Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 CMD windows flash by twice a day


  • This topic is locked This topic is locked
4 replies to this topic

#1 Neroner

Neroner

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 13 August 2016 - 03:00 AM

Twice a day or so 2 really fast cmd windows pop up and takes the window "focus" and then goes away and which window was open is back in focus.

At first I thought it was either kaspersky updates or CCleaner Professional updates.

I turned kaspersky to only update on application startup and I have now turned off auto check for updates on CCleaner to see if that is it. (EDIT: Did not change anything.)

 

Will try and look at the clock to see if it's running at the same time over and over and update this post.

 

EDIT: Got it around 04:14 and didn't find anything in the event logs that matched.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Andreas (administrator) on ANDREAS-PC (13-08-2016 09:42:29)
Running from D:\Downloads
Loaded Profiles: Andreas (Available Profiles: Andreas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Sandboxie Holdings, LLC) D:\Programs\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() D:\Programs\Rainmeter\Rainmeter.exe
(Flux Software LLC) C:\Users\Andreas\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Andreas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [TBPanel] => D:\Programs\EXPERTool\TBPanel.exe [2194728 2014-09-19] (Gainward Co. Ltd.)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2852128 2016-08-03] (Valve Corporation)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [Rainmeter] => D:\Programs\Rainmeter\Rainmeter.exe [36536 2014-05-25] ()
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [f.lux] => C:\Users\Andreas\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\Run: [Spotify Web Helper] => C:\Users\Andreas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-11] (Spotify Ltd)
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\MountPoints2: {635c468f-681d-11e5-8254-7824af9a695a} - F:\setup.exe
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\...\MountPoints2: {8979c2f3-a590-11e5-965a-7824af9a695a} - F:\setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2016-05-11] ()
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2016-08-12]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\Andreas\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2541314E-B887-45C7-98E5-8A51AE5D4681}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{DF36902C-DBCD-4798-874D-3D83E8E72FF8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E9794571-64D8-4C7E-BE2B-D99E1A84E0F9}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-415044314-3854571534-1015072983-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-18] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2016-05-14] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @bittorrent.com/BitTorrentDNA -> C:\Program Files (x86)\BitTorrent_DNA\npbtdna.dll [2015-06-19] (BitTorrent, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE8 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-05-25] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-05-25] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_074028 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-05-25] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logicool\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE8@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_074028@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-05-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mangareader.net/
CHR StartupUrls: Default -> "hxxp://www.mangareader.net/"
CHR DefaultSearchURL: Default -> hxxps://www.google.com/search?sugexp=chrome,mod=15&sourceid=chrome&ie=UTF-8&q={searchTerms}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2016-01-14]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Cast) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (uBlock Origin) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-08-07]
CHR Extension: (Steam inventory helper) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-08-10]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-08-03]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-07-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2016-05-14]
CHR Extension: (Tampermonkey) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-25]
CHR Extension: (IMDB - add Rottentomatoes info) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhmlipoakdghhhemjmefopbcdcobiphp [2016-08-08]
CHR Extension: (SteamRep Checker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\egnijmkeaaclmednfcjhmhangbfipidf [2015-11-14]
CHR Extension: (Lounge Assistant) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2014-12-31]
CHR Extension: (LoungeDestroyer) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl [2016-04-27]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-11]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2014-10-03]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-01-14]
CHR Extension: (GAuth Authenticator) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilgcnhelpchnceeipipijaljkblbcobl [2015-12-10]
CHR Extension: (Disconnect) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-21]
CHR Extension: (CS:GO Lounge Bump Bot) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhfkidfnhjcjjamcbdepeohblphlamgk [2015-04-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (Google Mail Checker) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Twitch Buffering Fix) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnahmgokconolakhpdmgnmgaokhjcncb [2016-08-01]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-08-06]
CHR Extension: (Recently Closed Tabs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2016-01-14]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-08]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2016-01-14]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-28] (Kaspersky Lab ZAO)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-01] ()
S3 Disc Soft Lite Bus Service; D:\Programs\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
S3 GalaxyClientService; D:\Programs\GalaxyClient\GalaxyClientService.exe [246328 2016-06-01] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6167096 2016-06-01] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S2 MBAMService; D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programs\Origin\OriginClientService.exe [2104840 2016-02-25] (Electronic Arts)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76152 2015-10-09] ()
R2 SbieSvc; D:\Programs\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-01] (Broadcom Corporation.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-28] (Kaspersky Lab UK Ltd)
S3 CorsairGamingAudioService; C:\Windows\System32\DRIVERS\CorsairGamingAudioamd64.sys [97280 2015-08-03] (Corsair Components, Inc.) [File not signed]
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-08-03] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-08-03] (Corsair)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-12-19] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2015-12-19] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-14] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-03-06] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2016-05-14] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2016-05-27] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-25] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843696 2016-05-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-25] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [49008 2016-05-14] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [47992 2016-05-14] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-28] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-28] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [89272 2016-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2016-05-14] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SbieDrv; D:\Programs\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-13] ()
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
S1 ESEADriver2; \??\C:\Users\Andreas\AppData\Local\Temp\ESEADriver2.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-13 09:42 - 2016-08-13 09:42 - 00000000 ____D C:\FRST
2016-08-12 02:33 - 2016-08-12 02:33 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iStripper
2016-08-11 20:12 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-08-11 20:12 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-08-11 20:12 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-08-11 20:12 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-08-11 20:12 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-08-11 20:12 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-08-11 20:12 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-08-11 20:12 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-08-11 20:12 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-08-11 20:12 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-08-11 20:12 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-08-11 20:12 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-08-11 20:12 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-08-11 20:12 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-08-11 20:12 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-08-11 20:12 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-08-11 20:12 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-08-11 20:12 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-08-11 20:12 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-08-11 20:12 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-08-11 20:12 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-08-11 20:12 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-08-11 20:12 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-11 20:12 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-08-11 20:12 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-08-11 20:12 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-08-11 20:12 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-08-11 20:12 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-08-11 20:12 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-08-11 20:12 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-08-11 20:12 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-08-11 20:12 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-08-11 20:12 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-08-11 20:12 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-08-11 20:12 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-08-11 20:12 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-08-11 20:12 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-08-11 20:12 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-08-11 20:12 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-08-11 20:12 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-08-11 20:12 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-08-11 20:12 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-08-11 20:12 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-08-11 20:12 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-08-11 20:12 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-08-11 20:12 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-08-11 20:12 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-08-11 20:12 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-11 20:12 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-08-11 20:12 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-08-11 20:12 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-08-11 20:12 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-08-11 20:12 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-08-11 20:12 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-08-11 20:12 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-08-11 20:12 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-08-11 20:12 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-08-11 20:12 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-08-11 20:12 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-08-11 20:12 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-08-11 20:12 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-08-11 20:12 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-08-11 20:12 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-08-11 20:12 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-08-11 20:12 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-08-11 20:12 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-08-11 20:12 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-11 20:12 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-11 20:12 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-11 20:12 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-11 20:12 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-11 20:12 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-11 20:12 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-11 20:12 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-11 20:12 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-11 20:12 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-11 20:12 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-11 20:12 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-11 20:12 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-11 20:12 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-11 20:11 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-01 17:10 - 2016-08-01 17:10 - 00110144 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-64.dll
2016-07-23 04:34 - 2016-07-23 04:34 - 00000000 ____D C:\windows\EOONotify
2016-07-23 04:32 - 2016-06-06 18:50 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-07-23 04:32 - 2016-06-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-07-23 04:32 - 2016-06-06 18:50 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-07-23 04:32 - 2016-06-06 18:50 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-07-23 04:32 - 2016-06-06 17:23 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-07-23 04:32 - 2016-06-06 17:23 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-07-23 04:32 - 2016-06-06 17:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-07-23 04:32 - 2016-06-06 17:23 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-07-19 21:04 - 2016-07-11 04:13 - 01887800 _____ (NVIDIA Corporation) C:\windows\system32\NvCamera64.dll
2016-07-19 21:04 - 2016-07-11 04:13 - 01595840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvCamera32.dll
2016-07-19 21:04 - 2016-07-11 00:36 - 00127424 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2016-07-19 21:04 - 2016-05-04 04:23 - 00129824 _____ C:\windows\SysWOW64\vulkan-1.dll
2016-07-19 21:04 - 2016-05-04 04:22 - 00130848 _____ C:\windows\system32\vulkan-1.dll
2016-07-19 21:04 - 2016-05-04 04:22 - 00045344 _____ C:\windows\system32\vulkaninfo.exe
2016-07-19 21:04 - 2016-05-04 04:22 - 00040224 _____ C:\windows\SysWOW64\vulkaninfo.exe
2016-07-19 21:03 - 2016-07-15 20:15 - 01579976 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco6420103.dll
2016-07-19 21:03 - 2016-07-15 20:15 - 00214592 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2016-07-19 21:03 - 2016-07-15 20:15 - 00046016 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 39977920 _____ C:\windows\system32\nvcompiler.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 35115968 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 31640512 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 25414080 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 19220352 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 17321352 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 16790552 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 14371384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 13581880 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-07-19 21:03 - 2016-07-11 04:13 - 10691632 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 10234336 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 09020656 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 08615336 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 03840096 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 03542072 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 03393576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 03099072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 01001016 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00930360 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00909880 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00852024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00544120 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00490744 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00459320 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00444472 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00406064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00394808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00177952 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00155768 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00153416 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2016-07-19 21:03 - 2016-07-11 04:13 - 00131584 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 10656112 _____ C:\windows\system32\nvptxJitCompiler.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 08742360 _____ C:\windows\SysWOW64\nvptxJitCompiler.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 01939000 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6436881.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 01571776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6436881.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 00694672 _____ C:\windows\system32\nvfatbinaryLoader.dll
2016-07-19 20:50 - 2016-07-11 04:13 - 00583736 _____ C:\windows\SysWOW64\nvfatbinaryLoader.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-13 09:35 - 2015-05-17 04:30 - 00000992 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d090496aa5cbf7.job
2016-08-13 09:29 - 2016-07-04 17:20 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-13 09:29 - 2014-10-03 18:03 - 00000992 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-13 09:22 - 2015-11-12 05:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-13 01:29 - 2014-10-03 18:03 - 00000988 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-12 22:58 - 2016-05-14 22:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-12 22:57 - 2009-07-14 06:45 - 00028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-12 22:57 - 2009-07-14 06:45 - 00028944 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-12 22:49 - 2009-07-14 07:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-12 22:49 - 2009-07-14 05:20 - 00000000 ____D C:\windows\inf
2016-08-12 22:42 - 2015-10-28 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-12 22:42 - 2015-05-17 04:30 - 00000988 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0904969a213c9.job
2016-08-12 22:42 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-12 07:20 - 2009-07-14 06:45 - 00278352 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-12 02:41 - 2014-10-06 19:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\vlc
2016-08-12 01:32 - 2014-08-26 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-11 20:16 - 2014-10-05 17:44 - 00000000 ____D C:\windows\system32\MRT
2016-08-11 20:12 - 2014-10-05 17:44 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-11 04:02 - 2015-11-06 16:54 - 00000000 ____D C:\Users\Andreas\AppData\Local\Spotify
2016-08-11 04:02 - 2014-10-03 18:49 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Spotify
2016-08-08 22:31 - 2014-10-03 18:03 - 00002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-04 20:01 - 2015-05-14 03:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 18:37 - 2014-10-19 22:39 - 00000000 ____D C:\ProgramData\Oracle
2016-08-01 17:10 - 2015-08-31 16:02 - 00000000 ____D C:\Users\Andreas\.oracle_jre_usage
2016-08-01 17:10 - 2014-10-19 22:38 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-01 17:10 - 2014-08-26 22:14 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2016-08-01 17:10 - 2014-08-26 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-01 17:10 - 2014-08-26 22:14 - 00000000 ____D C:\Program Files\Java
2016-08-01 17:09 - 2016-02-02 13:42 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-08-01 14:53 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2016-08-01 03:45 - 2010-11-21 09:16 - 00000000 ____D C:\windows\ShellNew
2016-07-28 22:30 - 2015-05-17 04:30 - 00003988 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d090496aa5cbf7
2016-07-28 22:30 - 2015-05-17 04:30 - 00003736 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0904969a213c9
2016-07-26 14:24 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-23 13:28 - 2016-07-04 17:20 - 00003894 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-23 13:28 - 2014-10-03 18:48 - 00000000 ____D C:\Users\Andreas\AppData\Local\Adobe
2016-07-23 13:28 - 2014-09-29 14:46 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-23 13:28 - 2014-09-29 14:46 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-23 13:28 - 2014-09-29 14:46 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-23 13:28 - 2014-09-29 14:46 - 00000000 ____D C:\windows\system32\Macromed
2016-07-23 04:32 - 2015-04-04 03:00 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-07-23 04:32 - 2015-04-04 03:00 - 00000000 ___SD C:\windows\system32\GWX
2016-07-21 12:27 - 2016-07-02 16:10 - 00000000 ____D C:\Program Files\CCleaner
2016-07-20 15:33 - 2014-10-18 15:54 - 00000000 ____D C:\Users\Andreas\AppData\Local\CrashDumps
2016-07-19 21:06 - 2014-10-06 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-19 21:04 - 2016-05-02 19:10 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-19 21:04 - 2014-09-29 14:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-19 21:04 - 2014-09-29 14:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-19 21:04 - 2014-09-29 14:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-18 12:08 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-10-14 17:59 - 2014-10-14 17:59 - 0007605 _____ () C:\Users\Andreas\AppData\Local\Resmon.ResmonCfg
2016-05-14 21:28 - 2016-05-14 21:28 - 0235488 _____ () C:\ProgramData\1463254071.bdinstall.bin
2016-05-14 21:28 - 2016-05-14 21:28 - 0027613 _____ () C:\ProgramData\1463254106.bdinstall.bin
2015-11-25 16:47 - 2015-11-25 16:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\jre-8u101-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-08 12:47
 
==================== End of FRST.txt ============================

Edited by Neroner, 14 August 2016 - 12:06 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:52 PM

Posted 14 August 2016 - 09:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logicool\SetPointP\LogiSmoothFirefoxExt => not found
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

I also need to see the Addition.txt log that was created by the Farbar tool.
Please paste it in your next reply.

#3 Neroner

Neroner
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 14 August 2016 - 10:33 AM

Ill let you know if it persists.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Andreas (2016-08-14 17:29:00) Run:1
Running from D:\Downloads
Loaded Profiles: Andreas (Available Profiles: Andreas)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logicool\SetPointP\LogiSmoothFirefoxExt => not found
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
S1 BdfNdisf; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 xhunter1; \??\C:\windows\xhunter1.sys [X]
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value removed successfully
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => not found.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
BdfNdisf => service removed successfully
klkbdflt2 => service could not remove
SDHookDriver => service removed successfully
xhunter1 => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21625896 B
Java, Flash, Steam htmlcache => 269979020 B
Windows/system/drivers => 7962560 B
Edge => 0 B
Chrome => 600686220 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 22906 B
Andreas => 10169330 B
 
RecycleBin => 0 B
EmptyTemp: => 876.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:29:10 ====

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:52 PM

Posted 14 August 2016 - 12:47 PM

Your Addition.txt file is clean.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:52 PM

Posted 20 August 2016 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users