Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible SysWow64 (+more) infections


  • This topic is locked This topic is locked
50 replies to this topic

#1 glny

glny

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 13 June 2016 - 09:10 AM

Hello

 

I've experienced some unusual behaviour recently-  by using sysinternals-tools i've identified new users with administrator priviliges and services (SkypeHost.exe, amoung others) with not verificiational signature. 

 

I've made a FRST-log - please do say If I can do anything else:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by glny_ecnh7e4 (administrator) on DESKTOP-0K79A3N (11-06-2016 18:45:35)
Running from D:\Overførsler
Loaded Profiles: glny_ecnh7e4 (Available Profiles: glny & glny_ecnh7e4)
Platform: Windows 10 Pro Version 1511 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Farbar) D:\Overførsler\sses.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105824 2016-06-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [f.lux] => C:\Users\glny_ecnh7e4\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [Spotify] => C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-05-28] (Spotify Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [uTorrent] => C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2016-01-02] (BitTorrent Inc.)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [Spotify Web Helper] => C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-28] (Spotify Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-10] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{6d1cc0da-dccb-4bcf-9a90-ed618ca66166}: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{7af6c22b-41ef-4348-ac89-fd443d21700b}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{b7cc9ea4-d416-45ff-a81f-5a075ca12a1a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{be916d72-80d5-4918-acc7-8d07cd8778b4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{d6f4af6f-9f0f-4761-a38a-96b58472c813}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{e97234f9-c950-4e69-9b1c-cdc24679ed86}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{fd91fd0b-31d3-4f5a-85e4-030130203550}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Programs\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programs\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programs\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-11-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-07] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://ekstrabladet.dk/
CHR StartupUrls: Default -> "","hxxp://www.boligportal.dk/lejebolig/din_find_bolig_pakke.php"
CHR Profile: C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Præsentation) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Dokumenter) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drev) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Google-søgning) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Dropbox til Gmail) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-04]
CHR Extension: (Google Ark) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Date Countdown) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbmbpihmhcjkagbbnfdikmjieigakgj [2015-07-27]
CHR Extension: (StumbleUpon) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2015-07-30]
CHR Extension: (The Great Suspender) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-04-02]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-24] (Dropbox, Inc.)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-02-17] (Razer Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-07-27] (DT Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-04-02] (REALiX™)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-08-31] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-04-02] (Realtek                                            )
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2014-12-11] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 18:45 - 2016-06-11 18:45 - 00000000 ____D C:\FRST
2016-06-11 18:44 - 2016-06-11 18:45 - 00241138 _____ C:\WINDOWS\ntbtlog.txt
2016-06-11 18:10 - 2016-06-11 18:10 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\SYS
2016-06-11 00:50 - 2016-06-11 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-07 21:37 - 2016-06-10 21:37 - 00003870 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Perform upgrade
2016-06-07 19:11 - 2016-06-07 19:11 - 00003470 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-06-07 19:11 - 2016-06-07 19:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-07 18:16 - 2016-06-07 18:16 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\ProgramData\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\Program Files\ESET
2016-06-06 19:09 - 2016-06-07 15:00 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-06 19:07 - 2016-06-11 17:52 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-06-06 19:07 - 2016-02-05 08:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\glny_ecnh7e4\Desktop\procexp.exe
2016-06-06 19:04 - 2016-04-11 14:38 - 00855216 ____N (Sysinternals - www.sysinternals.com) C:\Users\glny_ecnh7e4\Desktop\sigcheck61.exe
2016-06-06 08:36 - 2016-06-06 08:36 - 00002884 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-06-06 08:36 - 2016-06-06 08:36 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-06 08:36 - 2016-06-06 08:36 - 00000000 ____D C:\Program Files\CCleaner
2016-06-06 08:29 - 2016-06-06 08:30 - 00123970 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_08.29.33_log.txt
2016-06-04 02:51 - 2016-06-04 02:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\79853E3E.sys
2016-06-02 05:47 - 2016-06-02 05:47 - 00000000 ____D C:\ProgramData\Sophos
2016-06-02 05:46 - 2016-06-02 05:46 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-06-02 05:46 - 2016-06-02 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-06-02 05:46 - 2016-06-02 05:46 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-06-01 22:23 - 2016-06-01 22:23 - 00000020 ___SH C:\Users\glny\ntuser.ini
2016-06-01 22:23 - 2016-06-01 22:23 - 00000000 ____D C:\Users\glny\AppData\Local\NVIDIA Corporation
2016-06-01 22:23 - 2016-06-01 22:23 - 00000000 ____D C:\Users\glny\AppData\Local\NVIDIA
2016-06-01 13:57 - 2016-06-01 13:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-01 13:57 - 2016-05-20 03:57 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-06-01 13:57 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-01 13:57 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-01 13:57 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-01 13:57 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-01 13:56 - 2016-06-01 13:57 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-01 13:56 - 2016-06-01 13:56 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 13120760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 12986528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 10521552 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 06343320 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 05777704 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05289952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 03299832 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 03152591 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 02823280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02714568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02437144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02110600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01943624 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01601952 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01435152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01421104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01330072 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01211840 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01186168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01060504 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01022872 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00998032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00927424 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00923752 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00888480 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00716104 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00596120 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00589080 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-06-01 13:56 - 2016-06-01 13:56 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00471336 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00450128 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00416512 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00370840 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00366128 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00360352 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00224264 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00203848 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00190944 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00190944 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00179608 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00172584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00118600 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00065792 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-01 13:56 - 2016-06-01 13:56 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-06-01 13:56 - 2016-05-21 23:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-06-01 13:56 - 2016-05-21 23:09 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-06-01 13:56 - 2016-05-21 23:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 31639096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 25401280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 21802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 21346520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 18145256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17740664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17662432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17379520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 10642912 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 08733280 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 02791360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 02419768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00772152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00708032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00379480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00178136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00153416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00131768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-06-01 13:56 - 2016-05-20 10:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-06-01 13:54 - 2016-06-01 13:54 - 00000000 ____D C:\Intel
2016-06-01 13:45 - 2016-06-01 13:45 - 00025640 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2016-06-01 13:43 - 2016-06-01 13:45 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Ny mappe (2)
2016-06-01 13:36 - 2016-06-01 13:36 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-06-01 13:36 - 2016-06-01 13:36 - 00000000 ____D C:\Program Files\Speccy
2016-06-01 06:52 - 2016-06-11 18:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-01 06:44 - 2016-06-01 06:44 - 00000000 ____D C:\Quarantine
2016-06-01 06:43 - 2016-06-01 06:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-06-01 06:43 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-06-01 06:43 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-06-01 06:32 - 2016-06-01 06:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7F657D76.sys
2016-05-29 16:20 - 2016-05-29 16:20 - 00123167 _____ C:\Users\glny_ecnh7e4\Desktop\betalt d. 30.05.2016.PDF
2016-05-26 17:42 - 2016-05-26 17:42 - 00000000 ____D C:\Program Files\McAfee
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-11 18:42 - 2016-03-11 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-11 18:42 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-11 18:41 - 2016-03-04 19:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-11 18:41 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-11 18:40 - 2016-03-11 14:10 - 00000000 ____D C:\Users\glny_ecnh7e4
2016-06-11 18:03 - 2015-08-12 19:20 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Battle.net
2016-06-11 17:54 - 2015-07-24 04:01 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-11 17:52 - 2016-03-31 22:14 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Soundnode
2016-06-11 17:50 - 2015-07-24 04:45 - 00001016 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-11 13:43 - 2015-08-12 19:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-11 12:45 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 12:44 - 2015-10-30 20:26 - 00464502 _____ C:\WINDOWS\system32\perfh006.dat
2016-06-11 12:44 - 2015-10-30 20:26 - 00079354 _____ C:\WINDOWS\system32\perfc006.dat
2016-06-11 12:44 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-11 12:44 - 2015-09-01 18:17 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F964692B-C7A4-4422-A4A2-CE5F6E30CE58}
2016-06-11 12:44 - 2015-07-24 03:48 - 01410868 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-11 12:43 - 2016-04-01 02:20 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-11 12:43 - 2015-07-24 04:45 - 00001012 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-11 12:43 - 2015-07-24 04:01 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-11 12:43 - 2015-07-24 03:43 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-06-11 08:50 - 2015-07-29 22:02 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify
2016-06-11 00:50 - 2015-07-24 04:45 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-10 21:46 - 2015-07-29 22:03 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Spotify
2016-06-09 20:27 - 2015-07-24 04:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-09 13:54 - 2015-07-24 04:02 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-08 19:53 - 2015-09-10 10:51 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\CrashDumps
2016-06-08 19:51 - 2016-01-02 20:03 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent
2016-06-08 19:47 - 2015-07-27 18:45 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Dropbox
2016-06-08 16:29 - 2015-08-05 21:44 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\vlc
2016-06-06 08:49 - 2016-04-02 01:51 - 00000000 ____D C:\Program Files (x86)\Yamicsoft
2016-06-03 16:54 - 2015-08-12 19:38 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\ElevatedDiagnostics
2016-06-03 16:23 - 2016-03-20 14:51 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Bryllup
2016-06-02 23:46 - 2015-08-11 13:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-01 22:35 - 2015-08-12 19:25 - 00000000 ____D C:\Diablo III
2016-06-01 22:23 - 2016-03-11 14:10 - 00000000 ____D C:\Users\glny
2016-06-01 22:23 - 2015-07-24 03:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-01 13:58 - 2016-03-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-01 13:58 - 2016-03-04 19:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-01 13:58 - 2015-09-17 15:44 - 00000000 ____D C:\temp
2016-06-01 13:56 - 2016-04-02 01:38 - 00002227 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-06-01 13:56 - 2016-03-11 14:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-01 13:55 - 2016-04-02 01:35 - 00000000 ____D C:\ProgramData\ProductData
2016-06-01 13:54 - 2015-09-17 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-01 06:43 - 2016-03-04 20:03 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-06-01 06:43 - 2016-03-04 19:29 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\NVIDIA
2016-06-01 06:37 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-29 16:37 - 2015-09-17 15:35 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Milo-rod
2016-05-29 15:21 - 2015-07-27 18:44 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Packages
2016-05-22 23:02 - 2015-11-10 04:15 - 13509184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-20 10:03 - 2015-11-10 04:17 - 20305768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-20 10:03 - 2015-11-10 04:13 - 14410024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-20 10:03 - 2015-11-10 04:09 - 03811440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-20 10:03 - 2015-11-10 04:09 - 03371648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-20 10:03 - 2015-11-10 02:12 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-20 04:08 - 2016-03-04 19:28 - 06348344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-20 04:08 - 2016-03-04 19:28 - 00533560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-18 10:37 - 2016-03-04 19:28 - 06448223 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-05-16 19:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-13 14:58 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 22:30 - 2015-10-30 20:30 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 22:30 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 22:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 22:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 22:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 22:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Files in the root of some directories =======
 
2015-07-27 18:51 - 2015-07-27 18:51 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2016-01-02 20:36 - 2016-01-02 20:54 - 0007605 _____ () C:\Users\glny_ecnh7e4\AppData\Local\Resmon.ResmonCfg
2016-06-01 13:56 - 2016-06-01 13:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\glny_ecnh7e4\AppData\Local\Temp\procexp64.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-07 16:05
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 16 June 2016 - 06:48 AM

Hi glny :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

It looks like I'm missing the Addition.txt log, follow the instructions below to run FRST again, and provide me a fresh pair of FRST.txt and Addition.txt log please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 17 June 2016 - 08:07 AM

Hello Yoan and thank you for engaging in my Malware hunt! - my name is Glenn, nice to meet you!

 

I've made a fresh scan and the logs are following here:

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01

Ran by glny_ecnh7e4 (administrator) on DESKTOP-0K79A3N (17-06-2016 15:04:25)
Running from D:\Overførsler
Loaded Profiles: glny_ecnh7e4 (Available Profiles: glny & glny_ecnh7e4)
Platform: Windows 10 Pro Version 1511 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(BitTorrent Inc.) C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Auslogics) C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-05-08] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105824 2016-06-11] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [f.lux] => C:\Users\glny_ecnh7e4\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [Spotify] => C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify\Spotify.exe [6859888 2016-05-28] (Spotify Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [uTorrent] => C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2016-01-02] (BitTorrent Inc.)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [Spotify Web Helper] => C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-28] (Spotify Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\RunOnce: [Uninstall C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-11] (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{6d1cc0da-dccb-4bcf-9a90-ed618ca66166}: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{b7cc9ea4-d416-45ff-a81f-5a075ca12a1a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{be916d72-80d5-4918-acc7-8d07cd8778b4}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{d6f4af6f-9f0f-4761-a38a-96b58472c813}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Programs\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\ssv.dll [2016-05-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-05-08] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Programs\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\glny_ecnh7e4\AppData\Roaming\Mozilla\Firefox\Profiles\2j0fupmt.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Keyword.URL: hxxps://www.google.com/search?q=
FF Plugin: @videolan.org/vlc,version=2.2.1 -> D:\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Programs\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-05-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-11-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2016-06-07] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://ekstrabladet.dk/
CHR StartupUrls: Default -> "","hxxp://www.boligportal.dk/lejebolig/din_find_bolig_pakke.php"
CHR Profile: C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Præsentation) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27]
CHR Extension: (Google Dokumenter) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27]
CHR Extension: (Google Drev) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-søgning) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Dropbox til Gmail) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-04]
CHR Extension: (Google Ark) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02]
CHR Extension: (Date Countdown) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbmbpihmhcjkagbbnfdikmjieigakgj [2015-07-27]
CHR Extension: (StumbleUpon) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2015-07-30]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\glny_ecnh7e4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-24] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-02-17] (Razer Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-07-27] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-04-02] (REALiX™)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2016-06-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-08-31] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-04-02] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2014-12-11] (Synaptics Incorporated)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 taphss6; \SystemRoot\System32\drivers\taphss6.sys [X]
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-15 17:38 - 2016-05-28 08:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 17:38 - 2016-05-28 08:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 17:38 - 2016-05-28 07:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 17:38 - 2016-05-28 07:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 17:38 - 2016-05-28 06:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 17:38 - 2016-05-28 06:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 17:38 - 2016-05-28 06:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 17:38 - 2016-05-28 06:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 17:38 - 2016-05-28 06:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 17:38 - 2016-05-28 06:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 17:38 - 2016-05-28 06:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 17:38 - 2016-05-28 06:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 17:38 - 2016-05-28 06:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 17:38 - 2016-05-28 06:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 17:38 - 2016-05-28 06:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 17:38 - 2016-05-28 06:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 17:38 - 2016-05-28 06:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 17:38 - 2016-05-28 06:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 17:38 - 2016-05-28 06:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 17:38 - 2016-05-28 06:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 17:38 - 2016-05-28 06:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 17:38 - 2016-05-28 06:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 17:38 - 2016-05-28 06:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 17:38 - 2016-05-28 06:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 17:38 - 2016-05-28 06:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 17:38 - 2016-05-28 06:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 17:38 - 2016-05-28 06:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 17:38 - 2016-05-28 06:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 17:38 - 2016-05-28 06:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 17:38 - 2016-05-28 06:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 17:38 - 2016-05-28 06:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 17:38 - 2016-05-28 06:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 17:38 - 2016-05-28 06:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 17:38 - 2016-05-28 06:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 17:38 - 2016-05-28 06:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 17:38 - 2016-05-28 06:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 17:38 - 2016-05-28 06:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 17:38 - 2016-05-28 06:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 17:38 - 2016-05-28 06:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 17:38 - 2016-05-28 06:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 17:38 - 2016-05-28 06:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 17:38 - 2016-05-28 06:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 17:38 - 2016-05-28 06:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 17:38 - 2016-05-28 06:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 17:38 - 2016-05-28 06:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 17:38 - 2016-05-28 06:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 17:38 - 2016-05-28 06:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 17:38 - 2016-05-28 06:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 17:38 - 2016-05-28 05:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 17:38 - 2016-05-28 05:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 17:37 - 2016-05-28 08:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 17:37 - 2016-05-28 08:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 17:37 - 2016-05-28 08:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 17:37 - 2016-05-28 08:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 17:37 - 2016-05-28 07:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 17:37 - 2016-05-28 07:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 17:37 - 2016-05-28 07:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 17:37 - 2016-05-28 07:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 17:37 - 2016-05-28 07:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 17:37 - 2016-05-28 07:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 17:37 - 2016-05-28 07:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 17:37 - 2016-05-28 07:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 17:37 - 2016-05-28 07:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 17:37 - 2016-05-28 07:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 17:37 - 2016-05-28 07:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 17:37 - 2016-05-28 07:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 17:37 - 2016-05-28 07:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 17:37 - 2016-05-28 07:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 17:37 - 2016-05-28 07:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 17:37 - 2016-05-28 07:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 17:37 - 2016-05-28 07:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 17:37 - 2016-05-28 07:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 17:37 - 2016-05-28 07:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 17:37 - 2016-05-28 07:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 17:37 - 2016-05-28 07:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 17:37 - 2016-05-28 07:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 17:37 - 2016-05-28 07:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 17:37 - 2016-05-28 07:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 17:37 - 2016-05-28 07:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 17:37 - 2016-05-28 07:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 17:37 - 2016-05-28 07:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 17:37 - 2016-05-28 07:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 17:37 - 2016-05-28 07:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 17:37 - 2016-05-28 07:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 17:37 - 2016-05-28 07:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 17:37 - 2016-05-28 07:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 17:37 - 2016-05-28 07:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 17:37 - 2016-05-28 07:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 17:37 - 2016-05-28 07:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 17:37 - 2016-05-28 06:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 17:37 - 2016-05-28 06:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 17:37 - 2016-05-28 06:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 17:37 - 2016-05-28 06:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 17:37 - 2016-05-28 06:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 17:37 - 2016-05-28 06:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 17:37 - 2016-05-28 06:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 17:37 - 2016-05-28 06:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 17:37 - 2016-05-28 06:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 17:37 - 2016-05-28 06:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 17:37 - 2016-05-28 06:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 17:37 - 2016-05-28 06:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 17:37 - 2016-05-28 06:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 17:37 - 2016-05-28 06:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 17:37 - 2016-05-28 06:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 17:37 - 2016-05-28 06:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 17:37 - 2016-05-28 06:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpscript.dll
2016-06-15 17:37 - 2016-05-28 06:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 17:37 - 2016-05-28 06:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 17:37 - 2016-05-28 06:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 17:37 - 2016-05-28 06:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 17:37 - 2016-05-28 06:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 17:37 - 2016-05-28 06:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 17:37 - 2016-05-28 06:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 17:37 - 2016-05-28 06:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 17:37 - 2016-05-28 06:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 17:37 - 2016-05-28 06:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 17:37 - 2016-05-28 06:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 17:37 - 2016-05-28 06:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 17:37 - 2016-05-28 06:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 17:37 - 2016-05-28 06:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 17:37 - 2016-05-28 06:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 17:37 - 2016-05-28 06:21 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpscript.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 17:37 - 2016-05-28 06:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 17:37 - 2016-05-28 06:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 17:37 - 2016-05-28 06:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 17:37 - 2016-05-28 06:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 17:37 - 2016-05-28 06:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 17:37 - 2016-05-28 06:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 17:37 - 2016-05-28 06:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2016-06-15 17:37 - 2016-05-28 06:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 17:37 - 2016-05-28 06:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 17:37 - 2016-05-28 06:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 17:37 - 2016-05-28 06:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 17:37 - 2016-05-28 06:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 17:37 - 2016-05-28 06:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 17:37 - 2016-05-28 06:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 17:37 - 2016-05-28 06:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 17:37 - 2016-05-28 06:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 17:37 - 2016-05-28 06:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 17:37 - 2016-05-28 06:15 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2016-06-15 17:37 - 2016-05-28 06:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 17:37 - 2016-05-28 06:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 17:37 - 2016-05-28 06:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 17:37 - 2016-05-28 06:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 17:37 - 2016-05-28 06:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 17:37 - 2016-05-28 06:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 17:37 - 2016-05-28 06:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 17:37 - 2016-05-28 06:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 17:37 - 2016-05-28 06:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 17:37 - 2016-05-28 06:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 17:37 - 2016-05-28 06:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 17:37 - 2016-05-28 06:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 17:37 - 2016-05-28 06:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 17:37 - 2016-05-28 06:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 17:37 - 2016-05-28 06:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 17:37 - 2016-05-28 06:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 17:37 - 2016-05-28 06:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 17:37 - 2016-05-28 06:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 17:37 - 2016-05-28 06:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 17:37 - 2016-05-28 06:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 17:37 - 2016-05-28 06:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 17:37 - 2016-05-28 06:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 17:37 - 2016-05-28 06:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 17:37 - 2016-05-28 06:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 17:37 - 2016-05-28 06:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 17:37 - 2016-05-28 06:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 17:37 - 2016-05-28 06:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 17:37 - 2016-05-28 06:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 17:37 - 2016-05-28 06:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 17:37 - 2016-05-28 06:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 17:37 - 2016-05-28 06:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 17:37 - 2016-05-28 06:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 17:37 - 2016-05-28 06:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 17:37 - 2016-05-28 06:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 17:37 - 2016-05-28 06:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 17:37 - 2016-05-28 06:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 17:37 - 2016-05-28 06:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 17:37 - 2016-05-28 06:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 17:37 - 2016-05-28 06:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 17:37 - 2016-05-28 06:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 17:37 - 2016-05-28 06:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 17:37 - 2016-05-28 06:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 17:37 - 2016-05-28 06:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 17:37 - 2016-05-28 05:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 17:37 - 2016-05-28 05:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 17:37 - 2016-05-28 05:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 17:37 - 2016-05-28 05:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 17:37 - 2016-05-28 05:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 17:37 - 2016-05-28 05:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 17:37 - 2016-05-28 05:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-13 19:43 - 2016-06-13 19:49 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Mozilla
2016-06-13 19:43 - 2016-06-13 19:43 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\Mozilla
2016-06-13 19:42 - 2016-06-13 19:42 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-13 19:42 - 2016-06-13 19:42 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-13 19:42 - 2016-06-13 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-13 09:51 - 2016-06-13 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-11 18:45 - 2016-06-17 15:04 - 00000000 ____D C:\FRST
2016-06-11 18:10 - 2016-06-11 18:10 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\SYS
2016-06-07 21:37 - 2016-06-16 21:37 - 00003870 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Perform upgrade
2016-06-07 19:11 - 2016-06-14 19:11 - 00003470 _____ C:\WINDOWS\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-06-07 19:11 - 2016-06-07 19:11 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-07 18:16 - 2016-06-07 18:16 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\ProgramData\ESET
2016-06-07 18:09 - 2016-06-07 18:09 - 00000000 ____D C:\Program Files\ESET
2016-06-06 19:09 - 2016-06-07 15:00 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-06 19:07 - 2016-06-12 16:34 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2016-06-06 19:07 - 2016-02-05 08:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\glny_ecnh7e4\Desktop\procexp.exe
2016-06-06 19:04 - 2016-04-11 14:38 - 00855216 ____N (Sysinternals - www.sysinternals.com) C:\Users\glny_ecnh7e4\Desktop\sigcheck61.exe
2016-06-06 08:36 - 2016-06-06 08:36 - 00002884 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-06-06 08:36 - 2016-06-06 08:36 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-06-06 08:36 - 2016-06-06 08:36 - 00000000 ____D C:\Program Files\CCleaner
2016-06-06 08:29 - 2016-06-06 08:30 - 00123970 _____ C:\TDSSKiller.3.1.0.9_06.06.2016_08.29.33_log.txt
2016-06-04 02:51 - 2016-06-04 02:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\79853E3E.sys
2016-06-02 05:47 - 2016-06-02 05:47 - 00000000 ____D C:\ProgramData\Sophos
2016-06-02 05:46 - 2016-06-02 05:46 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-06-02 05:46 - 2016-06-02 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-06-02 05:46 - 2016-06-02 05:46 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-06-01 22:23 - 2016-06-01 22:23 - 00000020 ___SH C:\Users\glny\ntuser.ini
2016-06-01 22:23 - 2016-06-01 22:23 - 00000000 ____D C:\Users\glny\AppData\Local\NVIDIA Corporation
2016-06-01 22:23 - 2016-06-01 22:23 - 00000000 ____D C:\Users\glny\AppData\Local\NVIDIA
2016-06-01 13:57 - 2016-06-01 13:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-01 13:57 - 2016-05-20 03:57 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-06-01 13:57 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-01 13:57 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-01 13:57 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-01 13:57 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-01 13:56 - 2016-06-01 13:56 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 13120760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 12986528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 10521552 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 06343320 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 05777704 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 05289952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 03299832 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 03152591 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2016-06-01 13:56 - 2016-06-01 13:56 - 02823280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02714568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02437144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 02110600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01943624 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01601952 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01435152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01421104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01330072 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01211840 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01186168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01060504 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01022872 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00998032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00927424 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00923752 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00888480 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00716104 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00596120 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00589080 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-06-01 13:56 - 2016-06-01 13:56 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00471336 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00450128 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00416512 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00370840 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00366128 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00360352 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00224264 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00203848 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00190944 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00190944 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00179608 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00172584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00118600 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00065792 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2016-06-01 13:56 - 2016-06-01 13:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-06-01 13:56 - 2016-06-01 13:56 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-06-01 13:56 - 2016-05-21 23:09 - 01581624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll
2016-06-01 13:56 - 2016-05-21 23:09 - 00141256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-06-01 13:56 - 2016-05-21 23:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 35117112 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 31639096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 25401280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 21802816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 21346520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 18145256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17740664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17662432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 17379520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 10642912 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 08733280 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 02791360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 02419768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436822.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436822.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00909760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00772152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00708032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00632664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00549240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00452616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00379480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00315936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00178136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00155952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00153416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00131768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-06-01 13:56 - 2016-05-20 10:03 - 00000594 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-06-01 13:56 - 2016-05-20 10:03 - 00000594 _____ C:\WINDOWS\system32\nv-vk64.json
2016-06-01 13:54 - 2016-06-01 13:54 - 00000000 ____D C:\Intel
2016-06-01 13:45 - 2016-06-01 13:45 - 00025640 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2016-06-01 13:45 - 2016-06-01 13:45 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2016-06-01 13:43 - 2016-06-01 13:45 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Ny mappe (2)
2016-06-01 13:36 - 2016-06-01 13:36 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-06-01 13:36 - 2016-06-01 13:36 - 00000000 ____D C:\Program Files\Speccy
2016-06-01 06:52 - 2016-06-11 18:44 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-01 06:44 - 2016-06-01 06:44 - 00000000 ____D C:\Quarantine
2016-06-01 06:43 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-06-01 06:43 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-06-01 06:32 - 2016-06-01 06:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\7F657D76.sys
2016-05-29 16:20 - 2016-05-29 16:20 - 00123167 _____ C:\Users\glny_ecnh7e4\Desktop\betalt d. 30.05.2016.PDF
2016-05-26 17:42 - 2016-05-26 17:42 - 00000000 ____D C:\Program Files\McAfee
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-17 15:04 - 2016-01-02 20:03 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent
2016-06-17 14:57 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 14:54 - 2015-07-24 04:01 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 14:50 - 2015-07-24 04:45 - 00001016 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-17 09:32 - 2015-09-01 18:17 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F964692B-C7A4-4422-A4A2-CE5F6E30CE58}
2016-06-17 04:50 - 2015-07-24 04:45 - 00001012 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-17 02:54 - 2015-07-24 04:01 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 02:49 - 2016-04-01 02:20 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-17 00:43 - 2015-08-05 21:44 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\vlc
2016-06-16 23:27 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-16 23:27 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-16 19:39 - 2015-07-24 03:43 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-06-16 19:37 - 2016-03-11 14:10 - 00000000 ____D C:\Users\glny_ecnh7e4
2016-06-16 19:37 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-16 19:37 - 2015-07-24 03:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-16 18:38 - 2015-10-30 20:26 - 00464502 _____ C:\WINDOWS\system32\perfh006.dat
2016-06-16 18:38 - 2015-10-30 20:26 - 00079354 _____ C:\WINDOWS\system32\perfc006.dat
2016-06-16 18:38 - 2015-07-24 03:48 - 01410868 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-16 18:32 - 2016-03-11 14:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-16 18:32 - 2016-03-11 14:08 - 00270176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 18:32 - 2016-03-04 19:25 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-16 18:31 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 18:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-16 18:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-16 18:31 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-16 18:08 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 18:08 - 2015-07-24 04:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-16 18:07 - 2015-08-13 22:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 18:02 - 2015-08-13 22:11 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-16 16:21 - 2015-10-07 21:18 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\dvdcss
2016-06-16 16:20 - 2015-07-29 22:03 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Spotify
2016-06-16 16:04 - 2015-07-29 22:02 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Roaming\Spotify
2016-06-16 04:36 - 2016-03-31 22:14 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Soundnode
2016-06-16 04:27 - 2015-08-12 19:20 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Battle.net
2016-06-15 22:54 - 2015-07-24 04:02 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 19:42 - 2015-07-25 04:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-13 17:27 - 2015-08-12 19:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-13 09:51 - 2015-07-24 04:45 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-12 17:18 - 2016-03-20 14:51 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Bryllup
2016-06-12 11:06 - 2015-09-10 10:51 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\CrashDumps
2016-06-08 19:47 - 2015-07-27 18:45 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Dropbox
2016-06-06 08:49 - 2016-04-02 01:51 - 00000000 ____D C:\Program Files (x86)\Yamicsoft
2016-06-03 16:54 - 2015-08-12 19:38 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\ElevatedDiagnostics
2016-06-02 23:46 - 2015-08-11 13:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-01 22:35 - 2015-08-12 19:25 - 00000000 ____D C:\Diablo III
2016-06-01 22:23 - 2016-03-11 14:10 - 00000000 ____D C:\Users\glny
2016-06-01 13:58 - 2016-03-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-06-01 13:58 - 2016-03-04 19:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-06-01 13:58 - 2015-09-17 15:44 - 00000000 ____D C:\temp
2016-06-01 13:56 - 2016-04-02 01:38 - 00002227 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-06-01 13:56 - 2016-03-11 14:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-06-01 13:55 - 2016-04-02 01:35 - 00000000 ____D C:\ProgramData\ProductData
2016-06-01 13:54 - 2015-09-17 15:45 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-01 06:43 - 2016-03-04 20:03 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-06-01 06:43 - 2016-03-04 19:29 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\NVIDIA
2016-05-29 16:37 - 2015-09-17 15:35 - 00000000 ____D C:\Users\glny_ecnh7e4\Desktop\Milo-rod
2016-05-29 15:21 - 2015-07-27 18:44 - 00000000 ____D C:\Users\glny_ecnh7e4\AppData\Local\Packages
2016-05-28 07:55 - 2016-03-11 14:11 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-05-22 23:02 - 2015-11-10 04:15 - 13509184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-05-20 10:03 - 2015-11-10 04:17 - 20305768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-05-20 10:03 - 2015-11-10 04:13 - 14410024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-05-20 10:03 - 2015-11-10 04:09 - 03811440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-05-20 10:03 - 2015-11-10 04:09 - 03371648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-05-20 10:03 - 2015-11-10 02:12 - 00040084 _____ C:\WINDOWS\system32\nvinfo.pb
2016-05-20 04:08 - 2016-03-04 19:28 - 06348344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 02454976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 01352760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-05-20 04:08 - 2016-03-04 19:28 - 00533560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-05-20 04:08 - 2016-03-04 19:28 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-05-18 10:37 - 2016-03-04 19:28 - 06448223 _____ C:\WINDOWS\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2015-07-27 18:51 - 2015-07-27 18:51 - 0000000 _____ () C:\Program Files (x86)\Common Files\AMD
2016-01-02 20:36 - 2016-01-02 20:54 - 0007605 _____ () C:\Users\glny_ecnh7e4\AppData\Local\Resmon.ResmonCfg
2016-06-01 13:56 - 2016-06-01 13:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 14:31
 
==================== End of FRST.txt ============================
 
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by glny_ecnh7e4 (2016-06-17 15:04:57)
Running from D:\Overførsler
Windows 10 Pro Version 1511 (X64) (2016-03-11 12:18:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3547841046-1106075004-863533779-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3547841046-1106075004-863533779-503 - Limited - Disabled)
glny (S-1-5-21-3547841046-1106075004-863533779-1001 - Administrator - Enabled) => C:\Users\glny
glny_ecnh7e4 (S-1-5-21-3547841046-1106075004-863533779-1008 - Administrator - Enabled) => C:\Users\glny_ecnh7e4
Gæst (S-1-5-21-3547841046-1106075004-863533779-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3547841046-1106075004-863533779-1011 - Limited - Enabled)
milo_i8i42ae (S-1-5-21-3547841046-1106075004-863533779-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
µTorrent (HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E13AD90-B703-526D-D443-854C2A6A4497}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Apple-programunderstøttelse (32 bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple-programunderstøttelse (64 bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Auslogics BoostSpeed 8 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 8.2.1.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.3.23 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{FBC0F617-1AA0-4483-8153-3FD97FE01D9E}) (Version: 7.0.317.4 - ESET, spol s r. o.)
f.lux (HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Flux) (Version:  - )
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.41 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Korrekturredskaber til Microsoft Office 2013 – Dansk (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Test Professional 2015 (HKLM-x32\...\{8c67b9da-a0c8-48c8-9ed7-842402eb5acd}) (Version: 14.0.23107.10 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.02.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
NVIDIA 3D Vision Controllerdriver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision-driver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.22 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Grafikdriver 368.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.22 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Orcs Must Die! Unchained (HKLM-x32\...\{8EBA33AF-48E0-4207-A4EE-96029415AD76}_is1) (Version:  - Gameforge 4D GmbH)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.)
Sanctum (HKLM-x32\...\Steam App 91600) (Version:  - Coffee Stain Studios)
Sanctum 2 © CoffeeStainStudios version 1 (HKLM-x32\...\U2FuY3R1bTI=_is1) (Version: 1 - )
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Spotify) (Version: 1.0.29.92.g67727800 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StofaWebTvPlayer (HKLM-x32\...\{5AE2ECFD-8211-44C0-87A1-564BB32FF08D}) (Version: 3.13.1.7173 - Stofa A/S)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0406-0000-0000000FF1CE}_Office15.PROPLUS_{B701A4CE-786F-4DCC-A3E3-516953F9DDE1}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3115033) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0406-0000-0000000FF1CE}_Office15.PROPLUS_{BD10518F-3463-429E-8761-0AEDCEEA6297}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\WinDirStat) (Version:  - )
Windows 10 Manager (HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\Windows 10 Manager 1.0.6) (Version: 1.0.6 - Yamicsoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3547841046-1106075004-863533779-1008_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\glny_ecnh7e4\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C920C86-BFD2-4560-BB83-B7D67D3D5D65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {12536687-72EC-4A7E-BE51-D4725FE10AB2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-24] (Dropbox, Inc.)
Task: {13EB2A1A-4A85-4F88-8BDF-631820579FD1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {18F4D03E-AE03-4521-B565-33711934AAE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {1BCA6F76-EB4D-4D79-B216-3A651DAD5CC4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
Task: {1D2EB795-4ABD-46E3-89A7-D6B4E1146A04} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit)
Task: {38B62AE6-299D-405D-B5BB-AE64BA0ED55D} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe [2016-06-07] (ESET)
Task: {4C8D0B14-F4F4-4CB5-AF1E-12DA767A86B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {565A8F5D-D238-43B5-AA45-5567A0F4C5AE} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {6AF1C191-52AB-4549-9B9B-93816998A925} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
Task: {7AE67CE8-4748-489D-AD57-398CC8CAC7A3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-24] (Dropbox, Inc.)
Task: {843EF978-BDB4-4559-A701-241467DBF2A4} - System32\Tasks\ESET Windows 10 upgrade – Perform upgrade => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe [2016-06-07] (ESET)
Task: {88D6A438-E3A1-4B58-A571-EF32E029D7CE} - System32\Tasks\AutoPico Daily Restart => C:\Users\glny\Desktop\KMSpico
Task: {935D5A09-5086-4176-BD51-991AF5C9BEDE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A44FCF48-1FF2-4A46-975F-593ADD521198} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {C4E54500-EC6B-4AB4-A896-046E3595EBE0} - System32\Tasks\Driver Booster SkipUAC (glny_ecnh7e4) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit)
Task: {DB2C4F84-6FA8-4DAE-95A8-1B3196E6A27F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-01-02] ()
Task: {DF5F1C5A-7F4A-44BE-9FFB-29BD06579EC5} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-31] (Oracle Corporation)
Task: {E1ED9CA2-6F5D-4F2F-BD66-D38015EA91B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 16:47 - 2015-09-23 16:47 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-26 19:46 - 2014-11-20 10:48 - 00242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-03-04 20:03 - 2016-05-02 07:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-04 19:29 - 2016-05-02 07:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-11 15:10 - 2016-05-02 07:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-04 20:03 - 2016-05-02 07:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-03-11 15:10 - 2016-05-02 07:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-11 15:10 - 2016-05-02 07:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-11 15:10 - 2016-05-02 07:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-04 19:29 - 2016-05-02 07:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-04 19:28 - 2016-05-20 04:08 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-13 12:08 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 12:08 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 09:00 - 2016-04-19 09:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-03-30 19:48 - 2016-05-02 07:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 19:48 - 2016-05-02 07:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-11 14:05 - 2016-03-11 14:05 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 23:46 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-15 17:38 - 2016-05-28 05:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-15 17:38 - 2016-05-28 05:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-15 17:38 - 2016-05-28 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-15 17:38 - 2016-05-28 05:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-15 22:54 - 2016-06-15 04:08 - 02364568 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.41\libglesv2.dll
2016-06-15 22:54 - 2016-06-15 04:08 - 00105624 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.41\libegl.dll
2016-04-19 09:00 - 2016-04-19 09:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:00 - 2016-04-19 09:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-04 19:29 - 2016-05-02 08:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-20 10:52 - 2016-05-25 19:03 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-13 09:51 - 2016-05-25 19:03 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-13 09:51 - 2016-05-25 19:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-13 09:51 - 2016-05-25 19:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-11-20 10:52 - 2016-05-25 19:03 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-11-20 10:52 - 2016-05-25 19:03 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-11-20 10:52 - 2016-06-11 00:58 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-13 09:51 - 2016-05-25 19:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-11-20 10:52 - 2016-06-11 00:58 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-11-20 10:52 - 2016-05-25 19:03 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-11-20 10:52 - 2016-05-25 19:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-11-20 10:52 - 2016-06-11 00:58 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-13 09:51 - 2016-05-25 19:05 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-11-20 10:52 - 2016-05-25 19:03 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-13 09:51 - 2016-05-25 19:04 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-11-20 10:52 - 2016-06-11 00:58 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-01-26 09:52 - 2016-06-11 00:58 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-13 09:51 - 2016-05-25 19:05 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-13 09:51 - 2016-06-11 00:57 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-13 09:51 - 2016-03-12 02:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-13 09:51 - 2016-06-11 00:57 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-13 09:51 - 2016-06-11 00:57 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-11-20 10:52 - 2016-05-25 19:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-13 09:51 - 2016-06-11 00:57 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-11-20 10:52 - 2016-05-25 19:05 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-03-23 09:35 - 2016-06-11 00:58 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-11-20 10:52 - 2016-06-11 00:58 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-07-27 22:06 - 2015-07-27 20:04 - 00002560 ____R () C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-12 13:11 - 2016-03-24 15:36 - 00000906 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
108.162.203.90 nxgn.org
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\glny_ecnh7e4\Desktop\11082605_1389642938022918_7442351329446981403_n.jpg
DNS Servers: 193.162.153.164 - 194.239.134.83
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "RzWizard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3547841046-1106075004-863533779-1008\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D44ABFFF-4564-4019-A5FE-5B4FC0054D3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3157BA4A-1DBF-47F8-B651-E52D00CAC5C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{80E24401-9845-4B99-A459-C0BD63D35E8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{22073FF1-688B-4F26-B8EE-9E0864B7D413}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3A087748-D6B5-4BA2-AA6D-4909A6536C6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{10443619-3E4B-4399-8C28-684CA80E47EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A057B378-FB14-4090-AB97-7C5CB51A964A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{BD47580F-5438-459A-B936-9960590CCEDE}C:\diablo iii\diablo iii.exe] => (Block) C:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{D47432A9-1888-4C5D-90B0-4C5AB325A3C8}C:\diablo iii\diablo iii.exe] => (Block) C:\diablo iii\diablo iii.exe
FirewallRules: [{5FE97452-9FF7-477F-B6A6-6ACAEC0379DA}] => (Allow) D:\Programs\Office15\UcMapi.exe
FirewallRules: [{D8B1E37E-8E37-4EBA-8202-C0AB862ABBDE}] => (Allow) D:\Programs\Office15\UcMapi.exe
FirewallRules: [{E55C6882-47EC-4093-A1D4-AC4FADAF725A}] => (Allow) D:\Programs\Office15\lync.exe
FirewallRules: [{9DC33553-3608-4CB9-9FB0-C6C56C1AA3FE}] => (Allow) D:\Programs\Office15\lync.exe
FirewallRules: [{20CD5B0C-AEE0-4514-B14B-3BBDE155EB69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{6AF418A0-95E4-4C1F-8D56-6B36CC9FFD0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sanctum\Binaries\Win32\SanctumGame-Win32-Shipping.exe
FirewallRules: [{1935A280-1365-406B-9517-77DAFC5EE584}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{8EB7786F-C63A-4E2C-9A07-EA2F8A45B651}] => (Allow) C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CA4BCE73-4877-4DD0-ABB4-7F2AC96073CC}] => (Allow) C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CAF14DB0-36C2-49BE-9262-8B77253927C4}] => (Allow) C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B493671-1B56-4F85-B922-E8F99995A781}] => (Allow) C:\Users\glny_ecnh7e4\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60DC1EA4-C9F0-4C57-AD5B-F08BB9C95F2D}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Orcs Must Die! Unchained\Binaries\Win64\SpitfireGame.exe
FirewallRules: [{09596643-117D-4CAD-AE87-CB3ED2D15BD8}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Orcs Must Die! Unchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{FE25F064-2CE7-4428-BFE5-5C93A54ABA82}] => (Allow) C:\Program Files (x86)\GameforgeLive\Games\GBR_eng\Orcs Must Die! Unchained\OMDU.exe
FirewallRules: [{7FAC8C47-FE29-4AC5-A72C-D436024D9112}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [{4D5556EC-CAF4-411A-9CAA-82479B9FFE1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{13D06D53-6C68-4FFC-8BFE-7C96139C4897}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD4BB8B8-D3BA-42DE-B684-DD031FD3401D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F586EBD-9E29-4D86-AF75-ED6793751F61}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B8A53D61-F610-4427-A15B-57638C9AF840}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{59026F19-2F07-419E-A29D-3E35BFA054C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{003F245A-C0DD-4388-A700-F0814C592B30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{006473E9-9C03-4D94-804D-C14A7DCEF522}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB1E5BC6-18A3-4756-9DA5-C4B40861D3E8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{3DB8B2E2-03DF-4C83-ADB0-E4054732EC6B}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{B588422F-A703-4A65-A307-DEE9724571B1}C:\diablo iii\diablo iii.exe] => (Allow) C:\diablo iii\diablo iii.exe
FirewallRules: [{58341F88-3B1D-4684-88CA-1D9C31A07D6A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{2AA14F86-F10C-4164-8D63-EF95822B1D14}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{B5C600A8-3B92-4309-AE68-2B70E6A58578}C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DD386B29-98C3-4292-ADA9-3749FC69C6E3}C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{26136C30-AA9C-4851-B312-F49E9DEBF558}C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8A21DEC8-691E-4529-8F70-6C4AACB0982B}C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny_ecnh7e4\appdata\roaming\spotify\spotify.exe
FirewallRules: [{541D1B82-5194-4D36-B201-D108642CC3A7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{CE4EE999-F57B-476F-A67E-4293C221B8FB}D:\utorrent\downloads\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\crack\utorrent.exe] => (Allow) D:\utorrent\downloads\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\crack\utorrent.exe
FirewallRules: [TCP Query User{CAFA0762-2A20-4F5A-8A51-C5CC63850D31}D:\utorrent\downloads\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\crack\utorrent.exe] => (Allow) D:\utorrent\downloads\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\µtorrent pro v3.4.2 build v38397 incl. crack [techtools.net]\crack\utorrent.exe
FirewallRules: [{60354B8A-3864-40D4-AFED-CD7E530256A5}] => (Allow) D:\Programs\Office15\UcMapi.exe
FirewallRules: [{68F38CC1-B8AF-41D7-80B7-9EDB27926D3A}] => (Allow) D:\Programs\Office15\UcMapi.exe
FirewallRules: [{D7E5907C-2B79-46F9-9EAC-EF1817AD03A0}] => (Allow) D:\Programs\Office15\lync.exe
FirewallRules: [{B3179BEB-5B07-4EE5-871D-AC1510EBDBBF}] => (Allow) D:\Programs\Office15\lync.exe
FirewallRules: [UDP Query User{7B52A475-F3F6-40DC-8DF1-B9948F586B97}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D2450EEE-F2BA-4CAB-A3BB-2CCC1D9D1C11}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [{64BE9FA3-3A15-4782-80F3-A08F020D8775}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{FF3D3A9E-192A-4FDD-8900-FE3641AF6003}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{FE289B05-DAEE-40A6-8953-6D072A76DD48}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{98405AA8-3A88-47B4-ABD5-9E953A5771C8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{10B47D0A-0E0B-4B74-9348-CAC584CF7AD7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{A60ED0FD-3792-4098-ADC0-6ECF927AD919}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [TCP Query User{4D0A2F75-2A3D-4A0C-B815-221FD810255F}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [UDP Query User{5DDF8D02-9230-4A9D-A780-B55C7D0D323F}C:\program files (x86)\gigabyte\@bios\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\updexe.exe
FirewallRules: [TCP Query User{375184B9-DDC3-48E5-8B0C-6A23D75620B3}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{3251FDC8-D515-4066-B4A4-CF7CAE8317AC}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{40F250A0-7BF2-4A66-94E7-71F574438552}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BDDC285A-9699-4E42-BB07-54937F074AF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0992BA33-2669-4B9D-A97C-EC7ED6B76A77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8F680593-1885-4E48-AEC5-73AD856653C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-06-2016 16:17:04 Planlagt kontrolpunkt
16-06-2016 18:01:29 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2016 06:01:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/16/2016 06:01:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Der opstod en fejl i kryptografiske tjenester under behandlingen af kaldet OnIdentity() i objektet System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery-protokol.
 
System Error:
Adgang nægtet.
.
 
Error: (06/12/2016 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: IEXPLORE.EXE, version: 11.0.10586.20, tidsstempel: 0x56541caa
Navn på modul med fejl: Flash.ocx, version: 21.0.0.242, tidsstempel: 0x57311528
Undtagelseskode: 0xc0000005
Forskydning med fejl 0x008ae14c
Proces-id 0x15d0
Programmets starttidspunkt 0xIEXPLORE.EXE0
Programsti: IEXPLORE.EXE1
Modulsti: IEXPLORE.EXE2
Rapport-id: IEXPLORE.EXE3
Fuldt navn på program med fejl: IEXPLORE.EXE4
Relativt program-id for program med fejl: IEXPLORE.EXE5
 
Error: (06/11/2016 06:44:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-0K79A3N)
Description: Aktivering af app‘en Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca mislykkedes med fejlen: -2144927149 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (06/10/2016 09:43:42 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (06/09/2016 12:38:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 78000
 
Error: (06/09/2016 12:38:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 78000
 
Error: (06/09/2016 12:38:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/09/2016 12:38:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62359
 
Error: (06/09/2016 12:38:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62359
 
 
System errors:
=============
Error: (06/17/2016 01:44:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: programspecifikkeLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Ikke tilgængeligIkke tilgængelig
 
Error: (06/16/2016 11:27:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfejl: Der opstod en fejl, da Windows skulle installere følgende opdatering 0x80073cf6: Microsoft Photos.
 
Error: (06/16/2016 06:30:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Adgang til brugerdata_5a0f2228 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
 
Error: (06/16/2016 06:30:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Lagring af brugerdata_5a0f2228 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
 
Error: (06/16/2016 06:30:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Kontaktdata_5a0f2228 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
 
Error: (06/16/2016 06:30:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Synkroniseringsvært_5a0f2228 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
 
Error: (06/16/2016 06:30:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: programspecifikkeLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (via LRPC)Ikke tilgængeligIkke tilgængelig
 
Error: (06/16/2016 03:11:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0K79A3N)
Description: standard for computerenLokalAktivering{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-0K79A3Nglny_ecnh7e4S-1-5-21-3547841046-1106075004-863533779-1008LocalHost (via LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/16/2016 03:11:15 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0K79A3N)
Description: standard for computerenLokalAktivering{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-0K79A3Nglny_ecnh7e4S-1-5-21-3547841046-1106075004-863533779-1008LocalHost (via LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/16/2016 03:11:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-0K79A3N)
Description: standard for computerenLokalAktivering{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-0K79A3Nglny_ecnh7e4S-1-5-21-3547841046-1106075004-863533779-1008LocalHost (via LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
 
CodeIntegrity:
===================================
  Date: 2016-06-16 18:32:56.927
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-20 18:18:27.831
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 14:42:41.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-11 03:55:52.782
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-09 22:24:39.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-08 22:19:03.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-15 11:41:30.482
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-14 08:56:00.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-02 01:20:10.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-04-02 01:20:10.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 8109.11 MB
Available physical RAM: 3679.64 MB
Total Virtual: 9389.11 MB
Available Virtual: 5150.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.3 GB) (Free:19.85 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:7.6 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDB75CE3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 02ABDA31)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=498 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
 
Thanks in advance and have a nice weekend!


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 21 June 2016 - 05:14 AM

Thank you for the logs :)

I noticed traces of illegal/counterfeit/pirated software on your system. Since BleepingComputer doesn't condome piracy, I'll ask you to please remove/uninstall the programs for which you do not have a valid product key. If you do not wish to uninstall these programs, please let me know and I'll go ahead and close this thread.

Once done, please provide me a fresh set of FRST logs.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 24 June 2016 - 02:06 AM

Hi glny :)

Are you still with me? Can you follow the instructions in my previous post?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 27 June 2016 - 12:20 AM

Yep, im still with you

 

Im trying to uninstall the pirated software, but the virus keeps preventing me from restarting and completing the uninstallation, so not quite ready yet



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 27 June 2016 - 07:43 AM

What is happening exactly when you try to uninstall the pirated software? Are you getting an error message? If so, what is it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 27 June 2016 - 02:07 PM

Hello again

 

I've managed to uninstall the programs in question - do i need to delete the files also?



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 27 June 2016 - 02:08 PM

Yes please, delete all the files that were associated with pirated, cracked, etc. programs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 27 June 2016 - 02:11 PM

OK, will do it right away, but it will probably take some time, I'm a pretty steady pirate my friend.

 

I'll have the logs ready for tommorrow



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 01 July 2016 - 03:57 PM

Hi glny :)

Are you still with me? Did you follow the instructions yet?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 03 July 2016 - 07:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. 

Please include a link to your topic in the Private Message. Thank you. 


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 07 July 2016 - 08:59 PM

This topic has been re-opened at the request of the person who originally posted.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 07 July 2016 - 09:02 PM

Thanks - here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Glenn (administrator) on GLENN-PC (08-07-2016 04:02:13)
Running from C:\Users\Glenn\Downloads
Loaded Profiles: Glenn (Available Profiles: Glenn)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Flux Software LLC) C:\Users\Glenn\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Yamicsoft) C:\Program Files\Yamicsoft\Windows 7 Manager\Windows7Manager.exe
(Yamicsoft) C:\Program Files\Yamicsoft\Windows 7 Manager\SmartUninstaller.exe
(Yamicsoft) C:\Program Files\Yamicsoft\Windows 7 Manager\LockSystem.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\runonceex: [Flags] => 128
HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM-x32\...\Winlogon: [Shell] C:\Windows\explorer.exe [ ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Run: [WDSM] => C:\Program Files\Yamicsoft\Windows 7 Manager\LaunchTaskCommand.exe [93264 2014-09-11] (Yamicsoft)
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2010-10-07] (Dropbox, Inc.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{39B3C324-9381-47EF-A6D7-2D6040DFB43B}: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
Tcpip\..\Interfaces\{5087354F-A399-4112-AD06-41D7BF7B4BEF}: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{AF4C26E0-2838-4BDE-834E-66B628BC23CD}: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
Tcpip\..\Interfaces\{C8DE3F82-943F-49E7-B794-2543AC1F294F}: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
Tcpip\..\Interfaces\{FB8703CE-BA66-4A4C-9E1B-DAA84B5D828A}: [DhcpNameServer] 62.44.166.197 62.44.166.69

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-2362975480-581817718-3346835720-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2362975480-581817718-3346835720-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {001EE746-A1F9-460E-80AD-269E088D6A01} hxxp://site.ebrary.com.ez.statsbiblioteket.dk:2048/lib/stats/support/plugins/ebraryRdr.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\ups9236o.default
FF NewTab:
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: Google
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.1,S: Google
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S: Google
FF Homepage: about:blank
FF Keyword.URL:
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-15] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-01-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-28] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-11-21] ()
FF Plugin HKU\S-1-5-21-2362975480-581817718-3346835720-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2362975480-581817718-3346835720-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2010-01-01]

Chrome:
=======
CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-07]
StartMenuInternet: Google Chrome - C:\USERS\GLENN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2010-11-04] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-06] (Greatis Software)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation                           )
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-03] (Duplex Secure Ltd.)
S1 SSHDRV65; C:\Windows\SysWOW64\drivers\SSHDRV65.sys [120320 2011-04-08] () [File not signed]
U2 SBKUPNT; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 03:37 - 2016-07-08 04:02 - 00013182 _____ C:\Users\Glenn\Downloads\FRST.txt
2016-07-08 03:37 - 2016-07-08 04:02 - 00000000 ____D C:\FRST
2016-07-08 03:37 - 2016-07-08 03:37 - 02390016 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64.exe
2016-07-08 03:30 - 2016-07-08 03:30 - 00000114 _____ C:\Windows\SysWOW64\Partizan.RRI
2016-07-08 02:05 - 2016-07-08 02:22 - 00073262 _____ C:\Users\Glenn\Downloads\Extras.Txt
2016-07-08 02:05 - 2016-07-08 02:21 - 00071584 _____ C:\Users\Glenn\Downloads\OTL.Txt
2016-07-08 00:58 - 2016-07-08 00:58 - 00065665 _____ C:\Users\Glenn\Downloads\Shortcut.txt
2016-07-08 00:44 - 2016-07-08 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-08 00:43 - 2016-07-08 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-08 00:42 - 2016-07-08 00:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-08 00:42 - 2016-07-08 00:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-08 00:36 - 2016-07-08 00:36 - 00000000 ____D C:\Windows\system32\SPReview
2016-07-08 00:18 - 2016-07-08 03:49 - 00113600 _____ C:\Users\Glenn\Downloads\Addition.txt
2016-07-08 00:10 - 2016-07-08 00:10 - 00380928 _____ C:\Users\Glenn\Downloads\codi3sn3.exe
2016-07-07 22:46 - 2016-07-07 22:46 - 00597304 _____ C:\Users\Glenn\Downloads\flux-setup.exe
2016-07-07 22:46 - 2016-07-07 22:46 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-07-07 22:46 - 2016-07-07 22:46 - 00000000 ____D C:\Users\Glenn\AppData\Local\FluxSoftware
2016-07-07 22:40 - 2016-07-07 22:40 - 00000000 ____D C:\Windows\pss
2016-07-07 22:35 - 2016-07-07 22:39 - 00000000 ____D C:\Windows\system32\MRT
2016-07-07 21:14 - 2016-07-07 21:14 - 00000000 ____D C:\Users\Glenn\Documents\Diablo III
2016-07-07 21:04 - 2016-07-07 21:04 - 00045056 _____ C:\Users\Glenn\Documents\BootBackup(20160707)
2016-07-07 21:01 - 2016-07-07 21:01 - 00001098 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-07-07 21:01 - 2016-07-07 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-07-07 20:56 - 2016-07-07 20:56 - 00007679 _____ C:\Users\Glenn\AppData\Local\Resmon.ResmonCfg
2016-07-07 20:54 - 2016-07-07 20:54 - 00000000 ____D C:\Users\Glenn\AppData\Local\NVIDIA Corporation
2016-07-07 20:54 - 2016-07-07 20:54 - 00000000 ____D C:\Users\Glenn\AppData\Local\NVIDIA
2016-07-07 20:54 - 2016-07-07 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-07 20:54 - 2016-06-14 22:01 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-07-07 20:54 - 2016-06-14 22:01 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-07-07 20:54 - 2016-06-14 22:01 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-07-07 20:54 - 2016-06-14 22:01 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-07-07 20:54 - 2016-06-14 22:01 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-07-07 20:28 - 2015-11-05 17:13 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-07 20:28 - 2015-11-05 17:13 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-07 20:28 - 2015-10-28 09:42 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2016-07-07 20:24 - 2016-07-07 21:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-07 20:23 - 2016-07-07 20:23 - 00000000 ____D C:\Users\Glenn\AppData\Local\Blizzard Entertainment
2016-07-07 20:22 - 2016-07-08 00:31 - 00000000 ____D C:\Users\Glenn\AppData\Local\Battle.net
2016-07-07 20:22 - 2016-07-07 20:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-07 20:22 - 2016-07-07 20:24 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Battle.net
2016-07-07 20:22 - 2016-07-07 20:22 - 00001104 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-07-07 20:22 - 2016-07-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-07 20:21 - 2016-07-07 20:21 - 03219440 _____ (Blizzard Entertainment) C:\Users\Glenn\Downloads\Diablo-III-Setup.exe
2016-07-07 20:21 - 2016-07-07 20:21 - 03219440 _____ (Blizzard Entertainment) C:\Users\Glenn\Downloads\Diablo-III-Setup(1).exe
2016-07-07 20:00 - 2016-07-07 20:00 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-07 20:00 - 2016-07-07 20:00 - 00000000 ____D C:\Intel
2016-07-07 19:52 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-07-07 19:52 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-07-07 19:52 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-07-07 19:51 - 2016-07-07 19:51 - 44984120 _____ (NVIDIA Corporation) C:\Users\Glenn\Downloads\GeForce_Experience_v2.11.4.0.exe
2016-07-07 19:48 - 2016-06-25 18:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2016-07-07 19:46 - 2016-07-07 19:46 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-07 19:46 - 2016-07-07 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-07 19:45 - 2016-07-07 19:45 - 00242232 _____ C:\Users\Glenn\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-07 15:27 - 2016-07-07 15:27 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-07 15:27 - 2016-07-07 15:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-07 01:27 - 2016-06-03 18:18 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-07 01:27 - 2016-06-03 18:10 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-07 01:27 - 2016-06-03 15:06 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-07 01:27 - 2016-05-22 15:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-07 01:27 - 2016-04-27 15:18 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-07-07 01:27 - 2016-04-27 15:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-07 01:27 - 2015-03-19 05:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-07 01:27 - 2015-03-19 04:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-07 01:27 - 2015-03-19 04:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-07 01:27 - 2014-09-15 02:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-07 01:27 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-07 01:27 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-07 01:27 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-07 01:14 - 2016-07-07 01:14 - 00003030 _____ C:\Users\Glenn\Downloads\Preacher.S01E04.HDTV.x264-KILLERS.torrent
2016-07-07 01:14 - 2016-07-06 22:33 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E04.HDTV.x264-KILLERS
2016-07-07 01:13 - 2016-07-07 01:13 - 00008747 _____ C:\Users\Glenn\Downloads\Mr.Robot.S02E00.dec0d3d.doc.1080p.WEB.h264-OmarMateen.torrent
2016-07-07 01:13 - 2016-07-07 01:13 - 00006097 _____ C:\Users\Glenn\Downloads\Dark.Matter.S02E01.720p.HDTV.x264-AVS.torrent
2016-07-07 01:10 - 2016-07-07 01:11 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E06.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL
2016-07-07 01:10 - 2016-07-07 01:11 - 00000000 ____D C:\Users\Glenn\AppData\Local\{8C5CD823-5404-4BDE-91AC-DE2BE03327EC}
2016-07-07 01:10 - 2016-07-07 01:10 - 00016941 _____ C:\Users\Glenn\Downloads\Preacher.S01E06.NORDiC.1080p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2016-07-07 01:10 - 2016-07-07 01:10 - 00013758 _____ C:\Users\Glenn\Downloads\Preacher.S01E06.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2016-07-07 01:07 - 2016-07-07 01:09 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E05.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL
2016-07-07 01:06 - 2016-07-07 01:06 - 00013998 _____ C:\Users\Glenn\Downloads\Preacher.S01E05.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2016-07-07 00:59 - 2016-07-07 00:59 - 00000000 ____D C:\Users\Glenn\AppData\Local\{4DBD659C-9A3D-4C94-8B7E-F1A95D73D519}
2016-07-07 00:53 - 2016-07-07 00:53 - 00000000 ____D C:\Users\Glenn\AppData\Local\{4E1710DE-EC2F-4E99-89FD-0B68F15B46D6}
2016-07-06 22:25 - 2016-07-06 22:25 - 30533688 _____ C:\Users\Glenn\Downloads\vlc-2.2.4-win32.exe
2016-07-06 22:25 - 2016-07-06 22:25 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-06 22:25 - 2016-07-06 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-06 22:22 - 2016-07-07 20:53 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-06 22:18 - 2016-06-30 00:44 - 10656296 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 08742032 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436869.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436869.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 00669952 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 00565392 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-07-06 22:18 - 2016-06-30 00:44 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-07-06 22:16 - 2016-07-06 22:16 - 00000000 ____D C:\NVIDIA
2016-07-06 22:14 - 2016-07-06 22:15 - 348045000 _____ (NVIDIA Corporation) C:\Users\Glenn\Downloads\368.69-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-07-06 21:30 - 2012-06-03 01:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-06 21:30 - 2012-06-03 01:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-06 21:30 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-06 21:30 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-06 21:30 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-06 21:30 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-06 21:29 - 2016-07-06 21:29 - 00370355 _____ C:\Users\Glenn\Desktop\regrunlog.txt
2016-07-06 20:34 - 2016-07-08 02:33 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-07-06 20:28 - 2016-07-08 00:06 - 00000000 ____D C:\@RestoreQuarantine
2016-07-06 20:17 - 2016-07-08 02:36 - 00000000 ____D C:\ProgramData\RegRun
2016-07-06 20:16 - 2016-07-08 02:36 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-06 20:16 - 2016-07-08 00:52 - 00000000 ____D C:\Users\Glenn\Documents\RegRun2
2016-07-06 20:16 - 2016-07-07 14:53 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\Windows\winstart.bat
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-07-06 20:16 - 2016-07-06 21:28 - 00003324 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-06 20:16 - 2016-07-06 20:16 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-07-06 20:16 - 2016-07-06 20:16 - 00000967 _____ C:\Users\Glenn\Desktop\UnHackMe.lnk
2016-07-06 20:16 - 2016-07-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-06 20:16 - 2016-06-29 00:56 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-07-06 20:16 - 2015-12-28 21:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-07-06 20:15 - 2016-07-06 20:15 - 18051441 _____ C:\Users\Glenn\Downloads\unhackme (1).zip
2016-07-06 20:14 - 2016-07-06 20:15 - 18051441 _____ C:\Users\Glenn\Downloads\unhackme.zip
2016-07-06 20:10 - 2016-07-06 20:10 - 00000000 ____D C:\Users\Glenn\AppData\Local\{DB73E293-50DF-4941-B44B-D8BE217FB584}
2016-07-06 20:08 - 2016-07-06 20:08 - 00003368 ____N C:\bootsqm.dat
2016-07-06 20:07 - 2016-07-06 20:07 - 00000000 __SHD C:\found.000
2016-07-03 05:37 - 2016-07-03 05:38 - 138617616 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\msert.exe
2016-07-03 05:17 - 2016-07-03 05:17 - 00002083 _____ C:\Users\Public\Desktop\Windows 7 Manager.lnk
2016-07-03 05:17 - 2016-07-03 05:17 - 00002072 _____ C:\Users\Public\Desktop\1-Click Cleaner.lnk
2016-07-03 05:17 - 2016-07-03 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2016-07-03 05:17 - 2016-07-03 05:17 - 00000000 ____D C:\Program Files\Yamicsoft
2016-07-03 05:15 - 2016-07-03 05:16 - 00000000 ____D C:\Users\Glenn\Desktop\ny
2016-07-03 05:14 - 2016-07-03 05:14 - 01378550 _____ (Igor Pavlov) C:\Users\Glenn\Downloads\7z1602-x64.exe
2016-07-03 05:14 - 2016-07-03 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-03 05:14 - 2016-07-03 05:14 - 00000000 ____D C:\Program Files\7-Zip
2016-07-03 05:08 - 2016-07-03 05:17 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Yamicsoft
2016-07-03 05:03 - 2016-07-03 05:03 - 00000000 ____D C:\Users\Glenn\AppData\Local\{91289F83-6362-41C6-8007-A592C8CFEF60}
2016-06-26 21:43 - 2016-06-27 06:48 - 1849748301 _____ C:\DUMP1443.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-08 03:46 - 2011-02-26 18:12 - 00000000 ____D C:\ProgramData\MAGIX
2016-07-08 03:46 - 2011-02-26 18:12 - 00000000 ____D C:\Program Files (x86)\MAGIX
2016-07-08 02:35 - 2010-11-03 13:28 - 00000000 ____D C:\Users\Glenn
2016-07-08 02:29 - 2009-07-14 04:34 - 73662464 _____ C:\Windows\system32\config\software.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 28835840 _____ C:\Windows\system32\config\system.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.rcbak
2016-07-08 00:46 - 2010-11-03 14:22 - 00453656 _____ C:\Windows\system32\perfh006.dat
2016-07-08 00:46 - 2010-11-03 14:22 - 00073504 _____ C:\Windows\system32\perfc006.dat
2016-07-08 00:44 - 2011-01-24 23:26 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-08 00:43 - 2011-01-24 23:26 - 00000000 ____D C:\ProgramData\Skype
2016-07-08 00:35 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-07 22:35 - 2009-10-14 14:51 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-07 21:01 - 2012-03-28 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
2016-07-07 20:54 - 2010-11-03 13:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-07 20:54 - 2010-11-03 13:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-07 20:54 - 2010-11-03 13:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-07 20:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-07 20:41 - 2011-05-15 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-07 20:41 - 2010-11-03 13:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-07 20:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-07 20:27 - 2011-05-15 12:22 - 00000000 ____D C:\Users\Glenn\AppData\Local\Mozilla
2016-07-07 20:22 - 2012-03-28 14:57 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-07 19:46 - 2011-05-15 12:18 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-07 19:43 - 2009-07-14 06:45 - 00490488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-07 15:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-07-07 15:07 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-07-07 02:14 - 2010-11-03 14:00 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\uTorrent
2016-07-07 01:05 - 2010-11-03 14:07 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\vlc
2016-07-07 00:53 - 2010-11-03 14:06 - 00000000 ____D C:\Program Files\WinRAR
2016-07-07 00:22 - 2010-11-03 13:31 - 00000000 ____D C:\Users\Glenn\AppData\Local\Google
2016-07-06 22:21 - 2009-07-14 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-06 21:48 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-06 21:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-06 20:29 - 2009-07-14 06:45 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-06 20:29 - 2009-07-14 06:45 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-06 20:26 - 2010-11-03 14:43 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-06 20:25 - 2011-05-25 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Monitor for Employees Pro
2016-07-06 20:09 - 2010-11-11 21:16 - 00000000 ____D C:\Users\Glenn\Tracing
2016-07-06 07:46 - 2015-07-29 22:03 - 00000000 ____D C:\Overførsler
2016-07-03 07:34 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs
2016-07-03 05:09 - 2012-03-28 22:49 - 00002384 _____ C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-03 05:09 - 2012-03-28 22:49 - 00002376 _____ C:\Users\Glenn\Desktop\Google Chrome.lnk
2016-07-03 05:07 - 2009-07-14 07:13 - 01264910 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 15:14 - 2015-07-24 04:25 - 00000000 ____D C:\Torrentfiler
2016-06-21 12:13 - 2009-10-14 14:52 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-09 13:44 - 2015-07-30 23:58 - 00000000 ___RD C:\Dropbox

==================== Files in the root of some directories =======

2010-12-28 13:00 - 2010-12-28 13:00 - 0003584 _____ () C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-07 20:56 - 2016-07-07 20:56 - 0007679 _____ () C:\Users\Glenn\AppData\Local\Resmon.ResmonCfg
2011-01-24 23:26 - 2011-01-24 23:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Files to move or delete:
====================
C:\Users\Glenn\temp.dat


Some files in TEMP:
====================
C:\Users\Glenn\AppData\Local\Temp\12-1_vista_win7_64_dd_ccc.exe
C:\Users\Glenn\AppData\Local\Temp\B8B6DE91.dll
C:\Users\Glenn\AppData\Local\Temp\D11666CE.dll
C:\Users\Glenn\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Glenn\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Glenn\AppData\Local\Temp\nvStInst.exe
C:\Users\Glenn\AppData\Local\Temp\unwise.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 01:38] - [2010-11-05 11:50] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-14 01:24] - [2010-11-05 11:50] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-08 00:01

==================== End of FRST.txt ============================



#15 glny

glny
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:06:14 AM

Posted 07 July 2016 - 09:03 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Glenn (2016-07-08 04:02:24)
Running from C:\Users\Glenn\Downloads
Windows 7 Ultimate (X64) (2010-11-03 11:22:16)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2362975480-581817718-3346835720-500 - Administrator - Disabled)
Glenn (S-1-5-21-2362975480-581817718-3346835720-1001 - Administrator - Enabled) => C:\Users\Glenn
Guest (S-1-5-21-2362975480-581817718-3346835720-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2362975480-581817718-3346835720-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Reader 9.4.4 - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-A94000000001}) (Version: 9.4.4 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 6 (HKLM-x32\...\AVS4YOU Video Converter 6_is1) (Version:  - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepBurner v1.9.0.228 (HKLM-x32\...\{2ADE2157-7A5E-122C-B51D-EB8A01B15943}) (Version:  - )
Diablo (HKLM-x32\...\Diablo) (Version:  - )
Diablo (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Diablo) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: 0.7.0.8610 - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Flux) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 9.1 (build 9.126) - FirstClass Division, Open Text Corporation.)
Google Chrome (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)
Java™ 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MAGIX Music Maker 16 Premium Download Version (HKLM-x32\...\MAGIX_MSI_mm16dlx) (Version: 16.0.2.5 - MAGIX AG)
MAGIX Music Maker 16 Premium Download Version (x32 Version: 16.0.2.5 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{C09F1573-6262-47F2-8B90-5B2290A58B12}) (Version: 6.0.1.2 - MAGIX AG)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 da) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 da)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Net Monitor for Employees Pro (HKLM-x32\...\Net Monitor for Employees Pro) (Version: 4.6.7 - EduIQ.com)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Opdatering til Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{7304A9DD-2F95-4147-8CD4-E135168C61E6}) (Version:  - Microsoft)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{0C315122-B0FA-428D-A3BB-6F6510F866FF}) (Version:  - Microsoft)
Opdatering til Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{EA60117C-C535-4A3F-AED1-C888F5114210}) (Version:  - Microsoft)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RTPatch Update (HKLM-x32\...\RTPatch_is1) (Version:  - PocketSoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StofaWebTvPlayer (HKLM-x32\...\{5AE2ECFD-8211-44C0-87A1-564BB32FF08D}) (Version: 3.13.1.7173 - Stofa A/S)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
UnHackMe 8.11 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.7.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
wGXe Data Recovery Professional (HKLM-x32\...\{FA6305CF-0E00-492C-B363-07A776B193B0}) (Version: 1.0.0.0 - wGXe SOFTWARE)
Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A647AB4-00CA-4BC0-8A8B-3FBC7C63061C} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-06-29] (Greatis Software)
Task: {6153CD04-FC91-4142-99A8-C255ADCAF335} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-04] ()
Task: {8779A5BC-D897-42E9-BF65-781FA0A9ADB2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {9A84CCFF-10F4-462F-A837-DCCA28EB3658} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Glenn\AppData\Local\Microsoft\Windows\GameExplorer\{C2B7F8B6-DA9F-4BB2-9555-2527190B8C39}\SupportTasks\1\Support.lnk -> hxxp://www.blizzard.com/ (No File)
Shortcut: C:\Users\Glenn\AppData\Local\Microsoft\Windows\GameExplorer\{C2B7F8B6-DA9F-4BB2-9555-2527190B8C39}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.blizzard.com/diablo/ (No File)
Shortcut: C:\Users\Glenn\AppData\Local\Microsoft\Windows\GameExplorer\{14657C31-986A-423D-A623-060D125539EB}\SupportTasks\1\Support.lnk -> hxxp://www.blizzard.com/ (No File)
Shortcut: C:\Users\Glenn\AppData\Local\Microsoft\Windows\GameExplorer\{14657C31-986A-423D-A623-060D125539EB}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.blizzard.com/diablo/ (No File)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.162.153.164 - 194.239.134.83
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F013D42C-E27D-4E65-8A5E-42FF0DA36E36}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2ED5F5E4-E614-4703-A291-8CA0E652A609}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{82181B86-9D8C-4386-9EE1-E5823D8F787B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2D376B2-22CD-4986-B335-FF9F24229C62}] => (Allow) LPort=2869
FirewallRules: [{5A34207D-B866-4E44-ACFB-2A6817141A65}] => (Allow) LPort=1900
FirewallRules: [{B2E3A952-2D93-43C4-A1BB-5EF212DD5831}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{5313BB4F-4901-4D34-A943-224FA4540AA4}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [UDP Query User{F0C55A65-BEE8-46D4-B609-CE7A2E520833}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{D438892F-4A79-4147-ADF3-E99BCB4F0E8D}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe
FirewallRules: [UDP Query User{EF2D9F63-5447-4BD3-B0B6-34F4E4AF0A56}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe
FirewallRules: [{AAEA7E84-41FD-4C40-A541-5BA302295B5A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{F3CFD1A7-99C0-432D-B687-8AEDCBE3470A}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{0CFBCED5-C7F3-4B77-A04D-5C70BA29C24A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA7BBAD8-0BA5-4532-A85F-6508C9FCD158}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D6875B6-87F5-488E-82CD-AA0F5537CF6C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{37DAD84D-C50A-4A8B-80C7-42DE203244AB}C:\users\glenn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\glenn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C77BC989-CE16-42F2-97CF-CD04EDDEFB1B}C:\users\glenn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\glenn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{ED22EE0E-6239-4817-A025-8176DC88A5A0}] => (Allow) C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C172D196-96C2-4FD0-81F8-9DCA87E4148B}] => (Allow) C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{63627F58-3213-49C1-913F-3AF4365F7C7F}C:\users\glenn\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\glenn\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{429DA48E-94AB-475F-AA16-993B52DC6BDD}C:\users\glenn\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\glenn\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5588A0CA-16DB-4786-B76F-698E6224C5C9}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{C92DA284-2E2A-4FB9-80FF-B1F61F9D9843}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{46879506-17F6-4C54-8CF3-8536B941F2D1}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [UDP Query User{25D63292-1F04-49D7-BBB1-E9C596664285}C:\program files (x86)\diablo\diablo.exe] => (Allow) C:\program files (x86)\diablo\diablo.exe
FirewallRules: [TCP Query User{5282CED4-71EF-46E9-981F-17EB0B0743F3}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [UDP Query User{D517C22C-678D-42A1-BB29-195206544144}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [{D93D22BE-C01C-4F32-9A4C-AED7C48C4AC0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.516\Agent.exe
FirewallRules: [{0EB562F0-325F-48D7-A7BF-0D0FAD33CFCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.516\Agent.exe
FirewallRules: [TCP Query User{69FB6D4A-F770-468B-9410-B7C98F532A70}C:\programdata\battle.net\agent\agent.516\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.516\agent.exe
FirewallRules: [UDP Query User{FF39B597-47B2-4A9A-910C-3B0FA8557F48}C:\programdata\battle.net\agent\agent.516\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.516\agent.exe
FirewallRules: [TCP Query User{F5774FDF-449A-4D45-9DC0-8AE8DB0BB018}C:\programdata\battle.net\agent\agent.1363\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [UDP Query User{CB50C86B-AE34-448E-82D9-83A024F3DB02}C:\programdata\battle.net\agent\agent.1363\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.1363\agent.exe
FirewallRules: [{16F908D0-D127-4C35-9B45-1C07602483ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C2BB44C-FBAF-44D5-A9DB-34131617AEDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C66B42F7-0644-44A9-9B2E-63A1976073E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C4BCF0CB-3BB3-4C8E-BCF5-B4F6E53A26B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DCD1AB1A-DA39-444D-93AD-8AB0FAD39C63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{811A9F35-5E20-4382-854D-D244A643285C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4482E6B4-80EE-48BD-A88F-CF1BDD358741}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1FA1F104-297A-41A7-B64E-D2D5624C2095}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5123DEDB-85DA-4BFB-AA2C-69B150905406}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{7FCB63D1-BE17-422A-93B8-EA297C6D9002}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{30AF3DA9-A960-4E6C-9535-16F834248BAD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{669757C2-4E26-4ED0-889C-F34B6D44FCE3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

08-07-2016 00:36:11 Windows 7 Service Pack 1

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2016 03:55:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/08/2016 03:30:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\PROGRA~2\UnHackMe\reanimator.exe /disi; Description = RegRun Virus Scan; Error = 0x8007043c).

Error: (07/08/2016 02:37:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)

Error: (07/08/2016 12:50:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/08/2016 12:46:52 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2742595' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\KB2742595_20160708_004429968-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (07/08/2016 12:46:40 AM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- Error 1406. Could not write value Locale to key \SOFTWARE\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (07/08/2016 12:46:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

Error: (07/08/2016 12:46:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 04:01:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.


Error: (07/08/2016 03:59:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068 = The dependency service or group failed to start.



CodeIntegrity:
===================================
  Date: 2016-07-03 07:38:06.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:38:06.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:38:06.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:38:06.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:56.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:56.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:56.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:56.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:28.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0296217.inf_amd64_5c110cd680d977f2\B296168\atikmdag.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-03 07:23:27.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0296217.inf_amd64_5c110cd680d977f2\B296168\atikmdag.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 19%
Total physical RAM: 8109.11 MB
Available physical RAM: 6522.08 MB
Total Virtual: 16216.37 MB
Available Virtual: 14736.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:32.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDB75CE3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users