:\Users\TM\AppData\Local\Temp\pxldipoc.sys


---- User code sections - GMER 2.2 ----

.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17               0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17               0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                   0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                 0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe[1684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                             0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                             0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                 0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                               0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                            0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                              0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                            0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                            0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                               0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                        0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                               0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                        0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                              0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                   0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                            0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                              0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                 0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                              0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                            0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                        0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                        0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                          0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                            0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                          0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                          0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                             0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                      0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                             0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                      0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                            0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                 0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                          0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                            0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                               0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                            0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                          0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                      0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Users\TM\AppData\Local\Akamai\netsession_win.exe[3544] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                      0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                 0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                   0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                 0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                 0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                    0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                             0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                    0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                             0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                   0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                        0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                 0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                   0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                      0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                   0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                 0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                             0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                             0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                         00000000602511a8 2 bytes [25, 60]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                        000000006025127d 2 bytes CALL 74b514c9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                        0000000060251310 2 bytes CALL 74b514c9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                   00000000602513a8 2 bytes [25, 60]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                       0000000060251422 2 bytes [25, 60]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[3552] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                0000000060251498 2 bytes [25, 60]
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17            0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17              0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17            0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42            0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17               0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17        0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17               0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17        0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17              0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                   0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17            0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17              0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                 0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17              0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17            0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20        0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe[4008] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31        0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                             0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                               0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                             0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                             0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                         0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                         0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                               0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                             0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                               0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                               0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                             0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                         0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                         0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                   0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                     0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                   0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                   0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                               0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                               0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                     0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                   0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                     0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                     0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                   0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                               0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                               0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                             0000000074c51401 2 bytes JMP 74b7b263 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                               0000000074c51419 2 bytes JMP 74b7b38e C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                             0000000074c51431 2 bytes JMP 74bf90f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                             0000000074c5144a 2 bytes CALL 74b548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                        * 9
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                0000000074c514dd 2 bytes JMP 74bf89ea C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                         0000000074c514f5 2 bytes JMP 74bf8bc0 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                0000000074c5150d 2 bytes JMP 74bf88e0 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                         0000000074c51525 2 bytes JMP 74bf8caa C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                               0000000074c5153d 2 bytes JMP 74b6fce8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000074c51555 2 bytes JMP 74b76937 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                             0000000074c5156d 2 bytes JMP 74bf91a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                               0000000074c51585 2 bytes JMP 74bf8d0a C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  0000000074c5159d 2 bytes JMP 74bf88a4 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                               0000000074c515b5 2 bytes JMP 74b6fd81 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                             0000000074c515cd 2 bytes JMP 74b7b324 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                         0000000074c516b2 2 bytes JMP 74bf906c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\RunDll32.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                         0000000074c516bd 2 bytes JMP 74bf8839 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.2 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18cf5eb4516d                                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18cf5eb4516d@000761fbc165                                                                   0x7F 0x68 0x30 0x40 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\acfdce2f1e75                                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\acfdceb8cdaa                                                                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18cf5eb4516d (not active ControlSet)                                                            
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18cf5eb4516d@000761fbc165                                                                       0x7F 0x68 0x30 0x40 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\acfdce2f1e75 (not active ControlSet)                                                            
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\acfdceb8cdaa (not active ControlSet)                                                            

---- Files - GMER 2.2 ----

File   C:\FRST                                                                                                                                                    0 bytes
File   C:\FRST\Hives                                                                                                                                              0 bytes
File   C:\FRST\Hives\BCD                                                                                                                                          28672 bytes
File   C:\FRST\Hives\DEFAULT                                                                                                                                      8404992 bytes
File   C:\FRST\Hives\ERDNT.CON                                                                                                                                    800 bytes
File   C:\FRST\Hives\ERDNT.EXE                                                                                                                                    163328 bytes executable
File   C:\FRST\Hives\ERDNT.INF                                                                                                                                    828 bytes
File   C:\FRST\Hives\ERDNTDOS.LOC                                                                                                                                 2815 bytes
File   C:\FRST\Hives\ERDNTWIN.LOC                                                                                                                                 3275 bytes
File   C:\FRST\Hives\SAM                                                                                                                                          28672 bytes
File   C:\FRST\Hives\SECURITY                                                                                                                                     24576 bytes
File   C:\FRST\Hives\SOFTWARE                                                                                                                                     120586240 bytes
File   C:\FRST\Hives\SYSTEM                                                                                                                                       20430848 bytes
File   C:\FRST\Hives\Users                                                                                                                                        0 bytes
File   C:\FRST\Hives\Users\00000001                                                                                                                               0 bytes
File   C:\FRST\Hives\Users\00000001\ntuser.dat                                                                                                                    32702464 bytes
File   C:\FRST\Hives\Users\00000002                                                                                                                               0 bytes
File   C:\FRST\Hives\Users\00000002\UsrClass.dat                                                                                                                  8896512 bytes
File   C:\FRST\Logs                                                                                                                                               0 bytes
File   C:\FRST\Logs\Addition_18-04-2016_21-06-30.txt                                                                                                              51869 bytes
File   C:\FRST\Logs\FRST_18-04-2016_21-06-30.txt                                                                                                                  64315 bytes
File   C:\FRST\Quarantine                                                                                                                                         0 bytes

---- EOF - GMER 2.2 ----
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 18 April 2016 - 03:57 PM

Greetings MagicTux and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. It is highly unlikely that you have a BIOS or UEFI infection. I can assist you in locating and removing potential malware but I would not be able to address the BIOS/UEFI issue.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2868644708-361947219-3011323284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\cg95lmf7.default-1416079236148\extensions\detgdp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\sweetsearch@gmail.com => not found
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64; C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [48784 2014-12-13] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 pxldipoc; \??\C:\Users\TM\AppData\Local\Temp\pxldipoc.sys [X]
2015-05-06 09:28 - 2015-06-01 12:45 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-06-24 10:41 - 2015-06-24 10:41 - 0000020 _____ () C:\Users\TM\AppData\Roaming\appdataFr2.bin
C:\Users\TM\temp.dat
CustomCLSID: HKU\S-1-5-21-2868644708-361947219-3011323284-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TM\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay
Task: {7925A4A3-8AA9-4880-88C3-D5B5EAF87BAC} - System32\Tasks\{3C7969FA-C782-4052-A5E4-85D4B87CCCDB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -c -runfromtemp -removeonly
Task: {7F8CCED8-865F-4436-902D-1BC1BAD69725} - System32\Tasks\{9E350745-2739-467C-A59B-9EAA21118027} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MOV Converter 6\Uninstall.exe"
Task: {84261EE5-AB17-4007-8B4D-8B390B8F9F12} - System32\Tasks\{3C21593B-89C8-4768-9F40-5F9BDF2B875E} => pcalua.exe -a C:\ProgramData\DealsFactor\DealsFactor.exe -c /progname=DealsFactor /progver=3.4.2 /progpub=DealsFactor /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
C:\ProgramData\DealsFactor
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 19 April 2016 - 04:40 AM

Hey Gary!
I'm really happy that you will spare some time to help me.
I have done all what you said.

Best regards
Thomas

Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by TM (2016-04-19 11:32:10) Run:1
Running from C:\Users\TM\Desktop
Loaded Profiles: TM (Available Profiles: TM)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-2868644708-361947219-3011323284-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL => No File
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\cg95lmf7.default-1416079236148\extensions\detgdp@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\quick_searchff@gmail.com => not found
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\TM\AppData\Roaming\Mozilla\Firefox\Profiles\v0xwweee.default-1428925229709\extensions\sweetsearch@gmail.com => not found
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64; C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [48784 2014-12-13] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 pxldipoc; \??\C:\Users\TM\AppData\Local\Temp\pxldipoc.sys [X]
2015-05-06 09:28 - 2015-06-01 12:45 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-06-24 10:41 - 2015-06-24 10:41 - 0000020 _____ () C:\Users\TM\AppData\Roaming\appdataFr2.bin
C:\Users\TM\temp.dat
CustomCLSID: HKU\S-1-5-21-2868644708-361947219-3011323284-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\TM\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay
Task: {7925A4A3-8AA9-4880-88C3-D5B5EAF87BAC} - System32\Tasks\{3C7969FA-C782-4052-A5E4-85D4B87CCCDB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -c -runfromtemp -removeonly
Task: {7F8CCED8-865F-4436-902D-1BC1BAD69725} - System32\Tasks\{9E350745-2739-467C-A59B-9EAA21118027} => pcalua.exe -a "C:\Program Files (x86)\ImTOO\MOV Converter 6\Uninstall.exe"
Task: {84261EE5-AB17-4007-8B4D-8B390B8F9F12} - System32\Tasks\{3C21593B-89C8-4768-9F40-5F9BDF2B875E} => pcalua.exe -a C:\ProgramData\DealsFactor\DealsFactor.exe -c /progname=DealsFactor /progver=3.4.2 /progpub=DealsFactor /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
C:\ProgramData\DealsFactor
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
"HKU\S-1-5-21-2868644708-361947219-3011323284-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\detgdp@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_searchff@gmail.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com => value removed successfully
{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64 => Service stopped successfully.
{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64 => service removed successfully
VGPU => service removed successfully
pxldipoc => service not found.
C:\Program Files (x86)\prefs.js => moved successfully
C:\Users\TM\AppData\Roaming\appdataFr2.bin => moved successfully
C:\Users\TM\temp.dat => moved successfully
"HKU\S-1-5-21-2868644708-361947219-3011323284-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7925A4A3-8AA9-4880-88C3-D5B5EAF87BAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7925A4A3-8AA9-4880-88C3-D5B5EAF87BAC}" => key removed successfully
C:\Windows\System32\Tasks\{3C7969FA-C782-4052-A5E4-85D4B87CCCDB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C7969FA-C782-4052-A5E4-85D4B87CCCDB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F8CCED8-865F-4436-902D-1BC1BAD69725}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F8CCED8-865F-4436-902D-1BC1BAD69725}" => key removed successfully
C:\Windows\System32\Tasks\{9E350745-2739-467C-A59B-9EAA21118027} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9E350745-2739-467C-A59B-9EAA21118027}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84261EE5-AB17-4007-8B4D-8B390B8F9F12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84261EE5-AB17-4007-8B4D-8B390B8F9F12}" => key removed successfully
C:\Windows\System32\Tasks\{3C21593B-89C8-4768-9F40-5F9BDF2B875E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C21593B-89C8-4768-9F40-5F9BDF2B875E}" => key removed successfully
C:\ProgramData\DealsFactor => moved successfully


The system needed a reboot.

==== End of Fixlog 11:32:21 ====

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 19 April 2016 - 08:43 AM

Greetings Thomas,

My pleasure to work with you on this.

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 19 April 2016 - 11:44 AM

I'm unable to say how the desktop machine acts. Ended up delivering it at a IT facility where they will look more into it.
The laptop runs fine at least, but I suspect the computer to still be infected due to strange executables running among services.

Why is wmpnetwk.exe always running? I still suspect the computer is infected. If I do a scan with GMER the prescan actually finds Rootkit/Malware activity under wmpnetwk.exe?
That isn't normal right?

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-04-19 18:47:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 MTFDDAK128MAY-1AH1ZABHA rev.M504 119,24GB
Running: gjkzkfgc.exe; Driver: C:\Users\TM\AppData\Local\Temp\pxldipoc.sys


---- Threads - GMER 2.2 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4260:5072]  000007fefadb2af4
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4260:3432]  000007fedff28f70
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4260:6064]  000007fef5605124

---- EOF - GMER 2.2 ----
 


Edited by MagicTux, 19 April 2016 - 11:50 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 19 April 2016 - 02:56 PM

Greetings,

The Threads are not indicative of malicious activity but simply reflect settings on the computer related to Windows Media Player.

Here is the relevant portion of the System Summary report:

Windows Media Player      Network Sharing Service      WMPNetworkSvc      Running      Auto      Own Process      "c:\program files\windows media player\wmpnetwk.exe"      Normal NT AUTHORITY\NetworkService      0


What this indicates is Windows Media Player is set to Automatically run (start) upon system boot. You can modify the Windows Media Player Network Sharing Service setting if you'd like from the Services window (type services.msc in run box and hit Enter). If modified, I would recommend it be set to Demand if the WMP Network Sharing Service is not being utilized.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 20 April 2016 - 07:07 PM

Please let me know if you have any other questions or issues.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 23 April 2016 - 08:09 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 25 April 2016 - 11:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 29 April 2016 - 12:02 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 29 April 2016 - 12:18 PM

I still need help with this. I'm actually on a desktop machine now but my machine runs really bad even though it is newly installed. I have also changed to Windows 8.1 instead of Windows 7. If I go to BIOS and disable my onboard soundcard, the IC on the motherboard will light up. I never use onboard due to a USB soundcard from Sennheiser and the IC should'nt light up if it is disabled. My PC is also making strange sounds which I think is coming from the graphiccard. I'm a gamer and really has a fetish for performance and my PC is stuttering a lot when playing especially if I use a lot of keys on the keyboard at the same time. I have tried different Nvidia drivers with no success.


Edited by MagicTux, 29 April 2016 - 12:23 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:56 AM

Posted 29 April 2016 - 07:43 PM

Your issues are not malware related so I can't offer you much more help.

What can you tell me about this being on your computer?

Intel Hardware Accelerated Execution Manager (Intel® HAXM)

Please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Intel Hardware
  • GSmart results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 MagicTux

MagicTux
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 29 April 2016 - 08:18 PM

I'm quite certain that it is malware related. Never had any issues with my hardware before until I joined some teamspeak for a business meeting, when I connected to the server it prompted me if I wanted to accept some kind of a security certificate. I have a slight feeling that I got ratted in that situation but I'm not sure.

I'm in doubt how to use Intel HAXM to provide the needed information regarding Intel Hardware. I have installed HAXM and it is running. I can confirm this by opening an elevated CMD and type "sc query intelhaxm" which prompts it is running. When I try to open the haxm_check.exe it just opens and closes really quick and doesn't leave any logs.

Here is the log from GSmart results:

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     Samsung SSD 840 EVO 120GB
Serial Number:    S1D5NSBDB19358W
LU WWN Device Id: 5 002538 8a00e9c5e
Firmware Version: EXT0DB6Q
User Capacity:    120.034.123.776 bytes [120 GB]
Sector Size:      512 bytes logical/physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4c
Local Time is:    Sat Apr 30 02:55:14 2016 
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: ( 4200) seconds.
Offline data collection
capabilities: (0x53) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  70) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 1
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  5 Reallocated_Sector_Ct   0x0033   100   100   010    Pre-fail  Always       -       0
  9 Power_On_Hours          0x0032   098   098   000    Old_age   Always       -       9087
 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       1683
177 Wear_Leveling_Count     0x0013   088   088   000    Pre-fail  Always       -       141
179 Used_Rsvd_Blk_Cnt_Tot   0x0013   100   100   010    Pre-fail  Always       -       0
181 Program_Fail_Cnt_Total  0x0032   100   100   010    Old_age   Always       -       0
182 Erase_Fail_Count_Total  0x0032   100   100   010    Old_age   Always       -       0
183 Runtime_Bad_Block       0x0013   100   100   010    Pre-fail  Always       -       0
187 Reported_Uncorrect      0x0032   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0032   067   038   000    Old_age   Always       -       33
195 Hardware_ECC_Recovered  0x001a   200   200   000    Old_age   Always       -       0
199 UDMA_CRC_Error_Count    0x003e   100   100   000    Old_age   Always       -       0
235 Unknown_Attribute       0x0012   099   099   000    Old_age   Always       -       216
241 Total_LBAs_Written      0x0032   099   099   000    Old_age   Always       -       36830627867
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%         3         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users