Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira finding lots of Hidden objects all of the sudden, also warnings!


  • This topic is locked This topic is locked
9 replies to this topic

#1 JaskaTheK9

JaskaTheK9

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 May 2016 - 05:20 PM

Hello,

 

I noticed yesterday that Avira is finding a lot of hidden objects. Also when I scanned with Avira, using complete logs mode, I also alerted me about over 100 warnings because there are files it cannot scan. However, I cannot paste this log since the log on complete report mode is huge (50mb!). This didn't use to happen during daily scans, i'm fairly sure that I have caught something evil. I have added FRST log bellow and attached Additions log + Avira log as attachements  I also did malwarebytes scan, but that found nothing.

 

Thanks again.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-05-2016
Ran by jaakk (administrator) on JAAKKO (16-05-2016 00:49:55)
Running from C:\Users\jaakk\Desktop
Loaded Profiles: jaakk &  (Available Profiles: jaakk)
Platform: Windows 10 Home Version 1511 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\Spotify.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Spotify Ltd) C:\Users\jaakk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4931\Agent.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7208\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [807392 2016-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-04-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [5401048 2016-04-30] (F-Secure Corporation)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [Spotify] => C:\Users\jaakk\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-26] (Spotify Ltd)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-28] (Electronic Arts)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3985976 2016-05-12] (GOG.com)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [Spotify Web Helper] => C:\Users\jaakk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-26] (Spotify Ltd)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3006952 2016-05-04] (Blizzard Entertainment)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\jaakk\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-26] (Spotify Ltd)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-28] (Electronic Arts)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3985976 2016-05-12] (GOG.com)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\jaakk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-26] (Spotify Ltd)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-10-09] (SteelSeries ApS)
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3006952 2016-05-04] (Blizzard Entertainment)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0c4ec650-bb9c-4d1e-b59f-0fb3d2c358df}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8c66f137-b030-4ab1-9d5e-95e65a1edc67}: [DhcpNameServer] 198.18.23.33
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-05-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-05-05] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-05] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-05-05] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jaakk\AppData\Roaming\Mozilla\Firefox\Profiles\2olqdun8.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-05] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-05-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: NoScript - C:\Users\jaakk\AppData\Roaming\Mozilla\Firefox\Profiles\2olqdun8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-11]
FF Extension: uBlock Origin - C:\Users\jaakk\AppData\Roaming\Mozilla\Firefox\Profiles\2olqdun8.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-03]
FF Extension: Adblock Plus - C:\Users\jaakk\AppData\Roaming\Mozilla\Firefox\Profiles\2olqdun8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-presentaatiot) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-20]
CHR Extension: (ThemeBeta.com) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkleffjjjgeaddfgndakajjdldgbkoe [2016-02-22]
CHR Extension: (Google-dokumentit) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-20]
CHR Extension: (Google Drive) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-20]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2016-05-04]
CHR Extension: (YouTube) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-20]
CHR Extension: (Adblock Plus) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09]
CHR Extension: (Google-haku) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-20]
CHR Extension: (Google-taulukot) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-20]
CHR Extension: (Google Docsin offline-tila) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Bookmark Manager) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-20]
CHR Extension: (Moderator toolbox for reddit) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjpjhhkcbkmgdkahnckfboefnkgghpo [2016-02-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-18]
CHR Extension: (Automattinen HD YouTubelle™) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-02-20]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\jaakk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-20]
CHR HKU\S-1-5-21-2270606022-1161141034-668459170-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [955736 2016-03-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466504 2016-03-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466504 2016-03-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1424880 2016-03-09] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [280008 2016-04-25] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-04-02] (Microsoft Corporation)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [440280 2016-04-30] (F-Secure Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [246328 2016-05-12] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-05-12] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-28] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [189112 2016-05-04] (Power Admin LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-01-22] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-09] (Avira Operations GmbH & Co. KG)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47840 2015-11-23] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21728 2015-11-23] (Corsair)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R3 fsfreedometap; C:\Windows\System32\drivers\fsfreedometap.sys [36312 2016-04-30] (The OpenVPN Project)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-22] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2016-02-16] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-10-15] (Realtek                                            )
S3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [40568 2015-10-03] (SteelSeries ApS)
S3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-06] ()
S3 USBTINSP; C:\Windows\System32\drivers\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 00:49 - 2016-05-16 00:50 - 00025311 _____ C:\Users\jaakk\Desktop\FRST.txt
2016-05-16 00:49 - 2016-05-16 00:49 - 02382336 _____ (Farbar) C:\Users\jaakk\Desktop\FRST64.exe
2016-05-16 00:49 - 2016-05-16 00:49 - 00000000 ____D C:\FRST
2016-05-14 18:01 - 2016-05-14 18:01 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-05-14 18:01 - 2016-05-10 02:23 - 00110528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-05-14 18:01 - 2016-05-04 05:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-05-14 18:01 - 2016-05-04 05:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-05-14 18:01 - 2016-05-04 05:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-05-14 18:01 - 2016-05-04 05:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-05-14 18:00 - 2016-05-10 07:05 - 42924088 _____ C:\Windows\system32\nvcompiler.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 31625272 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 25374776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 21380696 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 20922648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 17777016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 17370472 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 17370400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 10566520 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 08673880 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 02614208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 02258368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436519.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436519.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00960056 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00887744 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00786688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00784640 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00678704 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00632152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00630592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00601752 _____ C:\Windows\system32\nvmcumd.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00545632 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00448824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00385080 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00379296 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00346560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00317472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-05-14 18:00 - 2016-05-10 07:05 - 00000592 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-05-14 18:00 - 2016-05-10 07:05 - 00000592 _____ C:\Windows\system32\nv-vk64.json
2016-05-13 16:34 - 2016-05-13 16:34 - 00000218 _____ C:\Users\jaakk\AppData\Local\recently-used.xbel
2016-05-13 02:32 - 2016-05-13 02:32 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\NVIDIA
2016-05-10 22:11 - 2016-04-30 09:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-05-10 22:11 - 2016-04-30 09:31 - 03591168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-05-10 22:11 - 2016-04-23 09:12 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-10 22:11 - 2016-04-23 09:12 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-10 22:11 - 2016-04-23 09:12 - 00713920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-10 22:11 - 2016-04-23 09:12 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-10 22:11 - 2016-04-23 09:12 - 00294592 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-10 22:11 - 2016-04-23 09:12 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-05-10 22:11 - 2016-04-23 09:12 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-10 22:11 - 2016-04-23 08:28 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 22:11 - 2016-04-23 08:28 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 22:11 - 2016-04-23 08:24 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 22:11 - 2016-04-23 08:24 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 22:11 - 2016-04-23 08:24 - 01819208 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 22:11 - 2016-04-23 08:24 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-05-10 22:11 - 2016-04-23 08:12 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-10 22:11 - 2016-04-23 08:12 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:11 - 2016-04-23 08:11 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-10 22:11 - 2016-04-23 08:11 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-05-10 22:11 - 2016-04-23 08:10 - 03673424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-10 22:11 - 2016-04-23 08:10 - 02919832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-10 22:11 - 2016-04-23 08:09 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-10 22:11 - 2016-04-23 08:09 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-10 22:11 - 2016-04-23 08:09 - 05240960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-05-10 22:11 - 2016-04-23 08:09 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-10 22:11 - 2016-04-23 08:09 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-05-10 22:11 - 2016-04-23 08:08 - 06605504 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-05-10 22:11 - 2016-04-23 08:08 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-10 22:11 - 2016-04-23 08:01 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 22:11 - 2016-04-23 08:01 - 00650304 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-05-10 22:11 - 2016-04-23 08:01 - 00577368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-05-10 22:11 - 2016-04-23 08:01 - 00522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-05-10 22:11 - 2016-04-23 08:00 - 01372304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 22:11 - 2016-04-23 07:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-05-10 22:11 - 2016-04-23 07:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-05-10 22:11 - 2016-04-23 07:31 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:11 - 2016-04-23 07:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-05-10 22:11 - 2016-04-23 07:30 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-05-10 22:11 - 2016-04-23 07:30 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-05-10 22:11 - 2016-04-23 07:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-05-10 22:11 - 2016-04-23 07:28 - 16984576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-05-10 22:11 - 2016-04-23 07:26 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-05-10 22:11 - 2016-04-23 07:26 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-05-10 22:11 - 2016-04-23 07:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-05-10 22:11 - 2016-04-23 07:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-05-10 22:11 - 2016-04-23 07:23 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-05-10 22:11 - 2016-04-23 07:22 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-05-10 22:11 - 2016-04-23 07:22 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-05-10 22:11 - 2016-04-23 07:20 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-10 22:11 - 2016-04-23 07:20 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-05-10 22:11 - 2016-04-23 07:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-05-10 22:11 - 2016-04-23 07:19 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-05-10 22:11 - 2016-04-23 07:19 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-05-10 22:11 - 2016-04-23 07:19 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 22:11 - 2016-04-23 07:19 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-05-10 22:11 - 2016-04-23 07:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 24604672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-05-10 22:11 - 2016-04-23 07:18 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-05-10 22:11 - 2016-04-23 07:18 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-05-10 22:11 - 2016-04-23 07:17 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-05-10 22:11 - 2016-04-23 07:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-05-10 22:11 - 2016-04-23 07:16 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-05-10 22:11 - 2016-04-23 07:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-10 22:11 - 2016-04-23 07:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 13383168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-10 22:11 - 2016-04-23 07:14 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-05-10 22:11 - 2016-04-23 07:13 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-05-10 22:11 - 2016-04-23 07:13 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-05-10 22:11 - 2016-04-23 07:13 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-10 22:11 - 2016-04-23 07:13 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-10 22:11 - 2016-04-23 07:13 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-05-10 22:11 - 2016-04-23 07:10 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-10 22:11 - 2016-04-23 07:10 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-05-10 22:11 - 2016-04-23 07:09 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-10 22:11 - 2016-04-23 07:09 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-05-10 22:11 - 2016-04-23 07:08 - 05324288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:11 - 2016-04-23 07:08 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-05-10 22:11 - 2016-04-23 07:07 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-05-10 22:11 - 2016-04-23 07:07 - 02598912 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-05-10 22:11 - 2016-04-23 07:07 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-10 22:11 - 2016-04-23 07:06 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 05502976 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-05-10 22:11 - 2016-04-23 07:05 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-05-10 22:11 - 2016-04-23 07:04 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-05-10 22:11 - 2016-04-23 07:04 - 01731072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-10 22:11 - 2016-04-23 07:03 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-05-10 22:11 - 2016-04-23 07:03 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-10 22:11 - 2016-04-23 07:03 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-10 22:11 - 2016-04-23 07:03 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-05-10 22:11 - 2016-04-23 07:03 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-05-10 22:11 - 2016-04-23 07:02 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-05-10 22:11 - 2016-04-23 07:02 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-05-10 22:11 - 2016-04-23 07:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-05-10 22:11 - 2016-04-23 07:00 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-05-10 22:10 - 2016-05-06 07:53 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdport.sys
2016-05-10 22:10 - 2016-05-06 07:05 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-05-10 22:10 - 2016-05-06 07:03 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-05-10 22:10 - 2016-05-06 06:53 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-05-10 22:10 - 2016-05-06 06:49 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2016-05-10 22:10 - 2016-05-06 06:44 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-05-10 22:10 - 2016-05-06 06:43 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-05-10 22:10 - 2016-05-06 06:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-05-10 22:10 - 2016-04-23 09:12 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-10 22:10 - 2016-04-23 08:26 - 00707608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 22:10 - 2016-04-23 08:24 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-05-10 22:10 - 2016-04-23 08:24 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-05-10 22:10 - 2016-04-23 08:24 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-05-10 22:10 - 2016-04-23 08:22 - 01161120 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 22:10 - 2016-04-23 08:18 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-10 22:10 - 2016-04-23 08:13 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-05-10 22:10 - 2016-04-23 08:13 - 00306832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2016-05-10 22:10 - 2016-04-23 08:13 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-05-10 22:10 - 2016-04-23 08:12 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-05-10 22:10 - 2016-04-23 08:11 - 00696672 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-05-10 22:10 - 2016-04-23 08:11 - 00390496 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-05-10 22:10 - 2016-04-23 08:11 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:10 - 2016-04-23 08:11 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-05-10 22:10 - 2016-04-23 08:10 - 00330072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-05-10 22:10 - 2016-04-23 08:09 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-05-10 22:10 - 2016-04-23 08:09 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-05-10 22:10 - 2016-04-23 08:09 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-10 22:10 - 2016-04-23 08:09 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-05-10 22:10 - 2016-04-23 08:08 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-05-10 22:10 - 2016-04-23 08:07 - 01848072 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-05-10 22:10 - 2016-04-23 08:07 - 01536088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-05-10 22:10 - 2016-04-23 08:07 - 00204048 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-05-10 22:10 - 2016-04-23 08:07 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-05-10 22:10 - 2016-04-23 08:06 - 00291360 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-05-10 22:10 - 2016-04-23 08:02 - 00188256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:10 - 2016-04-23 08:01 - 00619296 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 22:10 - 2016-04-23 08:01 - 00513368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 22:10 - 2016-04-23 08:01 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 22:10 - 2016-04-23 08:01 - 00217440 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 01594920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 00453472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-05-10 22:10 - 2016-04-23 08:00 - 00058208 _____ (Microsoft Corporation) C:\Windows\system32\dwminit.dll
2016-05-10 22:10 - 2016-04-23 07:56 - 00534872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-05-10 22:10 - 2016-04-23 07:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-05-10 22:10 - 2016-04-23 07:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-05-10 22:10 - 2016-04-23 07:34 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2016-05-10 22:10 - 2016-04-23 07:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-10 22:10 - 2016-04-23 07:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-05-10 22:10 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-05-10 22:10 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2016-05-10 22:10 - 2016-04-23 07:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ByteCodeGenerator.exe
2016-05-10 22:10 - 2016-04-23 07:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-05-10 22:10 - 2016-04-23 07:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:10 - 2016-04-23 07:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-05-10 22:10 - 2016-04-23 07:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-05-10 22:10 - 2016-04-23 07:29 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-05-10 22:10 - 2016-04-23 07:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filecrypt.sys
2016-05-10 22:10 - 2016-04-23 07:29 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-05-10 22:10 - 2016-04-23 07:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2016-05-10 22:10 - 2016-04-23 07:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:10 - 2016-04-23 07:29 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-10 22:10 - 2016-04-23 07:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:10 - 2016-04-23 07:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-05-10 22:10 - 2016-04-23 07:28 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-05-10 22:10 - 2016-04-23 07:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-05-10 22:10 - 2016-04-23 07:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-05-10 22:10 - 2016-04-23 07:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-05-10 22:10 - 2016-04-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-05-10 22:10 - 2016-04-23 07:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-05-10 22:10 - 2016-04-23 07:25 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-05-10 22:10 - 2016-04-23 07:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-05-10 22:10 - 2016-04-23 07:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-05-10 22:10 - 2016-04-23 07:25 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-05-10 22:10 - 2016-04-23 07:24 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:10 - 2016-04-23 07:23 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-05-10 22:10 - 2016-04-23 07:23 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-05-10 22:10 - 2016-04-23 07:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2016-05-10 22:10 - 2016-04-23 07:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-05-10 22:10 - 2016-04-23 07:22 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-05-10 22:10 - 2016-04-23 07:21 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 22:10 - 2016-04-23 07:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-05-10 22:10 - 2016-04-23 07:20 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-05-10 22:10 - 2016-04-23 07:20 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-05-10 22:10 - 2016-04-23 07:20 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-05-10 22:10 - 2016-04-23 07:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-05-10 22:10 - 2016-04-23 07:20 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-10 22:10 - 2016-04-23 07:19 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2016-05-10 22:10 - 2016-04-23 07:19 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:10 - 2016-04-23 07:18 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-05-10 22:10 - 2016-04-23 07:18 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:10 - 2016-04-23 07:18 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-05-10 22:10 - 2016-04-23 07:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:10 - 2016-04-23 07:17 - 00388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 22:10 - 2016-04-23 07:17 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2016-05-10 22:10 - 2016-04-23 07:16 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-10 22:10 - 2016-04-23 07:15 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:10 - 2016-04-23 07:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-10 22:10 - 2016-04-23 07:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:10 - 2016-04-23 07:12 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:10 - 2016-04-23 07:07 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-10 22:10 - 2016-04-23 07:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-05-10 22:10 - 2016-04-23 07:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-05-10 22:10 - 2016-04-23 07:03 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-05-10 22:10 - 2016-04-23 07:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-05-10 22:10 - 2016-04-23 07:01 - 04775424 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-10 22:10 - 2016-04-23 06:45 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-05-10 22:10 - 2016-04-23 05:10 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-10 22:10 - 2016-04-23 05:10 - 00002186 _____ C:\Windows\system32\AppxProvisioning.xml
2016-05-10 22:10 - 2016-04-19 01:30 - 00002186 _____ C:\Windows\SysWOW64\AppxProvisioning.xml
2016-05-09 19:33 - 2016-05-09 19:33 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-09 19:31 - 2016-05-09 19:31 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002539 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002432 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00002398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-05-09 19:31 - 2016-05-09 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-05-09 19:31 - 2016-05-09 19:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-09 01:55 - 2016-04-28 03:59 - 00000215 _____ C:\Users\jaakk\Documents\Origin.VisualElementsManifest.xml
2016-05-07 12:46 - 2016-05-09 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-05 21:27 - 2016-04-14 08:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-05-05 21:27 - 2016-04-14 08:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-05-05 19:46 - 2016-05-05 20:32 - 00000000 ____D C:\Users\jaakk\Documents\Overwatch
2016-05-04 19:33 - 2016-05-04 19:33 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\.mono
2016-05-04 19:33 - 2016-05-04 19:33 - 00000000 ____D C:\Users\jaakk\AppData\Local\Blizzard
2016-05-04 19:33 - 2016-05-04 19:33 - 00000000 ____D C:\ProgramData\.mono
2016-05-04 19:30 - 2016-05-04 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-05-04 19:29 - 2016-05-04 19:30 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-05-04 18:52 - 2016-05-16 00:49 - 00000000 ____D C:\Users\jaakk\AppData\Local\Battle.net
2016-05-04 18:52 - 2016-05-15 16:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-04 18:52 - 2016-05-04 18:52 - 00000000 ____D C:\Users\jaakk\AppData\Local\Blizzard Entertainment
2016-05-04 18:52 - 2016-05-04 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-05-04 18:52 - 2016-05-04 18:52 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-05-04 18:51 - 2016-05-04 18:59 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\Battle.net
2016-05-04 18:51 - 2016-05-04 18:51 - 00000000 ____D C:\ProgramData\Battle.net
2016-05-04 10:02 - 2016-05-14 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-05-04 10:02 - 2016-05-04 10:25 - 00000000 ____D C:\Users\jaakk\AppData\Local\NVIDIA
2016-05-04 10:02 - 2016-05-04 10:02 - 00000000 ____D C:\Users\jaakk\AppData\Local\NVIDIA Corporation
2016-05-04 10:02 - 2016-05-02 08:39 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-05-04 10:02 - 2016-05-02 08:39 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-05-04 10:02 - 2016-05-02 08:38 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-05-04 10:02 - 2016-05-02 08:38 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-05-04 10:02 - 2016-05-02 08:38 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-05-04 10:01 - 2016-05-15 16:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-04 10:01 - 2016-05-14 18:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-05-04 10:01 - 2016-05-10 02:35 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 02993088 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 01201600 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-05-04 10:01 - 2016-05-10 02:35 - 00530880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-05-04 10:01 - 2016-05-10 02:35 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-05-04 10:01 - 2016-05-08 00:24 - 06423191 _____ C:\Windows\system32\nvcoproc.bin
2016-05-04 10:01 - 2016-05-04 10:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-05-04 10:01 - 2016-04-27 17:33 - 00215608 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-04 10:01 - 2016-04-27 17:33 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-04 10:00 - 2016-05-13 07:58 - 12643392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-05-04 10:00 - 2016-05-10 07:05 - 20078656 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 17332320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 14227696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 03685280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 03262968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 00753208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-05-04 10:00 - 2016-05-10 07:05 - 00038050 _____ C:\Windows\system32\nvinfo.pb
2016-05-04 10:00 - 2016-05-04 10:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-05-04 10:00 - 2016-04-27 17:33 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436510.dll
2016-05-04 10:00 - 2016-04-27 17:33 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436510.dll
2016-05-04 10:00 - 2016-04-27 17:33 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-05-04 10:00 - 2016-04-27 17:33 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-05-04 10:00 - 2016-04-27 17:33 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-05-04 10:00 - 2016-04-14 08:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-05-04 09:56 - 2016-05-04 09:58 - 00209242 _____ C:\Windows\ntbtlog.txt
2016-05-04 09:03 - 2016-05-14 18:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-04 05:23 - 2016-05-04 05:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1-1-0-11-1.dll
2016-05-04 05:22 - 2016-05-04 05:22 - 00130848 _____ C:\Windows\system32\vulkan-1-1-0-11-1.dll
2016-05-04 05:22 - 2016-05-04 05:22 - 00045344 _____ C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
2016-05-04 05:22 - 2016-05-04 05:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe
2016-04-30 15:32 - 2016-04-30 15:32 - 00036312 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\fsfreedometap.sys
2016-04-30 15:32 - 2016-04-30 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2016-04-30 15:32 - 2016-04-30 15:32 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-04-30 15:30 - 2016-04-30 15:32 - 00000000 ____D C:\ProgramData\F-Secure
2016-04-24 04:27 - 2016-04-24 04:27 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2016-04-22 17:47 - 2016-04-24 04:25 - 00000000 ____D C:\Windows\Cnxt
2016-04-22 17:47 - 2016-04-24 04:25 - 00000000 ____D C:\ProgramData\Conexant
2016-04-17 00:13 - 2016-05-13 21:13 - 00000000 ____D C:\Users\jaakk\Documents\Dark Souls 3 Back up
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-16 00:37 - 2016-01-22 05:22 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-16 00:26 - 2016-01-24 20:18 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\Skype
2016-05-16 00:25 - 2016-01-22 05:42 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\Spotify
2016-05-15 23:59 - 2016-01-22 23:09 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D6B483A8-2B85-4D9D-90C4-AFF2DA13E7FD}
2016-05-15 20:11 - 2016-01-22 05:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-15 20:10 - 2016-01-22 05:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-15 19:05 - 2016-04-09 10:41 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-15 16:36 - 2016-01-23 03:10 - 00000000 ____D C:\Users\jaakk\AppData\Local\CrashDumps
2016-05-15 16:35 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\AppReadiness
2016-05-15 16:30 - 2016-01-22 05:19 - 01383594 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-15 16:30 - 2015-10-30 21:02 - 00435198 _____ C:\Windows\system32\perfh00B.dat
2016-05-15 16:30 - 2015-10-30 21:02 - 00081386 _____ C:\Windows\system32\perfc00B.dat
2016-05-15 16:30 - 2015-10-30 10:21 - 00000000 ____D C:\Windows\INF
2016-05-15 16:25 - 2016-01-22 07:08 - 00000000 ____D C:\ProgramData\Origin
2016-05-15 16:25 - 2016-01-22 05:42 - 00000000 ____D C:\Users\jaakk\AppData\Local\Spotify
2016-05-15 16:25 - 2016-01-22 05:22 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-15 16:24 - 2016-01-22 05:13 - 00000000 ____D C:\Users\jaakk
2016-05-15 16:24 - 2016-01-22 05:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-15 16:24 - 2015-10-30 09:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-05-14 19:09 - 2016-01-22 22:28 - 00000000 ____D C:\Users\jaakk\Documents\The Witcher 3
2016-05-14 18:03 - 2016-01-22 05:17 - 00000000 ___RD C:\Users\jaakk\OneDrive
2016-05-14 17:47 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-14 17:27 - 2016-04-02 00:52 - 00000000 ____D C:\Users\jaakk\Documents\DnD
2016-05-14 04:15 - 2015-10-30 10:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-13 23:49 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\rescache
2016-05-13 17:49 - 2016-01-27 17:48 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\vlc
2016-05-13 03:37 - 2016-01-22 05:22 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 17:31 - 2016-01-22 07:25 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-05-11 22:57 - 2015-10-30 10:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:57 - 2015-10-30 10:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 16:03 - 2016-01-22 05:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-11 16:03 - 2016-01-22 05:18 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-11 01:32 - 2016-01-22 05:22 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 01:32 - 2016-01-22 05:22 - 00003856 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:21 - 2016-01-22 05:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-10 22:19 - 2015-10-30 21:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-10 22:19 - 2015-10-30 10:24 - 00015703 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-05-10 22:19 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\oobe
2016-05-10 22:19 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-10 22:19 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\Provisioning
2016-05-10 22:19 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\bcastdvr
2016-05-10 22:15 - 2016-01-22 06:06 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 22:11 - 2016-01-22 06:06 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 15:16 - 2016-01-22 05:15 - 00000000 ____D C:\Users\jaakk\AppData\Local\Packages
2016-05-09 21:38 - 2016-01-23 02:46 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-09 21:22 - 2016-01-22 05:09 - 00352104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-09 19:33 - 2015-10-30 10:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-09 19:33 - 2015-10-30 10:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-09 19:14 - 2016-01-22 05:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-09 01:55 - 2016-01-22 07:07 - 00000000 ____D C:\Program Files (x86)\Origin
2016-05-08 22:06 - 2016-01-22 07:54 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\deluge
2016-05-06 12:01 - 2016-04-09 10:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-05-05 23:41 - 2016-04-09 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-04 17:39 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\NDF
2016-05-04 11:40 - 2016-01-22 05:22 - 00000000 ____D C:\Users\jaakk\AppData\Local\Google
2016-05-04 11:40 - 2016-01-22 05:22 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-04 10:01 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\Help
2016-05-04 09:58 - 2016-02-11 15:51 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-04 09:57 - 2016-02-11 15:51 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2016-05-04 09:34 - 2016-01-22 10:40 - 00000000 ____D C:\Users\jaakk\AppData\Local\ElevatedDiagnostics
2016-04-26 04:40 - 2016-01-22 05:17 - 00002390 _____ C:\Users\jaakk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-24 04:27 - 2016-01-23 04:41 - 00000000 ____D C:\Users\jaakk\AppData\Roaming\SteelSeries
2016-04-24 04:27 - 2016-01-23 04:41 - 00000000 ____D C:\Users\jaakk\AppData\Local\SteelSeries_ApS
2016-04-24 04:27 - 2016-01-22 07:45 - 00000000 ____D C:\ProgramData\SteelSeries
2016-04-24 04:27 - 2016-01-22 07:45 - 00000000 ____D C:\Program Files\SteelSeries
2016-04-22 18:02 - 2016-03-23 15:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-22 18:02 - 2016-01-22 05:42 - 00000000 ____D C:\ProgramData\Skype
2016-04-20 01:09 - 2016-01-31 23:49 - 00000000 ____D C:\ProgramData\HitmanPro
 
==================== Files in the root of some directories =======
 
2016-05-13 16:34 - 2016-05-13 16:34 - 0000218 _____ () C:\Users\jaakk\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
C:\Users\jaakk\AppData\Local\Temp\avgnt.exe
C:\Users\jaakk\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jaakk\AppData\Local\Temp\KUIU.EXE
C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\jaakk\AppData\Local\Temp\nvStInst.exe
C:\Users\jaakk\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jaakk\AppData\Local\Temp\sonarinst.exe
C:\Users\jaakk\AppData\Local\Temp\x2blapi.dll
C:\Users\jaakk\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-08 10:01
 
==================== End of FRST.txt ============================

Edited by JaskaTheK9, 15 May 2016 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 May 2016 - 06:20 PM

I don't see Additional.txt.Please post.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 JaskaTheK9

JaskaTheK9
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 May 2016 - 06:43 PM

oops, I accidentally made an duplicate thread (which got deleted) I think that one might have had the files. Here you go.

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 15 May 2016 - 07:34 PM

Hi friend,

 

Please Uninstall:F-Secure

And PC restart now.

================================================

 

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   2.49KB   3 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 JaskaTheK9

JaskaTheK9
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 15 May 2016 - 08:21 PM

Hey,

 

Whats the reason behind F-Secure Freedome uninstall?

 

Did all of the scans, here you go:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-05-2016
Ran by jaakk (2016-05-16 03:56:34) Run:2
Running from C:\Users\jaakk\Desktop
Loaded Profiles: jaakk (Available Profiles: jaakk)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [5401048 2016-04-30] (F-Secure Corporation)
CHR HKU\S-1-5-21-2270606022-1161141034-668459170-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [440280 2016-04-30] (F-Secure Corporation)
2016-04-30 15:32 - 2016-04-30 15:32 - 00000000 ____D C:\Program Files (x86)\F-Secure
2016-04-30 15:30 - 2016-04-30 15:32 - 00000000 ____D C:\ProgramData\F-Secure
2016-04-30 15:32 - 2016-04-30 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
C:\Users\jaakk\AppData\Local\Temp\avgnt.exe
C:\Users\jaakk\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jaakk\AppData\Local\Temp\KUIU.EXE
C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\jaakk\AppData\Local\Temp\nvStInst.exe
C:\Users\jaakk\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jaakk\AppData\Local\Temp\sonarinst.exe
C:\Users\jaakk\AppData\Local\Temp\x2blapi.dll
C:\Users\jaakk\AppData\Local\Temp\xmlUpdater.exe
Task: {48E53CA1-F92F-48A3-934D-EBBB13178922} - System32\Tasks\{967AA84C-45B3-4497-901C-D4EBED8AE759} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/fi/go/help.faq.installer?LastError=1603
Task: {603FFFEF-55C8-48B2-B61E-AB8611DF4A1B} - System32\Tasks\{F116742F-86A5-4A1D-95CA-634C572EB23D} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/fi/go/help.faq.installer?LastError=1603
Task: {89AE9446-7736-4BEC-80FF-2D40BAB8AF2C} - System32\Tasks\{7AFA0C86-DD60-40A6-96CC-DE18B9D80B61} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/fi/abandoninstall?page=tsBing
Task: {F0FA4AF0-2D84-4DD2-97B3-3F582F03230E} - System32\Tasks\{B8F10C55-13CE-4501-915C-05056CB359A2} => Chrome.exe hxxp://ui.skype.com/ui/0/7.21.0.100/fi/go/help.faq.installer?LastError=1603
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Emptytemp:
Reboot:
End 
 
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FreedomeAutoStart => value not found.
HKU\S-1-5-21-2270606022-1161141034-668459170-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found. 
HKU\S-1-5-21-2270606022-1161141034-668459170-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key not found. 
Freedome Service => service not found.
"C:\Program Files (x86)\F-Secure" => not found.
"C:\ProgramData\F-Secure" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome" => not found.
"C:\Users\jaakk\AppData\Local\Temp\avgnt.exe" => not found.
"C:\Users\jaakk\AppData\Local\Temp\dllnt_dump.dll" => not found.
"C:\Users\jaakk\AppData\Local\Temp\KUIU.EXE" => not found.
"C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI.dll" => not found.
"C:\Users\jaakk\AppData\Local\Temp\nvSCPAPI64.dll" => not found.
"C:\Users\jaakk\AppData\Local\Temp\nvStInst.exe" => not found.
"C:\Users\jaakk\AppData\Local\Temp\SkypeSetup.exe" => not found.
"C:\Users\jaakk\AppData\Local\Temp\sonarinst.exe" => not found.
"C:\Users\jaakk\AppData\Local\Temp\x2blapi.dll" => not found.
"C:\Users\jaakk\AppData\Local\Temp\xmlUpdater.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48E53CA1-F92F-48A3-934D-EBBB13178922} => key not found. 
C:\Windows\System32\Tasks\{967AA84C-45B3-4497-901C-D4EBED8AE759} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{967AA84C-45B3-4497-901C-D4EBED8AE759} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{603FFFEF-55C8-48B2-B61E-AB8611DF4A1B} => key not found. 
C:\Windows\System32\Tasks\{F116742F-86A5-4A1D-95CA-634C572EB23D} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F116742F-86A5-4A1D-95CA-634C572EB23D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89AE9446-7736-4BEC-80FF-2D40BAB8AF2C} => key not found. 
C:\Windows\System32\Tasks\{7AFA0C86-DD60-40A6-96CC-DE18B9D80B61} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7AFA0C86-DD60-40A6-96CC-DE18B9D80B61} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FA4AF0-2D84-4DD2-97B3-3F582F03230E} => key not found. 
C:\Windows\System32\Tasks\{B8F10C55-13CE-4501-915C-05056CB359A2} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B8F10C55-13CE-4501-915C-05056CB359A2} => key not found. 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {3E3A4B62-BBC2-404A-8661-0CBD0849D5DC}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting , failed.
K�ytt� estetty.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting , failed.
K�ytt� estetty.
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 1.2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 03:56:44 ====
 

# AdwCleaner v5.117 - Logfile created 16/05/2016 at 04:02:26
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : jaakk - JAAKKO
# Running from : C:\Users\jaakk\Desktop\adwcleaner_5.117.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [621 bytes] - [16/05/2016 04:02:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [693 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by jaakk (Administrator) on ma 16.05.2016 at  4.04.57,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 16.05.2016 at  4.05.40,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by jaakk (Administrator) on ma 16.05.2016 at  4.04.57,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 16.05.2016 at  4.05.40,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
~ ZHPCleaner v2016.5.13.66 by Nicolas Coolman (2016/05/13)
~ Run by jaakk (Administrator)  (16/05/2016 04:12:05)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\jaakk\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\jaakk\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (155)
MOVED folder: C:\Windows\Installer\MSI1043.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI10B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI10D0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1153.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI116E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI130C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI14B5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1543.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI15C1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI164F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI16A1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI175D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI183B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI189.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI19C5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1AB2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1C3D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1CBB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1D39.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1DC6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3F7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI57E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI62B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6B9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI756.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7A3C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7C13.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7D12.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7D90.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7E0E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7E8C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8004.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI814E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8239.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI880D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI889B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8938.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI89C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8A84.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8C1B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8DF1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8ECF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8F9B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9009.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9097.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9125.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9233.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9243.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI930F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI939D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI93AB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI941B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI94A8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9526.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI95DE.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI96BC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9788.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9825.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9894.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9912.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9A01.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9A7F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9AED.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9B6B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9BA0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9C09.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9C87.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9CBA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9D38.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9DB6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9E53.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA471.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA58B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA6F5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA86E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA8EC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA90C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA97A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA9BA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAA08.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAA86.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAB35.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIABB3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAC51.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIACFD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAFA9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB056.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB134.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB2DD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB38C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB4D8.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB556.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB5B4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB632.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC0D6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC192.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC2AC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC37A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC427.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC4A5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC552.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC60F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC72D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC7AB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC819.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC888.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC915.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC993.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID040.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID51D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID628.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID696.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID6B9.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID763.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID81F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDB2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDC19.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDD62.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDDEF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDE9E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE028.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE0C7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE15C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE1E4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE272.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE2E0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE35E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE5D2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE70B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE8A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEBD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEC0D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEEDD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF11A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF134.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF1D1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF26E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF32B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF47.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF522.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF5CC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF80F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF85F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF95C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF9B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFA67.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFAF4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFB5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFC0E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFC9C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFD1A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFE58.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFEF5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFFA2.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (4)
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\beta.speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\speedtest.net []  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\beta.speedtest.net [58]  =>PUP.Optional.ScriptHost
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\speedtest.net []  =>PUP.Optional.ScriptHost
 
 
---\\  Summary of the elements found (1)
http://www.nicolascoolman.fr/?p=1120  =>PUP.Optional.ScriptHost
 
 
---\\  Other deletions. (16)
~ Registry Keys Tracing deleted (16)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 609
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 159
 
 
~ End of clean in 00h00mn11s
~====================
ZHPCleaner-[R]-16052016-04_12_16.txt
ZHPCleaner-[S]-16052016-04_10_47.txt
 

Attached Files



#6 JaskaTheK9

JaskaTheK9
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 16 May 2016 - 11:37 AM

Heya!

 

So I did some of testings of my own and this is what I found out. Its not very scientific but it makes sense in my head:

 

So the hidden address contains the line >"\Microsoft.Windows.Photos_8wekyb3d8bbwe" . With an educated guess, I would assume that has something to do with Windows 10 photo viewer. Reboot computer do scan, 0 hidden files found. Open one photo from my pictures library, do the scan again 1 hidden file found. Reboot PC again, did two scans, both times 0 hidden objects found. Open photo from the pictures libary, do scan again, 30 hidden files found, all with the >"\Microsoft.Windows.Photos_8wekyb3d8bbwe" in their name. Reboot, once again 0 files found. 

 

I also noticed that it reported something with >"Office16" in their names, 2 hidden files. I had opened Word 2016 document few minutes before doing the scan. 

 

So making an educated guess, the Windows update last week + my office updating to 16 version does not gel well with Avira for somereason. 

 

Since other programs find nothing, and there are no other symptoms i'm leaning towards the idea that this is probably nothing to worry about. What do you think?



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 16 May 2016 - 12:50 PM

Hi again,

 

Whats the reason behind F-Secure Freedome uninstall?
I apologize for my F-Secure Freedom.Please forgive me. I thought of him as antivirus derivatives.

What do you think?

Your system looks very clean.Probably is the situation like your think.In fact, avira is a software that my also like. But its see some  hidden files, is not a bad thing and normal can be counted.

========================================

Run Eset Online Scan
 

All browsers should be closed.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 JaskaTheK9

JaskaTheK9
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 16 May 2016 - 01:35 PM

Hey,

 

ESET took its time and scanned the PC and came up with nothing. It didn't give me option to export any logs about it, but in this case it does not really matter. I would say that this case is closed since there are no signs of an infection.

 

Thanks for your help.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 16 May 2016 - 02:40 PM

Hey,

 

ESET took its time and scanned the PC and came up with nothing. It didn't give me option to export any logs about it, but in this case it does not really matter. I would say that this case is closed since there are no signs of an infection.

 

Thanks for your help.

well okay.

 

Your PC are clean.

Thank you and Good Luck :thumbup2:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:00 PM

Posted 16 May 2016 - 02:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users