Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win7 infected with returning un-verified processes


  • This topic is locked This topic is locked
4 replies to this topic

#1 HansJen

HansJen

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 17 July 2016 - 11:32 AM

Hello good fellas

 

My system is running slow and behaving strange - shutdown and restart procedures are taking forever and by using ProcessExplorer from Sysinternals, I can detect un-verified processes which im unable to kill or delete.

 

I have made some fresh FRST-logs for you to see.

 

Thanks in advance!

 

/Hans

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-07-2016 02
Ran by Glenn (administrator) on GLENN-PC (17-07-2016 18:31:17)
Running from C:\Users\Glenn\Desktop
Loaded Profiles: Glenn (Available Profiles: Glenn)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Sysinternals - www.sysinternals.com) C:\Users\Glenn\Desktop\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Glenn\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5065\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Glenn\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM-x32\...\runonceex: [Flags] => 128
HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Run: [WDSM] => C:\Program Files\Yamicsoft\Windows 7 Manager\LaunchTaskCommand.exe [93264 2014-09-11] (Yamicsoft)
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{5087354F-A399-4112-AD06-41D7BF7B4BEF}: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{FB8703CE-BA66-4A4C-9E1B-DAA84B5D828A}: [DhcpNameServer] 62.44.166.197 62.44.166.69

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM-x32 {001EE746-A1F9-460E-80AD-269E088D6A01} hxxp://site.ebrary.com.ez.statsbiblioteket.dk:2048/lib/stats/support/plugins/ebraryRdr.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Glenn\AppData\Roaming\Mozilla\Firefox\Profiles\ups9236o.default
FF NewTab:
FF DefaultSearchEngine: Google
FF DefaultSearchEngine,S: Google
FF DefaultSearchUrl:
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.1,S: Google
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S: Google
FF Homepage: about:blank
FF Keyword.URL:
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-05-15] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-05-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-01-21] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-03-28] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-11-04] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: visualon.com/voBrowserPlugin -> C:\ProgramData\VisualOn\BrowserPlugin\npStofaWebtvPlayer.dll [2014-11-21] ()
FF Plugin HKU\S-1-5-21-2362975480-581817718-3346835720-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2362975480-581817718-3346835720-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-03] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2010-01-01]

Chrome:
=======
CHR Profile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
StartMenuInternet: Google Chrome - C:\USERS\GLENN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2010-11-04] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-06] (Greatis Software)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-11-03] () [File not signed]
S1 SSHDRV65; C:\Windows\SysWOW64\drivers\SSHDRV65.sys [120320 2011-04-08] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-08] ()
U0 ttrdiw; C:\Windows\System32\drivers\alwbsqv.sys [79064 2016-07-15] (Malwarebytes)
U3 aadh5szh; C:\Windows\System32\Drivers\aadh5szh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
U2 SBKUPNT; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 18:30 - 2016-07-17 18:30 - 02391040 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64(1).exe
2016-07-16 12:12 - 2016-07-16 12:12 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-07-16 12:04 - 2013-02-04 15:10 - 00321536 _____ (CANON INC.) C:\windows\SysWOW64\CNC_BXL.dll
2016-07-16 12:04 - 2012-11-09 10:43 - 00088064 _____ C:\windows\SysWOW64\CNC176DD.TBL
2016-07-16 12:04 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2016-07-16 11:59 - 2016-07-16 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-07-16 11:59 - 2016-07-16 11:59 - 00000000 ____D C:\Users\Glenn\AppData\LocalLow\Canon Easy-WebPrint EX
2016-07-16 11:59 - 2016-07-16 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series User Registration
2016-07-16 11:59 - 2016-07-16 11:59 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2016-07-16 11:59 - 2016-07-16 11:59 - 00000000 ____D C:\Program Files\Canon
2016-07-16 11:58 - 2016-07-16 11:58 - 00002318 _____ C:\Users\Public\Desktop\Canon MG2500 series On-screen Manual.lnk
2016-07-16 11:58 - 2016-07-16 11:58 - 00000000 ___HD C:\ProgramData\CanonBJ
2016-07-16 11:58 - 2016-07-16 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2500 series Manual
2016-07-16 11:58 - 2013-03-24 05:00 - 00391168 _____ (CANON INC.) C:\windows\system32\CNMLMBX.DLL
2016-07-16 11:58 - 2013-02-04 15:12 - 00367104 _____ (CANON INC.) C:\windows\system32\CNC_BXL.dll
2016-07-16 11:58 - 2012-11-09 10:43 - 00088064 _____ C:\windows\system32\CNC176DD.TBL
2016-07-16 11:58 - 2012-11-08 13:04 - 00282624 _____ (CANON INC.) C:\windows\system32\CNC_BXC.dll
2016-07-16 11:58 - 2012-11-08 13:03 - 00106496 _____ (CANON INC.) C:\windows\system32\CNC_BXI.dll
2016-07-16 11:58 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\windows\system32\CNHMCA6.dll
2016-07-16 11:57 - 2016-07-16 11:58 - 00000000 ___HD C:\Program Files\CanonBJ
2016-07-16 11:56 - 2016-07-16 12:04 - 00000000 ____D C:\Program Files (x86)\Canon
2016-07-16 11:55 - 2016-07-16 11:55 - 49446448 _____ C:\Users\Glenn\Downloads\win-mg2500-1_1-mcd.exe
2016-07-15 18:57 - 2016-07-15 18:57 - 00468480 _____ () C:\Users\Glenn\Downloads\CKScanner(1).exe
2016-07-15 18:07 - 2016-07-15 18:59 - 00000127 _____ C:\Users\Glenn\Downloads\ckfiles.txt
2016-07-15 18:04 - 2016-07-15 18:05 - 00468480 _____ () C:\Users\Glenn\Downloads\CKScanner.exe
2016-07-15 17:18 - 2016-02-05 08:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\Glenn\Desktop\procexp.exe
2016-07-15 17:18 - 2016-02-05 08:03 - 00072154 _____ C:\Users\Glenn\Desktop\procexp.chm
2016-07-15 17:18 - 2015-10-27 08:32 - 00007490 _____ C:\Users\Glenn\Desktop\Eula.txt
2016-07-15 17:16 - 2016-07-15 17:17 - 01270466 _____ C:\Users\Glenn\Downloads\ProcessExplorer.zip
2016-07-15 16:43 - 2016-07-15 17:50 - 00000000 ____D C:\Users\Glenn\Downloads\Embrace.of.the.Serpent.2015.LIMITED.1080p.BluRay.x264-DEPTH
2016-07-15 16:22 - 2016-07-15 16:22 - 00079064 _____ (Malwarebytes) C:\windows\system32\Drivers\alwbsqv.sys
2016-07-15 14:46 - 2016-07-15 14:46 - 00096016 _____ C:\Users\Glenn\Documents\cc_20160715_144630.reg
2016-07-15 14:30 - 2016-07-15 14:30 - 00015128 _____ C:\Users\Glenn\Downloads\mr-robot-second-season_english-1371410.zip
2016-07-15 03:31 - 2016-07-15 03:31 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-15 03:31 - 2016-07-15 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-07-15 03:30 - 2016-07-15 03:31 - 02182248 _____ C:\Users\Glenn\Downloads\winrar-x64-54b3.exe
2016-07-15 03:30 - 2016-07-15 03:31 - 01962216 _____ C:\Users\Glenn\Downloads\wrar54b3.exe
2016-07-15 03:29 - 2016-07-15 03:32 - 00000022 _____ C:\Users\Glenn\Downloads\mr-robot-second-season_english-1371399.zip
2016-07-15 03:25 - 2016-07-15 14:29 - 00000000 ____D C:\Users\Glenn\Downloads\Mr.Robot.S02E02.INTERNAL.720p.HDTV.x264-KILLERS
2016-07-15 03:25 - 2016-07-15 03:30 - 00000000 ____D C:\Users\Glenn\Downloads\Mr.Robot.S02E01.720p.HDTV.x264-KILLERS
2016-07-15 03:25 - 2016-07-15 03:25 - 00004770 _____ C:\Users\Glenn\Downloads\Mr.Robot.S02E02.INTERNAL.720p.HDTV.x264-KILLERS.torrent
2016-07-15 03:24 - 2016-07-15 03:24 - 00004577 _____ C:\Users\Glenn\Downloads\Mr.Robot.S02E01.720p.HDTV.x264-KILLERS.torrent
2016-07-14 19:45 - 2016-07-14 19:45 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-14 19:45 - 2016-05-04 04:23 - 00129824 _____ C:\windows\SysWOW64\vulkan-1.dll
2016-07-14 19:45 - 2016-05-04 04:22 - 00130848 _____ C:\windows\system32\vulkan-1.dll
2016-07-14 19:45 - 2016-05-04 04:22 - 00045344 _____ C:\windows\system32\vulkaninfo.exe
2016-07-14 19:45 - 2016-05-04 04:22 - 00040224 _____ C:\windows\SysWOW64\vulkaninfo.exe
2016-07-14 19:44 - 2016-07-11 01:17 - 00547896 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2016-07-14 19:44 - 2016-07-11 01:17 - 00081856 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2016-07-14 19:43 - 2016-07-14 19:44 - 00000000 ____D C:\windows\LastGood
2016-07-14 19:42 - 2016-07-11 04:13 - 39977920 _____ C:\windows\system32\nvcompiler.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 35115968 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 31640512 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 25414080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 17321352 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 13581880 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-07-14 19:42 - 2016-07-11 04:13 - 10691632 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 10656112 _____ C:\windows\system32\nvptxJitCompiler.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 10234336 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 09020656 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 08742360 _____ C:\windows\SysWOW64\nvptxJitCompiler.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 08615336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 03542072 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 03099072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 01939000 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436881.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 01571776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436881.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 01001016 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00930360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00909880 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00852024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00694672 _____ C:\windows\system32\nvfatbinaryLoader.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00583736 _____ C:\windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00544120 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00490744 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00459320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00444472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00406064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00394808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00177952 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00155768 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00153416 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2016-07-14 19:42 - 2016-07-11 04:13 - 00131584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2016-07-14 19:37 - 2016-07-14 19:38 - 00000000 ____D C:\Users\Glenn\AppData\Local\NVIDIA
2016-07-14 19:37 - 2016-07-14 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-14 19:37 - 2016-06-14 22:01 - 01767944 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2016-07-14 19:37 - 2016-06-14 22:01 - 01756424 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2016-07-14 19:37 - 2016-06-14 22:01 - 01377800 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2016-07-14 19:37 - 2016-06-14 22:01 - 01316184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2016-07-14 19:37 - 2016-06-14 22:01 - 00112216 _____ C:\windows\system32\NvRtmpStreamer64.dll
2016-07-14 19:36 - 2016-04-14 07:38 - 00113216 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2016-07-14 19:36 - 2016-04-14 07:38 - 00102976 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2016-07-14 19:36 - 2016-04-14 07:38 - 00056384 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2016-07-14 19:35 - 2016-07-14 19:35 - 44984120 _____ (NVIDIA Corporation) C:\Users\Glenn\Downloads\GeForce_Experience_v2.11.4.0(1).exe
2016-07-14 06:00 - 2016-07-15 03:32 - 00046949 _____ C:\Users\Glenn\Desktop\Mr. Robot - 02x01 - eps2.0_unm4sk-pt1.tc.KILLERS.English.HI.C.orig.Addic7ed.com.srt
2016-07-13 21:38 - 2016-07-13 21:41 - 00000000 ____D C:\Users\Glenn\Downloads\London.Has.Fallen.2016.DKSubs.1080p.WEB-DL.X264.AC3-UNiTAiL
2016-07-13 20:27 - 2016-07-13 20:31 - 00000000 ____D C:\Users\Glenn\Downloads\London.Has.Fallen.2016.DKSubs.BLUR.720p.HDRip.x264-UNiTAiL
2016-07-13 20:14 - 2016-07-13 20:14 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E07.NORDiC.1080p.WEB-DL.DD5.1.H.264-DBRETAiL
2016-07-13 07:11 - 2016-07-13 07:15 - 00000000 ____D C:\windows\Microsoft Antimalware
2016-07-12 22:10 - 2016-07-15 14:47 - 00000000 ____D C:\Program Files\CCleaner
2016-07-12 22:10 - 2016-07-12 22:10 - 00002790 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-07-12 22:10 - 2016-07-12 22:10 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-12 22:10 - 2016-07-12 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-12 22:09 - 2016-07-12 22:09 - 07991656 _____ (Piriform Ltd) C:\Users\Glenn\Downloads\ccsetup519.exe
2016-07-10 22:40 - 2016-07-10 22:45 - 29360128 _____ C:\windows\system32\config\systme
2016-07-10 22:32 - 2016-07-10 22:32 - 00396403 __RSH C:\JTWRB
2016-07-10 22:15 - 2016-07-10 22:49 - 00000000 ____D C:\Windows10Upgrade
2016-07-10 22:15 - 2016-07-10 22:15 - 05792848 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\Windows10Upgrade9194.exe
2016-07-10 22:15 - 2016-07-10 22:15 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-07-10 22:15 - 2016-07-10 22:15 - 00000682 _____ C:\Users\Glenn\Desktop\Windows 10 Upgrade Assistant.lnk
2016-07-10 22:15 - 2016-07-10 22:15 - 00000000 ___HD C:\$GetCurrent
2016-07-10 21:51 - 2016-07-10 21:51 - 00918695 _____ C:\Users\Glenn\Desktop\New Text Document.txt
2016-07-10 21:51 - 2016-07-10 21:50 - 00918698 _____ C:\Users\Glenn\Desktop\cbs.txt
2016-07-10 20:57 - 2016-07-15 17:06 - 00027214 _____ C:\Users\Glenn\Desktop\Addition.txt
2016-07-10 20:34 - 2016-07-10 20:34 - 00001035 _____ C:\Users\Glenn\Desktop\mb.txt
2016-07-10 20:31 - 2016-07-10 20:50 - 00000000 ____D C:\EEK
2016-07-10 20:29 - 2016-07-10 20:30 - 242763376 _____ C:\Users\Glenn\Desktop\EmsisoftEmergencyKit(3).exe
2016-07-10 20:24 - 2016-07-17 18:30 - 02391040 _____ (Farbar) C:\Users\Glenn\Desktop\FRST64(1).exe
2016-07-10 20:13 - 2016-07-10 20:13 - 02390528 _____ (Farbar) C:\Users\Glenn\Downloads\FRST64.exe
2016-07-10 20:12 - 2016-07-10 20:13 - 242763376 _____ C:\Users\Glenn\Downloads\EmsisoftEmergencyKit(2).exe
2016-07-10 20:09 - 2016-07-17 18:31 - 00015042 _____ C:\Users\Glenn\Desktop\FRST.txt
2016-07-10 20:09 - 2016-07-10 20:09 - 00000000 ____D C:\Users\Glenn\Desktop\Bleeping
2016-07-09 03:06 - 2016-07-09 03:06 - 00000000 ____D C:\windows\system32\SPReview
2016-07-08 15:33 - 2016-07-15 14:51 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-08 15:33 - 2016-07-08 15:34 - 248410960 _____ C:\Users\Glenn\Downloads\EmsisoftEmergencyKit(1).exe
2016-07-08 15:32 - 2016-07-08 15:32 - 22851472 _____ (Malwarebytes ) C:\Users\Glenn\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-08 15:32 - 2016-07-08 15:32 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-08 15:32 - 2016-07-08 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-08 15:32 - 2016-07-08 15:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-08 15:32 - 2016-07-08 15:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-08 15:32 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-08 15:32 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-08 15:32 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-08 14:28 - 2016-07-08 14:29 - 248410960 _____ C:\Users\Glenn\Downloads\EmsisoftEmergencyKit.exe
2016-07-08 07:20 - 2016-07-08 07:20 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\SUPERAntiSpyware.com
2016-07-08 07:20 - 2016-07-08 07:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-07-08 07:19 - 2016-07-08 07:19 - 26537944 _____ (SUPERAntiSpyware) C:\Users\Glenn\Downloads\SUPERAntiSpyware.exe
2016-07-08 06:56 - 2016-07-08 07:07 - 00021213 _____ C:\Users\Glenn\Desktop\attach.txt
2016-07-08 06:56 - 2016-07-08 07:07 - 00012475 _____ C:\Users\Glenn\Desktop\dds.txt
2016-07-08 06:55 - 2016-07-08 06:55 - 00688992 ____R (Swearware) C:\Users\Glenn\Downloads\dds.com
2016-07-08 06:49 - 2016-07-08 06:49 - 19921992 _____ C:\Users\Glenn\Downloads\RogueKiller(1).exe
2016-07-08 06:18 - 2016-07-15 14:43 - 00000000 ____D C:\AdwCleaner
2016-07-08 06:17 - 2016-07-08 06:18 - 03712064 _____ C:\Users\Glenn\Desktop\AdwCleaner.exe
2016-07-08 06:15 - 2016-07-15 14:42 - 00001862 _____ C:\Users\Glenn\Desktop\JRT.txt
2016-07-08 06:06 - 2016-07-08 06:06 - 01610560 _____ (Malwarebytes) C:\Users\Glenn\Desktop\JRT.exe
2016-07-08 05:47 - 2016-07-08 07:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-08 05:41 - 2016-07-10 21:14 - 00001191 _____ C:\Users\Glenn\Desktop\Fixlog.txt
2016-07-08 04:48 - 2016-07-08 04:49 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Glenn\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-07-08 04:46 - 2016-07-08 13:55 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-08 04:46 - 2016-07-08 04:46 - 19921992 _____ C:\Users\Glenn\Downloads\RogueKiller.exe
2016-07-08 04:46 - 2016-07-08 04:46 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-08 04:37 - 2016-07-08 04:37 - 00020421 _____ C:\ComboFix.txt
2016-07-08 04:33 - 2016-07-08 04:33 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Glenn\Downloads\tdsskiller.exe
2016-07-08 04:29 - 2016-07-08 04:37 - 00000000 ____D C:\Qoobox
2016-07-08 04:29 - 2016-07-08 04:36 - 00000000 ____D C:\windows\erdnt
2016-07-08 04:29 - 2016-07-08 04:29 - 05659337 ____R (Swearware) C:\Users\Glenn\Downloads\ComboFix.exe
2016-07-08 04:29 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2016-07-08 04:29 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2016-07-08 04:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-07-08 04:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-07-08 04:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-07-08 04:29 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2016-07-08 04:29 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2016-07-08 04:29 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2016-07-08 04:11 - 2016-07-08 13:54 - 00000000 ____D C:\Users\Glenn\Downloads\backups
2016-07-08 04:09 - 2016-07-08 04:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Glenn\Downloads\HijackThis.exe
2016-07-08 03:37 - 2016-07-17 18:31 - 00000000 ____D C:\FRST
2016-07-08 03:37 - 2016-07-10 20:16 - 00039082 _____ C:\Users\Glenn\Downloads\FRST.txt
2016-07-08 02:05 - 2016-07-08 02:22 - 00073262 _____ C:\Users\Glenn\Downloads\Extras.Txt
2016-07-08 02:05 - 2016-07-08 02:21 - 00071584 _____ C:\Users\Glenn\Downloads\OTL.Txt
2016-07-08 00:58 - 2016-07-08 00:58 - 00065665 _____ C:\Users\Glenn\Downloads\Shortcut.txt
2016-07-08 00:43 - 2016-07-08 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-08 00:42 - 2016-07-08 00:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-08 00:42 - 2016-07-08 00:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-08 00:18 - 2016-07-10 20:16 - 00386583 _____ C:\Users\Glenn\Downloads\Addition.txt
2016-07-08 00:10 - 2016-07-08 00:10 - 00380928 _____ C:\Users\Glenn\Downloads\codi3sn3.exe
2016-07-07 22:46 - 2016-07-07 22:46 - 00597304 _____ C:\Users\Glenn\Downloads\flux-setup.exe
2016-07-07 22:46 - 2016-07-07 22:46 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-07-07 22:46 - 2016-07-07 22:46 - 00000000 ____D C:\Users\Glenn\AppData\Local\FluxSoftware
2016-07-07 22:40 - 2016-07-07 22:40 - 00000000 ____D C:\windows\pss
2016-07-07 22:35 - 2016-07-14 19:22 - 00000000 ____D C:\windows\system32\MRT
2016-07-07 21:14 - 2016-07-07 21:14 - 00000000 ____D C:\Users\Glenn\Documents\Diablo III
2016-07-07 21:04 - 2016-07-07 21:04 - 00045056 _____ C:\Users\Glenn\Documents\BootBackup(20160707)
2016-07-07 21:01 - 2016-07-07 21:01 - 00001098 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-07-07 21:01 - 2016-07-07 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-07-07 20:56 - 2016-07-14 19:49 - 00007684 _____ C:\Users\Glenn\AppData\Local\Resmon.ResmonCfg
2016-07-07 20:54 - 2016-07-14 19:37 - 00000000 ____D C:\Users\Glenn\AppData\Local\NVIDIA Corporation
2016-07-07 20:28 - 2016-07-11 01:17 - 01762752 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2016-07-07 20:28 - 2016-07-11 01:17 - 01364536 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2016-07-07 20:28 - 2016-07-07 19:03 - 07211925 _____ C:\windows\system32\nvcoproc.bin
2016-07-07 20:24 - 2016-07-07 21:30 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-07 20:23 - 2016-07-07 20:23 - 00000000 ____D C:\Users\Glenn\AppData\Local\Blizzard Entertainment
2016-07-07 20:22 - 2016-07-17 18:28 - 00000000 ____D C:\Users\Glenn\AppData\Local\Battle.net
2016-07-07 20:22 - 2016-07-17 00:29 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-07 20:22 - 2016-07-07 20:24 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Battle.net
2016-07-07 20:22 - 2016-07-07 20:22 - 00001104 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-07-07 20:22 - 2016-07-07 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-07-07 20:21 - 2016-07-07 20:21 - 03219440 _____ (Blizzard Entertainment) C:\Users\Glenn\Downloads\Diablo-III-Setup.exe
2016-07-07 20:21 - 2016-07-07 20:21 - 03219440 _____ (Blizzard Entertainment) C:\Users\Glenn\Downloads\Diablo-III-Setup(1).exe
2016-07-07 20:00 - 2016-07-07 20:00 - 00000000 ____D C:\Program Files (x86)\Intel
2016-07-07 20:00 - 2016-07-07 20:00 - 00000000 ____D C:\Intel
2016-07-07 19:51 - 2016-07-07 19:51 - 44984120 _____ (NVIDIA Corporation) C:\Users\Glenn\Downloads\GeForce_Experience_v2.11.4.0.exe
2016-07-07 19:48 - 2016-06-25 18:03 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\EOSNotify.exe
2016-07-07 19:46 - 2016-07-07 19:46 - 00001107 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-07 19:46 - 2016-07-07 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-07 19:45 - 2016-07-07 19:45 - 00242232 _____ C:\Users\Glenn\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-07 15:27 - 2016-07-07 15:27 - 00000000 ___SD C:\windows\system32\CompatTel
2016-07-07 15:27 - 2016-07-07 15:27 - 00000000 ____D C:\windows\system32\appraiser
2016-07-07 01:27 - 2016-06-03 18:18 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-07 01:27 - 2016-06-03 18:10 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-07 01:27 - 2016-06-03 15:06 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-07 01:27 - 2016-05-26 15:07 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-07 01:27 - 2016-05-22 15:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-07 01:27 - 2016-04-27 15:18 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-07-07 01:27 - 2016-04-27 15:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-07 01:27 - 2015-03-19 05:07 - 05503416 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-07-07 01:27 - 2015-03-19 04:57 - 03963320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-07-07 01:27 - 2015-03-19 04:57 - 03908024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-07-07 01:27 - 2014-09-15 02:44 - 03195392 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-07 01:27 - 2013-03-19 07:54 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-07-07 01:27 - 2013-03-19 06:53 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-07-07 01:27 - 2013-03-19 05:19 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-07-07 01:14 - 2016-07-06 22:33 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E04.HDTV.x264-KILLERS
2016-07-07 01:10 - 2016-07-07 01:11 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E06.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL
2016-07-07 01:07 - 2016-07-07 01:09 - 00000000 ____D C:\Users\Glenn\Downloads\Preacher.S01E05.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL
2016-07-06 22:25 - 2016-07-06 22:25 - 30533688 _____ C:\Users\Glenn\Downloads\vlc-2.2.4-win32.exe
2016-07-06 22:25 - 2016-07-06 22:25 - 00001026 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-06 22:25 - 2016-07-06 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-07-06 22:22 - 2016-07-14 19:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-06 22:18 - 2016-06-30 00:44 - 01922616 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436869.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 01571776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436869.dll
2016-07-06 22:18 - 2016-06-30 00:44 - 00000594 _____ C:\windows\SysWOW64\nv-vk32.json
2016-07-06 22:18 - 2016-06-30 00:44 - 00000594 _____ C:\windows\system32\nv-vk64.json
2016-07-06 22:14 - 2016-07-06 22:15 - 348045000 _____ (NVIDIA Corporation) C:\Users\Glenn\Downloads\368.69-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-07-06 21:30 - 2012-06-03 01:19 - 00186752 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-07-06 21:30 - 2012-06-03 01:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-07-06 21:30 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-07-06 21:30 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-07-06 21:30 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-07-06 21:30 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-07-06 21:30 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-07-06 21:29 - 2016-07-06 21:29 - 00370355 _____ C:\Users\Glenn\Desktop\regrunlog.txt
2016-07-06 20:34 - 2016-07-14 19:28 - 00000250 _____ C:\windows\SysWOW64\PARTIZAN.TXT
2016-07-06 20:28 - 2016-07-08 00:06 - 00000000 ____D C:\@RestoreQuarantine
2016-07-06 20:17 - 2016-07-14 19:29 - 00000000 ____D C:\ProgramData\RegRun
2016-07-06 20:16 - 2016-07-13 08:34 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-06 20:16 - 2016-07-08 00:52 - 00000000 ____D C:\Users\Glenn\Documents\RegRun2
2016-07-06 20:16 - 2016-07-07 14:53 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\windows\winstart.bat
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\windows\SysWOW64\CONFIG.NT
2016-07-06 20:16 - 2016-07-06 21:32 - 00000002 RSHOT C:\windows\SysWOW64\AUTOEXEC.NT
2016-07-06 20:16 - 2016-07-06 21:28 - 00003324 _____ C:\windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-06 20:16 - 2016-07-06 20:16 - 00040304 _____ (Greatis Software) C:\windows\SysWOW64\Drivers\Partizan.sys
2016-07-06 20:16 - 2016-07-06 20:16 - 00000967 _____ C:\Users\Glenn\Desktop\UnHackMe.lnk
2016-07-06 20:16 - 2016-07-06 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-06 20:16 - 2016-06-29 00:56 - 00015016 _____ (Greatis Software, LLC.) C:\windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-07-06 20:16 - 2015-12-28 21:32 - 00049968 _____ (Greatis Software) C:\windows\system32\partizan.exe
2016-07-06 20:15 - 2016-07-06 20:15 - 18051441 _____ C:\Users\Glenn\Downloads\unhackme (1).zip
2016-07-06 20:14 - 2016-07-06 20:15 - 18051441 _____ C:\Users\Glenn\Downloads\unhackme.zip
2016-07-06 20:07 - 2016-07-06 20:07 - 00000000 ____D C:\found.000
2016-07-03 05:37 - 2016-07-03 05:38 - 138617616 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\msert.exe
2016-07-03 05:17 - 2016-07-03 05:17 - 00002083 _____ C:\Users\Public\Desktop\Windows 7 Manager.lnk
2016-07-03 05:17 - 2016-07-03 05:17 - 00002072 _____ C:\Users\Public\Desktop\1-Click Cleaner.lnk
2016-07-03 05:17 - 2016-07-03 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Manager
2016-07-03 05:17 - 2016-07-03 05:17 - 00000000 ____D C:\Program Files\Yamicsoft
2016-07-03 05:14 - 2016-07-03 05:14 - 01378550 _____ (Igor Pavlov) C:\Users\Glenn\Downloads\7z1602-x64.exe
2016-07-03 05:14 - 2016-07-03 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-03 05:14 - 2016-07-03 05:14 - 00000000 ____D C:\Program Files\7-Zip
2016-07-03 05:08 - 2016-07-03 05:17 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Yamicsoft
2016-06-26 21:43 - 2016-06-27 06:48 - 1849748301 _____ C:\DUMP1443.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-17 17:11 - 2009-07-14 06:45 - 00005872 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-17 17:11 - 2009-07-14 06:45 - 00005872 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-16 12:04 - 2009-07-14 05:20 - 00000000 __RSD C:\windows\Media
2016-07-16 11:59 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-07-16 11:57 - 2015-10-19 19:41 - 00000000 ____D C:\Users\Glenn\AppData\Local\ElevatedDiagnostics
2016-07-15 22:12 - 2010-11-03 14:07 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\vlc
2016-07-15 20:41 - 2010-11-03 14:00 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\uTorrent
2016-07-15 18:56 - 2015-07-29 22:03 - 00000000 ____D C:\Overførsler
2016-07-15 18:56 - 2015-07-24 04:25 - 00000000 ____D C:\Torrentfiler
2016-07-15 14:45 - 2011-04-07 10:42 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Azureus
2016-07-15 14:45 - 2010-11-11 21:16 - 00000000 ____D C:\Users\Glenn\Tracing
2016-07-15 14:45 - 2010-11-03 13:44 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\DAEMON Tools Lite
2016-07-15 14:44 - 2009-10-14 15:08 - 00000000 ____D C:\windows\Panther
2016-07-15 03:31 - 2010-11-03 14:06 - 00000000 ____D C:\Program Files\WinRAR
2016-07-14 19:45 - 2010-11-03 13:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-14 19:43 - 2010-11-03 13:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-14 19:38 - 2010-11-03 13:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-14 19:37 - 2010-11-03 13:37 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-14 19:28 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-14 19:22 - 2009-10-14 14:51 - 144749672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-12 22:08 - 2009-07-14 07:32 - 00032768 _____ C:\windows\system32\config\BCD-Template
2016-07-11 09:02 - 2010-11-03 22:17 - 00008192 __RSH C:\BOOTSECT.BAK
2016-07-11 04:13 - 2015-11-10 02:51 - 19220352 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2016-07-11 04:13 - 2015-11-10 02:51 - 16790552 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2016-07-11 04:13 - 2015-11-10 02:47 - 14371384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2016-07-11 04:13 - 2015-11-10 02:44 - 03840096 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2016-07-11 04:13 - 2015-11-10 02:44 - 03393576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2016-07-11 04:13 - 2011-12-05 22:02 - 00213952 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2016-07-11 04:13 - 2011-12-05 22:02 - 00203320 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2016-07-11 04:13 - 2010-11-03 13:36 - 00039124 _____ C:\windows\system32\nvinfo.pb
2016-07-11 01:17 - 2011-02-23 01:39 - 06384064 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2016-07-11 01:17 - 2011-02-23 01:39 - 02465848 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2016-07-11 01:17 - 2011-02-23 01:38 - 00392128 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2016-07-11 01:17 - 2010-10-16 14:13 - 00071224 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2016-07-10 21:06 - 2010-11-09 14:42 - 00000000 ____D C:\Users\Glenn\AppData\Roaming\Dropbox
2016-07-10 21:05 - 2011-04-08 19:49 - 00000000 ____D C:\Program Files (x86)\Diablo
2016-07-09 03:20 - 2010-11-03 14:22 - 00453656 _____ C:\windows\system32\perfh006.dat
2016-07-09 03:20 - 2010-11-03 14:22 - 00073504 _____ C:\windows\system32\perfc006.dat
2016-07-09 03:11 - 2012-03-28 16:51 - 00000000 ____D C:\windows\rescache
2016-07-09 03:03 - 2011-04-05 13:17 - 00000039 _____ C:\windows\vbaddin.ini
2016-07-08 07:03 - 2011-01-24 23:26 - 00000000 ____D C:\ProgramData\Skype
2016-07-08 05:49 - 2010-11-03 14:43 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-07-08 05:42 - 2010-11-05 14:19 - 00000000 ___SD C:\Users\Glenn\AppData\LocalLow\Temp
2016-07-08 05:41 - 2010-11-03 13:28 - 00000000 ____D C:\Users\Glenn
2016-07-08 05:22 - 2009-07-14 05:20 - 00000000 ____D C:\windows\AppCompat
2016-07-08 04:35 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2016-07-08 03:46 - 2011-02-26 18:12 - 00000000 ____D C:\ProgramData\MAGIX
2016-07-08 03:46 - 2011-02-26 18:12 - 00000000 ____D C:\Program Files (x86)\MAGIX
2016-07-08 02:29 - 2009-07-14 04:34 - 73662464 _____ C:\windows\system32\config\software.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 28835840 _____ C:\windows\system32\config\system.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\security.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\sam.rcbak
2016-07-08 02:29 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\default.rcbak
2016-07-08 00:35 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-07 21:01 - 2012-03-28 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
2016-07-07 20:41 - 2011-05-15 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-07 20:27 - 2011-05-15 12:22 - 00000000 ____D C:\Users\Glenn\AppData\Local\Mozilla
2016-07-07 20:22 - 2012-03-28 14:57 - 00000000 ____D C:\ProgramData\Battle.net
2016-07-07 19:46 - 2011-05-15 12:18 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-07 19:43 - 2009-07-14 06:45 - 00490488 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-07 15:07 - 2009-07-14 04:34 - 00000478 _____ C:\windows\win.ini
2016-07-07 00:22 - 2010-11-03 13:31 - 00000000 ____D C:\Users\Glenn\AppData\Local\Google
2016-07-06 22:21 - 2009-07-14 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-07-06 21:48 - 2009-07-14 05:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-07-06 21:24 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration
2016-07-06 20:25 - 2011-05-25 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Monitor for Employees Pro
2016-07-03 07:34 - 2009-07-14 05:20 - 00000000 ____D C:\PerfLogs
2016-07-03 05:09 - 2012-03-28 22:49 - 00002384 _____ C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-03 05:09 - 2012-03-28 22:49 - 00002376 _____ C:\Users\Glenn\Desktop\Google Chrome.lnk
2016-07-03 05:07 - 2009-07-14 07:13 - 01264910 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-21 12:13 - 2009-10-14 14:52 - 00485032 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-12-28 13:00 - 2010-12-28 13:00 - 0003584 _____ () C:\Users\Glenn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-07 20:56 - 2016-07-14 19:49 - 0007684 _____ () C:\Users\Glenn\AppData\Local\Resmon.ResmonCfg
2011-01-24 23:26 - 2011-01-24 23:26 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Glenn\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Glenn\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-08 00:01

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 02
Ran by Glenn (2016-07-17 18:31:53)
Running from C:\Users\Glenn\Desktop
Windows 7 Ultimate (X64) (2010-11-03 11:22:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2362975480-581817718-3346835720-500 - Administrator - Disabled)
Glenn (S-1-5-21-2362975480-581817718-3346835720-1001 - Administrator - Enabled) => C:\Users\Glenn
Guest (S-1-5-21-2362975480-581817718-3346835720-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2362975480-581817718-3346835720-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)
Adobe Reader 9.4.4 - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-A94000000001}) (Version: 9.4.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version:  - Infinity Ward)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
f.lux (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Flux) (Version:  - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 9.1 (build 9.126) - FirstClass Division, Open Text Corporation.)
Google Chrome (HKU\S-1-5-21-2362975480-581817718-3346835720-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.)
Java™ 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 da) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 da)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RTPatch Update (HKLM-x32\...\RTPatch_is1) (Version:  - PocketSoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{679F739E-5C76-4A41-B562-F9392156B6DD}) (Version: 4.4.21.0 - Husdawg, LLC)
UnHackMe 8.11 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows 7 Manager (HKLM\...\{C7534E78-48F0-4E13-A919-A19330CA79B2}) (Version: 5.0.5 - Yamicsoft)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.40 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2362975480-581817718-3346835720-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A647AB4-00CA-4BC0-8A8B-3FBC7C63061C} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-06-29] (Greatis Software)
Task: {41ABECED-2ABE-4516-83FC-879B4DD53058} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6153CD04-FC91-4142-99A8-C255ADCAF335} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {9A84CCFF-10F4-462F-A837-DCCA28EB3658} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {A90075AD-FB18-44E4-BE40-36CFCDDBE7D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-07-14 01:57 - 2009-07-14 03:40 - 00069120 _____ () C:\windows\system32\BWContextHandler.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 01371624 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
2016-07-07 20:28 - 2016-07-11 01:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-14 19:36 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 00293040 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\ortp.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 37241856 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\libcef.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\libEGL.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\libGLESv2.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\libglesv2.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\libegl.dll
2016-07-07 20:22 - 2016-07-07 20:22 - 00984576 _____ () C:\Program Files (x86)\Battle.net\Battle.net.7575\ffmpegsumo.dll
2016-07-07 21:00 - 2016-07-07 21:00 - 06248448 _____ () C:\Program Files (x86)\Diablo III\Bnet\battle.net.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-07-10 22:17 - 00000067 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 validation.sls.microsoft.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2362975480-581817718-3346835720-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.162.153.164 - 194.239.134.83
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F013D42C-E27D-4E65-8A5E-42FF0DA36E36}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{2ED5F5E4-E614-4703-A291-8CA0E652A609}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{82181B86-9D8C-4386-9EE1-E5823D8F787B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D2D376B2-22CD-4986-B335-FF9F24229C62}] => (Allow) LPort=2869
FirewallRules: [{5A34207D-B866-4E44-ACFB-2A6817141A65}] => (Allow) LPort=1900
FirewallRules: [{B2E3A952-2D93-43C4-A1BB-5EF212DD5831}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0CFBCED5-C7F3-4B77-A04D-5C70BA29C24A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA7BBAD8-0BA5-4532-A85F-6508C9FCD158}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D6875B6-87F5-488E-82CD-AA0F5537CF6C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{37DAD84D-C50A-4A8B-80C7-42DE203244AB}C:\users\glenn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\glenn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C77BC989-CE16-42F2-97CF-CD04EDDEFB1B}C:\users\glenn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\glenn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{5588A0CA-16DB-4786-B76F-698E6224C5C9}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{C92DA284-2E2A-4FB9-80FF-B1F61F9D9843}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{5282CED4-71EF-46E9-981F-17EB0B0743F3}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [UDP Query User{D517C22C-678D-42A1-BB29-195206544144}C:\diablo\diablo.exe] => (Allow) C:\diablo\diablo.exe
FirewallRules: [{16F908D0-D127-4C35-9B45-1C07602483ED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C2BB44C-FBAF-44D5-A9DB-34131617AEDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7FCB63D1-BE17-422A-93B8-EA297C6D9002}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{30AF3DA9-A960-4E6C-9535-16F834248BAD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{4825EA97-99D2-4DB5-8E48-C53C5CD4A3B6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6BA09DE2-633C-4B7D-BD50-A4E3864D673E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D74EADE0-82E1-4D8C-A9B9-A34E98184188}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5DB9F445-1822-42B1-885A-3FFF23971224}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{74BC2AD8-7D02-4837-979B-0FBF2CA69143}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DA0701A9-855B-4F29-9656-7A9EB3A74C1D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E165EB1A-8773-47AB-A2A7-927877454791}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

13-07-2016 10:11:27 Scheduled Checkpoint
14-07-2016 19:21:10 Windows Update
14-07-2016 19:45:47 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
14-07-2016 19:46:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
15-07-2016 14:41:09 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/17/2016 02:04:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999

Error: (07/17/2016 02:04:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999

Error: (07/17/2016 02:04:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2016 11:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4010

Error: (07/14/2016 11:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4010

Error: (07/14/2016 11:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2016 11:39:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (07/14/2016 11:39:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011

Error: (07/14/2016 11:39:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/14/2016 11:39:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013


System errors:
=============
Error: (07/17/2016 05:35:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 04:35:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 03:29:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 01:47:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 10:57:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 08:10:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 03:34:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 03:27:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B8FB4AD7-EA4A-4B47-BFDC-BFC94160A8EA}

Error: (07/17/2016 01:55:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.


Error: (07/17/2016 12:55:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5 = Access is denied.



CodeIntegrity:
===================================
  Date: 2016-07-13 08:44:18.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:44:18.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:44:18.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:44:18.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\WinSxS\amd64_iastorav.inf_31bf3856ad364e35_10.0.10586.0_none_171a7c5ec4807d75\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:42.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:42.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:42.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:42.819
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_e9e1b7ce2ab0e894\iaStorAV.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:35.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0296217.inf_amd64_5c110cd680d977f2\B296168\atikmdag.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 08:42:35.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\c0296217.inf_amd64_5c110cd680d977f2\B296168\atikmdag.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 60%
Total physical RAM: 8109.11 MB
Available physical RAM: 3210.68 MB
Total Virtual: 16216.37 MB
Available Virtual: 10791.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:256.09 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDB75CE3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 18 July 2016 - 08:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
U0 ttrdiw; C:\Windows\System32\drivers\alwbsqv.sys [79064 2016-07-15] (Malwarebytes)
U3 aadh5szh; C:\Windows\System32\Drivers\aadh5szh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
U2 SBKUPNT; no ImagePath
C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\System32\drivers\alwbsqv.sys
C:\Windows\System32\Drivers\aadh5szh.sys
Task: {41ABECED-2ABE-4516-83FC-879B4DD53058} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6153CD04-FC91-4142-99A8-C255ADCAF335} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#3 HansJen

HansJen
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 18 July 2016 - 04:05 PM

Wow, that was fast! Thanks man - i've done what you asked and here is the logfile, my good sir:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016 02
Ran by Glenn (2016-07-18 22:49:55) Run:5
Running from C:\Users\Glenn\Desktop
Loaded Profiles: Glenn (Available Profiles: Glenn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellExecuteHooks-x32:  - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} =>  No
File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} =>  No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2362975480-581817718-3346835720-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-10]
U0 ttrdiw;
C:\Windows\System32\drivers\alwbsqv.sys [79064 2016-07-15] (Malwarebytes)
U3 aadh5szh; C:\Windows\System32\Drivers\aadh5szh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
U2 SBKUPNT; no ImagePath
C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\System32\drivers\alwbsqv.sys
C:\Windows\System32\Drivers\aadh5szh.sys
Task: {41ABECED-2ABE-4516-83FC-879B4DD53058} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {6153CD04-FC91-4142-99A8-C255ADCAF335} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value removed successfully
HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => key removed successfully
HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => key removed successfully
HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => key not found.
File => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => key removed successfully
HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => key removed successfully
HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => key removed successfully
HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2362975480-581817718-3346835720-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => key removed successfully
HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
ttrdiw => service not found.
"C:\Windows\System32\drivers\alwbsqv.sys [79064 2016-07-15] (Malwarebytes)" => not found.
aadh5szh => service not found.
NVHDA => service removed successfully
SBKUPNT => service removed successfully
"C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Windows\System32\drivers\alwbsqv.sys" => not found.
"C:\Windows\System32\Drivers\aadh5szh.sys" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41ABECED-2ABE-4516-83FC-879B4DD53058}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41ABECED-2ABE-4516-83FC-879B4DD53058}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6153CD04-FC91-4142-99A8-C255ADCAF335}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6153CD04-FC91-4142-99A8-C255ADCAF335}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14418250 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 526970 B
Edge => 0 B
Chrome => 14284335 B
Firefox => 379221206 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83391 B
systemprofile32 => 82470 B
LocalService => 66228 B
NetworkService => 2482 B
Glenn => 156626255 B

RecycleBin => 5225740 B
EmptyTemp: => 544.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:53:07 ====

 

I have a 2nd internal disc with win10 installed - do you think it has been compromised also? Would you mind checking a FRST-log on that?

 

Thanks again!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 19 July 2016 - 07:22 AM



Any issues at the moment.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


==

I have a 2nd internal disc with win10 installed - do you think it has been compromised also? Would you mind checking a FRST-log on that?


You mean Windows 10 is installed on an other partition on the Disk?

It should be OK as the infection we identified is not a WORM.

To check you would have to run Farbar on that partition and post the FRST and Addition.txt file on a new topic.
We do not service two operating system or computer on the same topic.

If you create a new topic and want me to review the files, post the URL here and I will expedite the matter.

===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,557 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:16 AM

Posted 25 July 2016 - 07:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users