Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slower Performance, abnormal windows update usage, and broken system restore


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tomatoo

Tomatoo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 04 December 2016 - 06:58 PM

Hello.
 
For a few months my windows update has been completely broken. As soon as i start my computer it is using a constant 20-25% CPU usage until i manually stop the service, and usually it starts back up later. When i say constant, i mean i can have my computer on for 5 hours and it is always using the same amount of CPU power. When i try to download updates it stays at 0% forever, never getting anywhere. I'm not sure if it's maleware or just simply broken.
 
Second, a couple days ago i launched some of my favorite games and there is an immediate noticible decrease in performance when nothing has changed, same up to date drivers, same games, same temps on CPU/GPU. (i checked the "Slow Computer/browser? Check Here First; It May Not Be Malware" thread, everything is okay). Maybe its some sort of mining virus?
 
As a result of this second issue i have attempted a few different restore points from the last week but every single time in the process my computer seems to boot down in the middle then doing a disk check on startup (and sees nothing wrong), then when windows loads it tells me it was unable to do restore (i forget exactly what the error said).
 
 
Windows 7 64 bit
GTX 780
i5 2500
 
 
 
I respond fast. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-12-2016
Ran by Vikingur (administrator) on VIKINGUR-GAMING (04-12-2016 15:40:52)
Running from Q:\Users\Vikingur\Downloads
Loaded Profiles: Vikingur (Available Profiles: Vikingur)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) F:\Programs\SUPERAntiSpyware\SASCore64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() Q:\Program Files (x86)\Autodesk\mentalray\satellite\raysat_3dsmax9_32server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-10] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-10] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14850168 2015-08-29] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-10-03] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-03] (Autodesk Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2014-10-03]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Vikingur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-10-24]
ShortcutTarget: Curse.lnk -> C:\Users\Vikingur\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{E0E8C083-7AF1-42A6-BA6E-89E26C45AEE3}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2494524723-2272121240-4141452648-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2494524723-2272121240-4141452648-1000 -> {96FB9EA0-9555-46BC-A97C-1324F59377BF} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-31] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2014-10-03] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-31] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2014-10-03] (Kaspersky Lab ZAO)

FireFox:
========
FF ProfilePath: C:\Users\Vikingur\AppData\Roaming\Mozilla\Firefox\Profiles\9zgzijn4.default [2016-12-04]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9zgzijn4.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9zgzijn4.default -> Google
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-02-17] [not signed]
FF HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/EPPEX -> F:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2494524723-2272121240-4141452648-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vikingur\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default [2016-12-04]
CHR Extension: (Google Slides) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-15]
CHR Extension: (Google Docs) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-15]
CHR Extension: (Google Drive) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-15]
CHR Extension: (YouTube) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-15]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2016-06-15]
CHR Extension: (Google Sheets) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-15]
CHR Extension: (AdBlock) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23]
CHR Extension: (Video Downloader Pro) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-10-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2016-06-15]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-15]
CHR Extension: (Stop Reclame) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmkcnojelglgphmkgmofjlmpoelccjh [2016-11-23]
CHR Extension: (Gmail) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\Vikingur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; F:\Programs\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-03] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2016-11-30] (Autodesk) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2014-10-03] (Kaspersky Lab ZAO)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [389392 2016-11-02] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; F:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-08-29] (Logitech Inc.)
S3 mi-raysat_3dsmax2015_64; F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-14] () [File not signed]
R2 mi-raysat_3dsmax9_32; Q:\Program Files (x86)\Autodesk\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2118664 2016-12-03] (Electronic Arts)
S2 Origin Web Helper Service; F:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180112 2016-12-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-09-19] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-09-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-05] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-10-03] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-03] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-10-03] (Kaspersky Lab ZAO) [File not signed]
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-10-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-10-03] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-10-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-10-03] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-10-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R1 SASDIFSV; F:\Programs\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\Programs\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\F:\Temp\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 15:40 - 2016-12-04 15:40 - 00000000 ____D C:\FRST
2016-12-04 15:18 - 2016-12-04 15:18 - 00022394 _____ C:\ComboFix.txt
2016-12-04 15:09 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-04 15:09 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-04 15:09 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-04 15:09 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-04 15:09 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-04 15:09 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-04 15:09 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-04 15:09 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-04 15:08 - 2016-12-04 15:18 - 00000000 ____D C:\Qoobox
2016-12-04 15:07 - 2016-12-04 15:15 - 00000000 ____D C:\Windows\erdnt
2016-12-04 14:40 - 2016-12-04 14:40 - 00009984 ____N C:\bootsqm.dat
2016-12-03 10:19 - 2016-12-03 10:19 - 00000000 ____D C:\Users\Vikingur\AppData\LocalLow\Bossa Studios
2016-12-02 21:27 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-02 21:27 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-02 21:27 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-12-02 21:27 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-02 21:27 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-02 21:27 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-02 21:27 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-02 21:27 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-02 21:27 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-02 21:27 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-02 21:27 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-02 21:27 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-02 21:27 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-02 21:27 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-12-02 21:27 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-12-02 21:27 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-02 21:27 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-02 21:27 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-02 21:27 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-02 21:27 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-02 21:27 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-02 21:27 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-02 21:27 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-02 21:27 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-02 21:27 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-12-02 21:27 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-12-02 21:27 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-02 21:27 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-02 21:27 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-12-02 21:27 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-12-02 21:27 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-02 21:27 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-12-02 21:27 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-02 21:27 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-12-02 21:27 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-12-02 21:27 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-02 21:27 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-02 21:27 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-12-02 21:27 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-02 21:27 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-12-02 21:27 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-02 21:27 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-12-02 21:27 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-02 21:27 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-12-02 21:27 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-02 21:27 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-12-02 21:27 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-02 21:27 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-12-02 21:27 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-02 21:27 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-12-02 21:27 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-02 21:27 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-12-02 21:27 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-02 21:27 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-12-02 21:27 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-02 21:27 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-02 21:27 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-12-02 21:27 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-02 21:27 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-12-02 21:27 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-02 21:23 - 2016-12-02 21:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-12-02 21:23 - 2016-09-09 10:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-12-02 21:23 - 2016-09-09 10:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-12-02 21:23 - 2016-09-09 10:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-12-02 21:23 - 2016-09-09 10:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-12-02 21:22 - 2016-11-24 12:54 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 28139576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 17440928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 14057528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-12-02 21:22 - 2016-11-24 12:54 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 10346208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 08754344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 03643840 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437609.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437609.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 01036736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-12-02 21:22 - 2016-11-24 12:54 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-12-02 21:17 - 2016-11-17 05:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-12-02 21:17 - 2016-11-17 05:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-12-02 21:17 - 2016-11-17 05:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-30 14:56 - 2016-11-30 14:56 - 00001643 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk
2016-11-25 19:50 - 2016-11-25 22:35 - 00000000 ____D C:\Users\Vikingur\AppData\LocalLow\Fireproof Games
2016-11-18 17:28 - 2016-12-04 15:32 - 00000000 ____D C:\Users\Vikingur\AppData\LocalLow\Mozilla
2016-11-17 20:34 - 2016-12-02 08:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 21:11 - 2016-11-10 15:48 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437586.dll
2016-11-15 21:11 - 2016-11-10 15:48 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437586.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 15:41 - 2016-06-15 19:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-04 15:41 - 2016-06-15 19:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-04 15:33 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-04 15:33 - 2009-07-13 20:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-04 15:32 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-04 15:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-04 15:26 - 2016-08-07 10:38 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\Curse Client
2016-12-04 15:26 - 2016-06-15 18:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 15:26 - 2014-10-03 19:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-04 15:25 - 2016-08-09 11:02 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-04 15:25 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-04 15:21 - 2014-10-17 18:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-04 15:18 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-12-04 15:14 - 2015-01-07 18:20 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\Temp
2016-12-04 15:14 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-12-04 15:06 - 2014-10-03 23:00 - 00000000 ____D C:\AdwCleaner
2016-12-04 14:49 - 2015-04-04 20:41 - 00000000 ___SD C:\Windows\system32\GWX
2016-12-04 14:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2016-12-04 01:16 - 2014-10-04 22:25 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\uTorrent
2016-12-04 00:50 - 2016-01-26 18:19 - 00000000 ____D C:\Users\Vikingur\AppData\LocalLow\uTorrent
2016-12-04 00:23 - 2014-10-03 22:11 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\Origin
2016-12-04 00:23 - 2014-10-03 22:10 - 00000000 ____D C:\ProgramData\Origin
2016-12-04 00:11 - 2014-10-06 20:16 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\vlc
2016-12-02 21:17 - 2016-10-20 20:21 - 00003852 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00003852 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00003802 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00003790 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00003614 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00003554 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-12-02 21:17 - 2016-10-20 20:21 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-12-02 21:17 - 2014-10-03 15:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-12-02 21:17 - 2014-10-03 15:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-02 21:17 - 2014-10-03 15:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-02 08:46 - 2014-10-31 07:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 15:03 - 2009-07-13 18:34 - 00017661 _____ C:\Windows\system32\Drivers\etc\services
2016-11-30 14:57 - 2014-10-14 16:54 - 00000000 ____D C:\ProgramData\Autodesk
2016-11-30 14:56 - 2014-10-14 18:13 - 00000000 ____D C:\Program Files (x86)\Autodesk
2016-11-30 14:56 - 2014-10-14 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-11-25 19:44 - 2014-11-28 09:46 - 00000047 _____ C:\Users\Vikingur\jagex_cl_oldschool_LIVE.dat
2016-11-24 22:55 - 2014-10-05 15:29 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\Skype
2016-11-24 15:01 - 2014-10-03 15:15 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-11-24 15:01 - 2014-10-03 15:15 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-11-24 15:01 - 2014-10-03 15:15 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-11-24 15:01 - 2014-10-03 15:15 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-11-24 15:01 - 2014-10-03 15:15 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-11-24 12:54 - 2016-10-21 12:40 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-24 12:54 - 2016-09-23 10:59 - 17373312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-24 12:54 - 2015-08-12 08:15 - 19948848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-24 12:54 - 2015-08-12 08:15 - 03941720 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-24 12:54 - 2015-08-12 08:15 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-24 12:54 - 2014-10-03 15:05 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-11-24 11:39 - 2016-10-20 20:21 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-11-24 11:39 - 2016-08-09 11:02 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 02477624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-24 11:39 - 2016-08-09 11:02 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-23 04:58 - 2016-08-09 11:02 - 07538847 _____ C:\Windows\system32\nvcoproc.bin
2016-11-17 05:45 - 2016-10-20 20:21 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-11-17 05:45 - 2016-10-20 20:21 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-11-17 05:45 - 2016-10-20 20:21 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-11-17 05:45 - 2016-10-20 20:21 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-11-17 05:45 - 2016-10-20 20:21 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-11-14 15:42 - 2016-06-15 19:27 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 15:42 - 2016-06-15 19:27 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-09 10:21 - 2014-10-17 18:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-09 09:21 - 2014-10-03 19:47 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-09 09:21 - 2014-10-03 19:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-09 09:21 - 2014-10-03 19:47 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-09 09:21 - 2014-10-03 14:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 14:29 - 2015-07-20 11:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-06 13:38 - 2016-10-11 18:23 - 00000000 ____D C:\Users\Vikingur\AppData\Roaming\DMCache
2016-11-05 14:08 - 2015-07-20 11:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-06-01 21:28 - 2016-06-06 19:40 - 0000034 _____ () C:\Users\Vikingur\AppData\Roaming\AdobeWLCMCache.dat
2014-10-03 16:35 - 2014-10-03 16:35 - 0000044 _____ () C:\Users\Vikingur\AppData\Roaming\WB.CFG
2015-07-02 13:26 - 2015-07-02 13:26 - 0003584 _____ () C:\Users\Vikingur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-16 22:12 - 2016-02-16 14:40 - 1065984 _____ () C:\Users\Vikingur\AppData\Local\file__0.localstorage
2015-04-25 00:05 - 2015-04-25 00:05 - 0000000 ___SH () C:\Users\Vikingur\AppData\Local\LumaEmu
2016-09-02 20:27 - 2016-12-04 14:00 - 0007656 _____ () C:\Users\Vikingur\AppData\Local\Resmon.ResmonCfg
2015-05-30 16:19 - 2015-05-30 16:19 - 0000000 ___SH () C:\ProgramData\.rdata

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-24 17:06

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2016
Ran by Vikingur (04-12-2016 15:41:06)
Running from Q:\Users\Vikingur\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-10-03 20:00:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2494524723-2272121240-4141452648-500 - Administrator - Disabled)
Guest (S-1-5-21-2494524723-2272121240-4141452648-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2494524723-2272121240-4141452648-1002 - Limited - Enabled)
Vikingur (S-1-5-21-2494524723-2272121240-4141452648-1000 - Administrator - Enabled) => C:\Users\Vikingur

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.11 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
3dsmax ancillary install (x32 Version: 1 - Autodesk) Hidden
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b216 - Acoustica)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Airships: Conquer the Skies (HKLM\...\Steam App 342560) (Version: - David Stark)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Ansel (Version: 376.09 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.1.149.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.1.149.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk 3ds Max 2015 SP1 (HKLM\...\Autodesk 3ds Max 2015 SP1) (Version: 17.1.149.0 - Autodesk)
Autodesk 3ds Max 9 32-bit (HKLM-x32\...\{E96D4088-AAC5-437F-9E39-EC0E387897B4}) (Version: 9.2.0.114 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 3.0.159.0 - Autodesk)
Autodesk Backburner 2015 (HKLM-x32\...\{8C5F38D2-8EFE-49A4-B3F5-BF3210FED168}) (Version: 15.0.0.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
Autodesk DWF Viewer 7 (HKLM-x32\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.0.0 - Autodesk, Inc.)
Autodesk Inventor Server Engine for 3ds Max 2015 (HKLM\...\{9167CA34-4E48-49E3-8892-3C439739D2D3}) (Version: 17.0.2 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (HKLM\...\Autodesk Revit Interoperability for 3ds Max 2015) (Version: 15.0.166.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2015 (Version: 15.0.166.0 - Autodesk) Hidden
Backburner (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2007.0 - Discreet)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942 DRK Edition (HKLM-x32\...\{8209C8D7-3536-4FB3-8A3F-73A3858C2861}) (Version: 1.00.0060 - SRDDonkey Productions)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.10.265 - Electronic Arts)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version: - BeamNG)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
bf2battlelog (HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\bf2battlelog) (Version: 0.4.26 - Spencer Sharkey)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.93 - BitTorrent Inc.)
Block N Load Beta (HKLM-x32\...\Steam App 299360) (Version: - Jagex)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order)
Contrast (HKLM\...\Steam App 224460) (Version: - Compulsion Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Epic Games Launcher (HKLM-x32\...\{F9E7706A-FCFE-40D2-9B58-45567B3E1F3F}) (Version: 1.1.69.0 - Epic Games, Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.95 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.95 - Etron Technology) Hidden
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FBX Plugin 2006.08 for Max 9.0 (HKLM-x32\...\FBX Plugin 2006.08 for Max 9.0) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{E114E635-F06E-43B4-A800-74A22536B1B0}) (Version: 4.30.472.0 - Futuremark)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.61.0 - International GeoGebra Institute)
GoldenEye: Source (HKLM-x32\...\gesource) (Version: 5.0 - The GoldenEye: Source Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
House of Caravan (HKLM\...\Steam App 353550) (Version: - Rosebud Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kerbal Space Program (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.2 - Squad)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Killing Floor 2 (HKLM-x32\...\Steam App 232090) (Version: - Tripwire Interactive)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.98 - Logitech Inc.)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Mad Max v.1.0.1.1 (HKLM-x32\...\Mad Max_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.62.1 - Black Tree Gaming)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.3.2.64936 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Penumbra: Requiem (HKLM\...\Steam App 22140) (Version: - Frictional Games)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios)
Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.3 - Project Reality)
Project Reality: WW2 (HKLM\...\Project Reality: WW2 (pr_ww2)_is1) (Version: v0.2 - Project Reality)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Rochard (HKLM\...\Steam App 107800) (Version: - Recoil Games)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
S.T.A.L.K.E.R.: Clear Sky (HKLM\...\Steam App 20510) (Version: - GSC Game World)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM\...\Steam App 218) (Version: - Valve)
Squad (HKLM\...\Steam App 393380) (Version: - Offworld Industries)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Surgeon Simulator (HKLM\...\Steam App 233720) (Version: - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Forest (HKLM\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Stanley Parable (HKLM\...\Steam App 221910) (Version: - Galactic Cafe)
The Witcher 3 Wild Hunt Complete version 1.22.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt Complete_is1) (Version: 1.22.0.0 - Mr DJ)
This War of Mine - The Little Ones (HKLM-x32\...\This War of Mine - The Little Ones_is1) (Version: - )
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.0.0f4 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Verdun (HKLM-x32\...\Steam App 242860) (Version: - M2H)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
War Thunder (HKLM\...\Steam App 236390) (Version: - Gaijin Entertainment)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: 0.0.0.0 - Blizzard Entertainment)
We Happy Few (HKLM\...\Steam App 320240) (Version: - Compulsion Games)
We Happy Few (HKLM-x32\...\1296814897_is1) (Version: 2.5.0.7 - GOG.com)
Windows Driver Package - XYZ Printing, Inc. (usbser) Ports (01/08/2013 6.0.0.0) (HKLM\...\338D7F76F2755F87D782D371F9638E1AFF90D233) (Version: 01/08/2013 6.0.0.0 - XYZ Printing, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XYZware 1.1.31.7 (HKLM-x32\...\XYZware_is1) (Version: 1.1.31.7 - XYZprinting)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04189C9F-8317-41D0-BFF5-9779AEFEDE05} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {1B876AEC-9121-4596-8E92-6CCB743D201B} - \{5F270125-6E8F-4007-BFF5-26783BAC0916} -> No File <==== ATTENTION
Task: {20120BD3-B1DD-49D6-A160-77DBB5F4B518} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {26884326-D83B-40AB-B05E-BF014EB7B71A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {294D4841-A480-4284-BB11-A3891E648CC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {323B26EB-4DC7-4877-98D6-89264A3C6A7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5A9FB04A-CAEB-4212-B3F4-29900600C292} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {5C5A83CF-389D-4409-B4BE-4B0E9CCFC9F2} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {6EEE4AF5-6CB4-4168-B949-8E06AB2EE19B} - System32\Tasks\{434FBF40-4BA0-46A5-A2D5-B4D9219C5806} => pcalua.exe -a "C:\Program Files (x86)\Addon control\Uninstall.exe" -c /fcp=1
Task: {A076E4E2-36EE-4A36-8947-1C2F1231CCB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {B2FDA1FA-6316-4670-BC3E-B2FF1465384D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {CA6D2CEE-4B49-4932-B8FF-E9C919CD48AA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {D02B59AF-3D4D-4B35-8C17-C824D5E71724} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {DC2DEB35-99C2-4034-8AF9-CA5CF4441650} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-29 12:48 - 2006-09-29 12:48 - 00065536 _____ () Q:\Program Files (x86)\Autodesk\mentalray\satellite\raysat_3dsmax9_32server.exe
2016-10-20 20:21 - 2016-11-17 05:45 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-20 20:21 - 2016-11-17 05:45 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 20:21 - 2016-11-17 05:45 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-08-09 11:02 - 2016-11-24 11:39 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-03 15:15 - 2008-07-10 23:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-10-03 15:15 - 2008-07-10 23:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2015-03-06 16:07 - 2015-03-06 16:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-08-29 17:44 - 2015-08-29 17:44 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 16:07 - 2015-03-06 16:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-08-29 17:44 - 2015-08-29 17:44 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-03 15:20 - 2009-07-20 11:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-10-03 15:20 - 2009-07-20 03:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-10-04 23:12 - 2015-09-19 10:35 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-10-14 17:03 - 2014-09-03 19:41 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-10-14 17:03 - 2014-09-03 19:41 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2012-08-17 20:39 - 2014-10-03 19:56 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2015-04-13 08:08 - 2016-11-17 05:45 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-20 20:21 - 2016-11-17 05:45 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-20 20:21 - 2016-11-17 05:45 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2014-10-03 15:15 - 2011-04-18 22:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2016-10-20 20:21 - 2016-11-17 05:44 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-20 20:21 - 2016-11-17 02:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-20 20:21 - 2016-11-17 02:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-20 20:21 - 2016-11-17 02:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-20 20:21 - 2016-11-17 02:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-20 20:21 - 2016-11-17 02:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-20 20:21 - 2016-11-17 02:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-20 20:21 - 2016-11-17 02:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-06-17 10:19 - 2016-06-17 10:19 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2014-10-03 14:13 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-14 14:15 - 2016-09-07 19:14 - 00784672 _____ () F:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 17:06 - 2016-08-31 17:02 - 04969248 _____ () F:\Program Files (x86)\Steam\v8.dll
2015-01-20 17:06 - 2016-08-31 17:02 - 01563936 _____ () F:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 17:06 - 2016-08-31 17:02 - 01195296 _____ () F:\Program Files (x86)\Steam\icuuc.dll
2014-10-14 14:15 - 2016-10-12 17:58 - 02321696 _____ () F:\Program Files (x86)\Steam\video.dll
2014-10-14 14:15 - 2016-01-26 23:49 - 02549760 _____ () F:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-14 14:15 - 2016-01-26 23:49 - 00442880 _____ () F:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-14 14:15 - 2016-01-26 23:49 - 00491008 _____ () F:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-14 14:15 - 2016-01-26 23:49 - 00332800 _____ () F:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-14 14:15 - 2016-01-26 23:49 - 00485888 _____ () F:\Program Files (x86)\Steam\libswscale-3.dll
2014-10-14 14:15 - 2016-10-12 17:58 - 00836896 _____ () F:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 17:41 - 2016-07-04 14:17 - 00266560 _____ () F:\Program Files (x86)\Steam\openvr_api.dll
2016-10-13 18:25 - 2016-08-04 12:56 - 49825056 _____ () F:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2015-01-20 17:06 - 2015-09-24 15:52 - 00119208 _____ () F:\Program Files (x86)\Steam\winh264.dll
2016-11-09 09:21 - 2016-11-09 09:21 - 19640512 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\.rdata:X [526]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-04 15:14 - 2016-12-04 15:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Vikingur\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Vikingur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: BCSSync => "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent Sync => "F:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Discord => C:\Users\Vikingur\AppData\Local\Discord\app-0.0.295\Discord.exe
MSCONFIG\startupreg: iTunesHelper => "F:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => F:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Voobly => "F:\Program Files (x86)\Voobly\voobly.exe" --startup
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B74F59E2-A555-493C-9AD9-BC99D2B27AA8}] => C:\Users\Vikingur\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADEA55C5-49B1-4063-B41A-B366DC95D287}] => C:\Users\Vikingur\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C1A4578-4DBD-49F1-A048-6E7398C48496}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{13A8BCF4-3C23-47E8-97AC-ADE3218CC55E}F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{276A8C9B-CA5A-4F3B-8161-C761D48D339C}F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [{4856BB48-B0AB-4597-97A7-BF39DF4DE260}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{81013EDE-08EE-4AF3-ADDF-E33C4C89182C}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85E8544B-6E60-4117-B354-1AFB3C362D6D}] => F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{ECCFC148-1EE5-4F1F-86A6-6C195254E0FC}] => F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{501F6B4D-6BE5-4832-A87A-4AEB1B3FC64E}] => F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{BFEDFD68-935B-410E-8398-9BE6586C31B0}] => F:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{774E90B9-A8E2-42E4-AD56-4D880611C95B}] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{665C14D2-CFE4-4BE3-B711-509E2EE757F2}] => F:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{C2CE0562-ACD1-42E6-9AB0-41315C88F73B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1438B9F8-FE44-417B-9951-F3B5DA611B1A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1579F66-B29C-419A-BB69-F41FA9FA8CBD}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C7883EC2-943B-4DA7-9A93-CB3CB65B37FD}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{72C08192-83BC-40CA-AB88-18FB319CB0A2}F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{2359F45D-748F-4FCF-BAA7-E1749282DEDB}F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => F:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [TCP Query User{AA07A043-11FE-44FC-9D99-7D27822A0072}C:\users\vikingur\appdata\local\hola\firefox\app\hola_plugin.exe] => C:\users\vikingur\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{E6F07D22-872C-4A66-8C16-F93DD0637EC6}C:\users\vikingur\appdata\local\hola\firefox\app\hola_plugin.exe] => C:\users\vikingur\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{71F896A1-00D0-42DC-879A-4D2968A533E6}] => F:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{6EC63895-0178-4349-AF37-EFD5D415EBC3}] => F:\Program Files (x86)\Steam\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{50D903C5-F121-4C45-8073-F9E727ABC45D}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A8C1829D-A85A-4758-BA2C-288026F4245F}] => LPort=2869
FirewallRules: [{60978F7C-9460-4DD8-9869-BB0D69BA55D3}] => LPort=1900
FirewallRules: [{7D72F288-995B-4190-BB90-646CE4C84B4B}] => F:\Program Files (x86)\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [{5DC5F7A8-639C-4DD8-BE01-DF80693BEF90}] => F:\Program Files (x86)\Steam\SteamApps\common\BeamNG.drive\BeamNG.drive.exe
FirewallRules: [TCP Query User{8F0BADCE-45D5-491B-89BD-DAEE5238E5F7}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{22FD82EE-8232-406C-960E-8F232EC419A5}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{F5E8A052-8028-4D5B-8A85-7EB04DE9AF7C}F:\program files\unity\editor\unity.exe] => F:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{AAA0363E-B791-4407-8B10-D5103DC96FB1}F:\program files\unity\editor\unity.exe] => F:\program files\unity\editor\unity.exe
FirewallRules: [{0CD070B9-28C3-41C5-92ED-C3BCBDE68113}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{90BFBE53-A17C-4955-9DA8-D4E3E8C146DC}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA7D8F46-1C0F-45A0-A2BB-C2EAE11EF36B}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7106236C-7D37-4D58-AB8C-24D3E89D816F}] => F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{76CC950A-9024-487E-81AF-61D609650F43}] => F:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{324A9F23-35A8-4228-90A0-2EE04A117015}] => F:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{1FD6F7D6-F876-45A5-BDD5-D7F74DEB4F05}F:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe] => F:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe
FirewallRules: [UDP Query User{80F4B58B-A4D7-4DF8-B9EC-A5DC1E31601D}F:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe] => F:\program files (x86)\steam\steamapps\common\beamng.drive\bin32\beamng.drive.x86.exe
FirewallRules: [TCP Query User{0077C999-9BDB-4991-8773-C5D5A3B05F71}F:\program files\rockstar games\grand theft auto v\gta5.exe] => F:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{CAE2FD05-DA97-41F8-927F-A369736D0988}F:\program files\rockstar games\grand theft auto v\gta5.exe] => F:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D8162AF6-2236-4891-86B8-484D261DD409}F:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => F:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [UDP Query User{59812F88-919A-47AB-A82D-4CF057044E08}F:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => F:\program files (x86)\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe
FirewallRules: [{B73ED4BB-73E8-4868-BAB5-07FFF3FCE8FC}] => F:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{12E0DA36-9EB7-49F6-85F8-25E9BA307E3A}] => F:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6D3B4A9C-A591-45AA-8F4C-3F5C80B46F3D}] => F:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{649FFE44-3353-4A82-A357-643EB970276F}] => F:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{80818D86-A076-46FA-A4A4-DC1F0BAEA5F6}] => F:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{601FE804-80CA-4815-BC51-D6E3152BAC83}] => F:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{3CF69249-8B52-40AE-8AD4-93BFBB277770}F:\program files (x86)\project reality\project reality bf2\prbf2.exe] => F:\program files (x86)\project reality\project reality bf2\prbf2.exe
FirewallRules: [UDP Query User{BB2F9979-639A-4157-B029-D112FD003D3C}F:\program files (x86)\project reality\project reality bf2\prbf2.exe] => F:\program files (x86)\project reality\project reality bf2\prbf2.exe
FirewallRules: [{8B249613-6B15-46E1-9556-F40C972E0A4F}] => F:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{D04FA723-63EF-42D8-9AE8-CAF785AA2FDA}] => F:\Program Files (x86)\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{69AB99BF-234A-498C-8862-402D80B64640}] => F:\Program Files (x86)\Steam\SteamApps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{4D6F3615-EF25-4BCF-A9A4-A1258B46D47C}] => F:\Program Files (x86)\Steam\SteamApps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{998D0BA1-2E0C-417D-A667-76B3491C1A7B}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7898D814-E3B8-410B-8886-518BA8376CA6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{19FA0490-E01C-4C84-AA8E-EB6A076FE6A7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0096B1E4-6AC8-4B3A-B92E-7BA7418DD13F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{0070119E-9C06-4E80-95E5-48770C75C6E8}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{5851D5DF-13C7-4587-8ABA-13E6108B9960}C:\program files\logitech gaming software\lcore.exe] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{113E0A4C-EB74-4E9A-B745-EF68758A3326}] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{76B90ADE-7A9F-4FB9-9558-C3B38DCF51FD}] => C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{430800AE-3446-42C8-9276-4765C19EDAED}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9D85C315-6C35-4699-93EC-5D7145DB7A06}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CD6157B4-E4B7-4FE0-B75B-40162F8DC724}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{17CD02E2-F874-4C5E-9ECB-B1D00440560C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{391A8A63-4E4F-496D-9004-EEE1200858DC}] => F:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0CD6E018-7597-4BE0-A33E-6C93052D7C0C}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{80DBA6CA-A78C-4FFA-A38F-18B2A95AB3FE}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6FED5575-4216-457A-BA7B-12D9C6DFDB48}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F1EEBA60-053C-41C5-BBE1-D47DF0D106E4}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5C41234E-9FDB-46F6-BCE2-73F051CE40DC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9363B62A-6F37-410A-A06C-E3FAEA42B9B5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC6F5D43-7561-47AD-B976-F7E8AF30E5F3}] => F:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{A4279814-3683-46DA-909B-0818BA4CAAED}] => F:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{7DA2A74D-F2B7-49A6-98A9-07A9FA7F1291}] => F:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{9681D2B2-8F47-46B6-B962-632582893B1C}] => F:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{11D36427-DA5D-4F80-9891-4F8683F7E630}F:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => F:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{17A86470-1B0B-4A2A-B210-73290A00A1D0}F:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => F:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{69D3567F-57E3-4116-92C4-F5907756A229}] => F:\Program Files (x86)\Steam\SteamApps\common\Squad\Squad.exe
FirewallRules: [{EBD0DF7D-C7D1-482B-B84F-12FA87258C3F}] => F:\Program Files (x86)\Steam\SteamApps\common\Squad\Squad.exe
FirewallRules: [TCP Query User{2017DCD6-492D-4DBA-A97E-915A68654BD9}F:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => F:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{979A37CC-A5B6-48B6-83AC-E21D5B13BC6C}F:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => F:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{71528236-5BCD-4387-B424-E631B941BA07}] => F:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{3853D085-ED38-48D7-95BF-255B1C5082EE}] => F:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{D4D5396F-3EB7-41A3-9088-288EBB4DD460}] => F:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{FD101154-F08C-4671-B0CC-D495906E9785}] => F:\Program Files (x86)\Steam\SteamApps\common\BioShock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [TCP Query User{4863A040-B6A1-409A-8FE3-A8079328BDD9}F:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => F:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{A70894FD-A62B-48D4-B327-16683A065AAC}F:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => F:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{C32BD9A8-E444-44E7-8B1F-78126C1A5852}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{DA5C6AB1-D38B-4993-9C13-9B11F3708F2B}C:\windows\syswow64\dplaysvr.exe] => C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{8702FB8A-74CA-4848-B6B4-E985B9793D04}F:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => F:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{16C56CAC-C4D2-488A-A8FE-318B303195A1}F:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => F:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [{BA8187DF-3104-4704-BB40-09980C884319}] => F:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{B2D5D99C-DA3D-403D-8FC3-6985C7E0B907}] => F:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{CDDB780D-A4F8-4BFA-B1D4-FC77AC7351AA}] => F:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{5FF51923-F252-4C24-B42C-0728952EB28E}] => F:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{E9659225-10AB-405A-AD36-29649227B585}F:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => F:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{5D3C8402-CC7B-4E00-8EE8-053F9E41466D}F:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => F:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{739CD7F5-4789-48FE-8735-11381EE4DC8D}F:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => F:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{7C85D6D1-1000-4371-A8B8-B279B5035C7E}F:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => F:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{335C54BD-31D8-4DB6-9DD6-E98C05F377C7}F:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe] => F:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{E0785440-B8D2-4E5A-9115-1C87C7AF2A93}F:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe] => F:\program files (x86)\epic games\4.11\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{803971D1-C082-4A46-8AA4-4B2AFB8181EA}F:\program files (x86)\ea games\battlefield 2\bf2.exe] => F:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [UDP Query User{E9E75DA9-74F1-46E2-98F6-E1C9A15EF9D6}F:\program files (x86)\ea games\battlefield 2\bf2.exe] => F:\program files (x86)\ea games\battlefield 2\bf2.exe
FirewallRules: [{DDA20F02-B33F-496B-98D8-EB8DD316EC9C}] => F:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{019AC2B9-8D7C-4388-8010-38FB9CBF77A5}] => F:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{D1D4D47E-55CE-44DB-96FF-EFD8C4A0B2F7}F:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => F:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{A1805584-8800-4B01-A450-D5288E58603E}F:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => F:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [{A963597C-25F5-4F7D-9A7F-8910253343EB}] => F:\Program Files\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{300670FA-62FF-4CB1-9C18-EE673C60565C}] => F:\Program Files\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe
FirewallRules: [{86DA93EC-D80F-4C53-B60C-690382C743AF}] => F:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CB4B583D-4515-497C-BE20-F2C5B6AEC755}] => F:\Program Files (x86)\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{58E094A1-5E06-495E-B63B-B3E9257E0018}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{F9B10224-EE6A-444E-909E-E2289B72285E}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{F2462AA2-DA69-494D-B9D9-A2EE9C5044BE}F:\program files (x86)\warcraft iii\war3.exe] => F:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CA8DD196-7491-4A36-A6D5-1E1599F114EF}F:\program files (x86)\warcraft iii\war3.exe] => F:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{61D63ECE-302F-46BD-8EAD-41C6EFC83597}] => F:\Program Files (x86)\Steam\SteamApps\common\Airships Conquer the Skies\Airships.exe
FirewallRules: [{9CB890F2-5BDA-4486-91AA-DD03AE196B9A}] => F:\Program Files (x86)\Steam\SteamApps\common\Airships Conquer the Skies\Airships.exe
FirewallRules: [{6330C577-6258-44B5-AA73-F7D679574100}] => F:\Program Files (x86)\Steam\SteamApps\common\Airships Conquer the Skies\AirshipsSystemJava.exe
FirewallRules: [{7E3A0B57-A7D4-4906-865E-85552646F5B4}] => F:\Program Files (x86)\Steam\SteamApps\common\Airships Conquer the Skies\AirshipsSystemJava.exe
FirewallRules: [{FB3C225D-7726-413A-82DF-9F34F76BEE38}] => F:\Program Files (x86)\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{774111D5-5AAF-4D00-8C21-490246915949}] => F:\Program Files (x86)\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{C0113205-A92B-45A0-9E4B-1554F3DC7DEC}] => F:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{52D2EB97-E6FD-4CBD-8A53-B1EC6F455F14}] => F:\Program Files (x86)\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{46A6D7C6-53C8-488C-9E29-6A8F7F74DEE7}] => F:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{9AE8009C-1C75-4502-A0CF-546A0CEE5439}] => F:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{05D43B03-AFA7-45D0-AF30-A5F4B51D3146}F:\program files (x86)\doom\doomx64.exe] => F:\program files (x86)\doom\doomx64.exe
FirewallRules: [UDP Query User{71AE2457-316E-493D-9BB3-CF12528FC287}F:\program files (x86)\doom\doomx64.exe] => F:\program files (x86)\doom\doomx64.exe
FirewallRules: [{D6798EC6-2F1D-4634-ACF0-F3ECDB0417F2}] => F:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{D0FCFE79-6C01-471C-8530-5891BC032D7D}] => F:\Program Files (x86)\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2089CB6D-1628-4E0C-BF42-6DECB04184E2}] => F:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{8A118E09-8C1F-4F71-9A97-7F1533CCDE5E}] => F:\Program Files (x86)\Steam\SteamApps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{27E914B4-CE7D-4FF8-8376-81367400A48C}Q:\program files (x86)\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => Q:\program files (x86)\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{87172661-AB33-40E3-AF79-45ECF8102092}Q:\program files (x86)\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => Q:\program files (x86)\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{0CDBC961-2D53-4531-A105-F6F3F404DF9D}] => Q:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{367C5091-3EC0-4EB5-8507-2D6DC83D1EC1}] => Q:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{9336F294-9E7A-414B-B787-484394D5D2FC}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{273F6725-DC23-46C0-A0E9-DFAA90628C89}] => Q:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [{1CD4BFAF-835E-4D41-967E-55A599306139}] => Q:\Program Files (x86)\Steam\steamapps\common\Squad\squad_launcher.exe
FirewallRules: [TCP Query User{3C00E240-C8FC-4792-B651-D622463EA351}Q:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => Q:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [UDP Query User{84677BE4-2903-4126-B61B-CCD3BA22469F}Q:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe] => Q:\program files (x86)\steam\steamapps\common\squad\squad\binaries\win64\squad.exe
FirewallRules: [{804985B9-8741-4D57-83C9-21D6ADE6444B}] => F:\Program Files (x86)\Project Reality\Project Reality BF2\prbf2.exe
FirewallRules: [{49B63C23-7889-400C-B525-DE3011C003B7}] => F:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRLauncher.exe
FirewallRules: [{A300B603-142B-45F5-9584-DF086FBAE4CF}] => F:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRUpdater.exe
FirewallRules: [{1936870D-FB18-4884-A630-384ABABA97BE}] => F:\Program Files (x86)\Project Reality\Project Reality BF2\mods\pr\bin\PRMumble\PRMumble.exe
FirewallRules: [{2F18729B-02BD-478A-90DD-1145B5376ACB}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A96AF27F-B2D3-4053-B48F-52FE7BA788C0}] => F:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{5E1D39A9-DE33-40DE-97CC-32E7179FBABC}] => F:\Program Files (x86)\Steam\SteamApps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{1DB69FF3-6D4A-4C33-898F-3825CC6E1D9E}] => Q:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{1E6B1B60-41F9-4EBC-8D72-996534C1A257}] => Q:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe
FirewallRules: [{CA440AAF-33D0-4A8F-993F-C9D58CB3B851}] => Q:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{624797BF-922C-4B1C-8008-7361479E09A3}] => Q:\Program Files (x86)\Steam\steamapps\common\Penumbra Black Plague\redist\Requiem.exe
FirewallRules: [{F69B38E8-A81B-4BD6-93B7-AA18A142380B}] => Q:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{A7EE9A0C-A722-4B59-846F-82E0816D3731}] => Q:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{A34E05A1-5626-4269-B1B7-2E0734ACA310}] => Q:\Program Files (x86)\Steam\steamapps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{80469839-0D58-459C-9A5B-C615CF0E0742}] => Q:\Program Files (x86)\Steam\steamapps\common\Contrast\Binaries\Win32\ContrastGame.exe
FirewallRules: [{226B7056-5783-4DAE-B786-7B6182C31E02}] => Q:\Program Files (x86)\Autodesk\3dsmax.exe
FirewallRules: [{2AC69C17-F5D1-489F-A438-6314CB48EC54}] => Q:\Program Files (x86)\Autodesk\3dsmax.exe
FirewallRules: [{7B18C683-24F8-4C36-8F3A-FB8456958FC8}] => Q:\Program Files (x86)\Afterburner max 9\monitor.exe
FirewallRules: [{7F1667AB-4E25-449F-8081-5DC6913D41FB}] => Q:\Program Files (x86)\Afterburner max 9\monitor.exe
FirewallRules: [{954B64E3-ED10-485A-B34E-7A814863FCFD}] => Q:\Program Files (x86)\Afterburner max 9\manager.exe
FirewallRules: [{4528330D-DF1F-44D6-BCCA-D3DA12B4C054}] => Q:\Program Files (x86)\Afterburner max 9\manager.exe
FirewallRules: [{D93F7141-0073-4269-B1A7-851E28AA2CBD}] => Q:\Program Files (x86)\Afterburner max 9\server.exe
FirewallRules: [{B654D27E-C0C6-4044-8CF1-4C36F80EEA7B}] => Q:\Program Files (x86)\Afterburner max 9\server.exe
FirewallRules: [{6AFCDF96-F04E-4301-A472-58F06B0F68C2}] => Q:\Program Files (x86)\Autodesk\3dsmax.exe
FirewallRules: [{F2F43899-82B2-4477-8C7C-BD789FB38013}] => Q:\Program Files (x86)\Autodesk\3dsmax.exe
FirewallRules: [{D6EB95EA-7D7C-4D95-A8B9-CFD568A6D139}] => Q:\Program Files (x86)\Steam\steamapps\common\Rochard\Rochard.exe
FirewallRules: [{4748616D-B197-4E99-906B-191FA1C22B5E}] => Q:\Program Files (x86)\Steam\steamapps\common\Rochard\Rochard.exe
FirewallRules: [{E8FDA1A5-72CC-4924-8957-0294B73E056F}] => Q:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{DF8063F4-93AE-42D1-A585-19A7F44DAEB7}] => Q:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{B300A902-DB5B-4F91-AE82-0990495503A4}] => Q:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{3B85CF8E-AF81-4C00-BF3C-93E587B0FF9D}] => Q:\Program Files (x86)\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{30850EA8-65A5-4021-AC60-E92077CB7790}] => Q:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{73CD7EEA-7081-45B4-AFDB-E59FD9AB3D64}] => Q:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8FE37AD2-1A32-4127-98B7-F0578E30873D}] => Q:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{FB7BB001-8CFB-47E1-BD66-96A1C0DE736D}] => Q:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{ED2C0109-1A50-4B5D-9A02-B5D76D9C1EFF}] => Q:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{51CE78FA-9C8D-4D19-A85E-443E57777947}] => Q:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{671E2306-126C-4567-B6AA-DDEBA2FAB2EE}] => Q:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{BC18963D-3A32-4D54-BFA5-2FB4718BD908}] => Q:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe
FirewallRules: [{F0413D7E-A8CC-47BB-BF16-93D6496F61FC}] => Q:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A0490616-3BD7-47F3-98EC-2AAF057D22BE}] => Q:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3E1AC4B2-AE26-4B5D-AA55-A2DA03A9AA43}] => Q:\Program Files (x86)\Steam\steamapps\common\House of Caravan\hoc.exe
FirewallRules: [{54DE3972-881D-4318-B8F8-600EB549C624}] => Q:\Program Files (x86)\Steam\steamapps\common\House of Caravan\hoc.exe

==================== Restore Points =========================

30-11-2016 14:53:47 Installed DirectX 9.0
30-11-2016 14:53:54 Installed Autodesk DWF Viewer 7
30-11-2016 14:55:52 Installed Backburner
30-11-2016 14:56:01 Installed Autodesk 3ds Max 9 32-bit
02-12-2016 21:27:19 Installed DirectX
02-12-2016 21:51:22 Installed DirectX
03-12-2016 12:03:01 Installed DirectX
03-12-2016 13:56:26 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
03-12-2016 13:56:31 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-12-2016 23:55:14 Installed DirectX
04-12-2016 14:36:08 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2016 03:31:25 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for F:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (12/04/2016 03:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2016 03:09:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2016 02:54:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2016 02:54:06 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for F:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (12/04/2016 02:53:36 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed DirectX 9.0). Additional information: 0x80071a2d.

Error: (12/04/2016 02:47:52 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80071a2d.

Error: (12/04/2016 02:41:49 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80071a2d.

Error: (12/04/2016 02:36:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2016 12:03:33 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for F:\Program Files (x86)\Steam\bin\steamwebhelper.exe


System errors:
=============
Error: (12/04/2016 03:26:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/04/2016 03:26:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (12/04/2016 03:14:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/04/2016 03:14:22 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/04/2016 03:11:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/04/2016 03:10:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The mental ray 3.5 Satellite (32-bit) service terminated unexpectedly. It has done this 1 time(s).

Error: (12/04/2016 03:08:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/04/2016 03:07:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/04/2016 03:07:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (12/04/2016 03:07:21 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


CodeIntegrity:
===================================
Date: 2016-12-04 15:14:22.983
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-04 15:14:22.963
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-15 17:22:29.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 17:22:29.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 17:22:29.964
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 17:22:29.961
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 17:22:29.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-15 17:22:29.957
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 11:37:26.207
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-10 11:37:26.206
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 28%
Total physical RAM: 16367.23 MB
Available physical RAM: 11654.58 MB
Total Virtual: 32732.65 MB
Available Virtual: 27933.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:18 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HDD) (Fixed) (Total:931.41 GB) (Free:160.62 GB) NTFS
Drive q: (New HDD) (Fixed) (Total:931.51 GB) (Free:689.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 79355FE5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2B5BBB9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9BB377D9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 December 2016 - 09:51 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 09 December 2016 - 09:51 AM

Greetings Tomatoo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 09 December 2016 - 10:31 AM

Thank you for your patience.
'
I am not seeing any malware. We can take a look at the other issues but I will tell you from the start Windows Update issues can be hard to overcome. I may end up referring you to another forum where they specialize in Windows Update problems.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2494524723-2272121240-4141452648-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\F:\Temp\GPUZ.sys [X]
Task: {1B876AEC-9121-4596-8E92-6CCB743D201B} - \{5F270125-6E8F-4007-BFF5-26783BAC0916} -> No File <==== ATTENTION
Task: {6EEE4AF5-6CB4-4168-B949-8E06AB2EE19B} - System32\Tasks\{434FBF40-4BA0-46A5-A2D5-B4D9219C5806} => pcalua.exe -a "C:\Program Files (x86)\Addon control\Uninstall.exe" -c /fcp=1
Program Files (x86)\Addon control
AlternateDataStreams: C:\ProgramData\.rdata:X [526]
folder: C:\ProgramData\.rdata
CMD: type "C:\ComboFix.txt"
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Modifying Windows Automatic Update Settings

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following and hit Enter

%windir%\system32\wuapp.exe startmenu

  • Select Change Settings
  • Under Important Updates select Never check for updates (not recommended)
  • Click OK
===================================================

System Update Readiness Tool for Windows Updates 7/Vista

--------------------
  • Download System Update Readiness Tool and save it to your desktop.
  • Disconnect from the Internet
  • Double click the icon to launch the program
  • If you are asked for permission to install software click Yes
  • This process may take a long time and appear as if it is stalled. If the cursor is still blinking inside the window the program is working
  • Once completed click Close
  • Using Windows Explorer navigate to C:\Windows\Logs\CBS\CheckSUR.log and attach the report to your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • Please copy and paste the contents of the FSS.txt report in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • CheckSUR.log
  • FSS.txt
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 06:48 PM

fix log

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Vikingur (11-12-2016 15:44:59) Run:1
Running from Q:\Users\Vikingur\Desktop\New folder
Loaded Profiles: Vikingur (Available Profiles: Vikingur)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2494524723-2272121240-4141452648-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPUZ; \??\F:\Temp\GPUZ.sys [X]
Task: {1B876AEC-9121-4596-8E92-6CCB743D201B} - \{5F270125-6E8F-4007-BFF5-26783BAC0916} -> No File <==== ATTENTION
Task: {6EEE4AF5-6CB4-4168-B949-8E06AB2EE19B} - System32\Tasks\{434FBF40-4BA0-46A5-A2D5-B4D9219C5806} => pcalua.exe -a "C:\Program Files (x86)\Addon control\Uninstall.exe" -c /fcp=1
Program Files (x86)\Addon control
AlternateDataStreams: C:\ProgramData\.rdata:X [526]
folder: C:\ProgramData\.rdata
CMD: type "C:\ComboFix.txt"
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2494524723-2272121240-4141452648-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com => value removed successfully
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.7.1" => key removed successfully
catchme => service removed successfully
GPUZ => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B876AEC-9121-4596-8E92-6CCB743D201B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B876AEC-9121-4596-8E92-6CCB743D201B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F270125-6E8F-4007-BFF5-26783BAC0916}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EEE4AF5-6CB4-4168-B949-8E06AB2EE19B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EEE4AF5-6CB4-4168-B949-8E06AB2EE19B}" => key removed successfully
C:\Windows\System32\Tasks\{434FBF40-4BA0-46A5-A2D5-B4D9219C5806} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{434FBF40-4BA0-46A5-A2D5-B4D9219C5806}" => key removed successfully
Program Files (x86)\Addon control => Error: No automatic fix found for this entry.
C:\ProgramData\.rdata => ":X" ADS removed successfully.

========================= folder: C:\ProgramData\.rdata ========================

C:\ProgramData\.rdata => File

====== End of Folder: ======


========= type "C:\ComboFix.txt" =========

ComboFix 16-12-02.01 - Vikingur 12/04/2016  15:10:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16367.14120 [GMT -8:00]
Running from: q:\users\Vikingur\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Anti-Virus *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Temp
c:\program files (x86)\Common Files\Temp\out.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\binplace.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\dpinst.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\dpinst64.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\DriverCopy.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\DriverInstall.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\DRIVERS.dll
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Inf2Cat.exe
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Microsoft.Whos.Shared.IO.Cabinets.dll
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Microsoft.Whos.Shared.IO.Catalogs.dll
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Microsoft.Whos.Shared.Xml.InfReader.dll
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Microsoft.Whos.Winqual.Submissions.SubmissionBuilder.dll
c:\users\Vikingur\AppData\Roaming\Temp\drivers\Microsoft.Whos.Xml.NonXmlDataReader.dll
c:\users\Vikingur\AppData\Roaming\Temp\out.exe
c:\users\Vikingur\AppData\Roaming\Temp\setup.exe
c:\windows\wininit.ini
F:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2016-11-04 to 2016-12-04  )))))))))))))))))))))))))))))))
.
.
2016-12-03 05:23 . 2016-12-03 05:23    --------    d-----w-    c:\program files (x86)\VulkanRT
2016-12-03 05:23 . 2016-09-09 18:25    269600    ----a-w-    c:\windows\SysWow64\vulkan-1.dll
2016-12-03 05:23 . 2016-09-09 18:25    110880    ----a-w-    c:\windows\SysWow64\vulkaninfo.exe
2016-12-03 05:23 . 2016-09-09 18:25    261920    ----a-w-    c:\windows\system32\vulkan-1.dll
2016-12-03 05:23 . 2016-09-09 18:24    125216    ----a-w-    c:\windows\system32\vulkaninfo.exe
2016-12-03 05:17 . 2016-11-17 13:45    46016    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2016-12-03 05:17 . 2016-11-17 13:45    101824    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2016-12-03 05:17 . 2016-11-17 13:45    91584    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2016-11-16 05:11 . 2016-11-10 23:48    1951680    ----a-w-    c:\windows\system32\nvdispco6437586.dll
2016-11-16 05:11 . 2016-11-10 23:48    1586744    ----a-w-    c:\windows\system32\nvdispgenco6437586.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-24 23:01 . 2014-10-03 23:15    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2016-11-24 23:01 . 2014-10-03 23:15    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2016-11-24 23:01 . 2014-10-03 23:15    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2016-11-24 23:01 . 2014-10-03 23:15    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2016-11-24 20:54 . 2016-10-21 20:40    491536    ----a-w-    c:\windows\system32\nvumdshimx.dll
2016-11-24 20:54 . 2016-09-23 18:59    17373312    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2016-11-24 20:54 . 2015-08-12 16:15    19948848    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2016-11-24 20:54 . 2015-08-12 16:15    3941720    ----a-w-    c:\windows\system32\nvapi64.dll
2016-11-24 20:54 . 2015-08-12 16:15    3479744    ----a-w-    c:\windows\SysWow64\nvapi.dll
2016-11-24 19:39 . 2016-08-09 19:02    6384576    ----a-w-    c:\windows\system32\nvcpl.dll
2016-11-24 19:39 . 2016-08-09 19:02    2477624    ----a-w-    c:\windows\system32\nvsvc64.dll
2016-11-24 19:39 . 2016-08-09 19:02    83512    ----a-w-    c:\windows\system32\nv3dappshextr.dll
2016-11-24 19:39 . 2016-08-09 19:02    69568    ----a-w-    c:\windows\system32\nvshext.dll
2016-11-24 19:39 . 2016-08-09 19:02    546752    ----a-w-    c:\windows\system32\nv3dappshext.dll
2016-11-24 19:39 . 2016-08-09 19:02    393784    ----a-w-    c:\windows\system32\nvmctray.dll
2016-11-24 19:39 . 2016-08-09 19:02    1762752    ----a-w-    c:\windows\system32\nvsvcr.dll
2016-11-24 19:39 . 2016-10-21 04:21    1951    ----a-w-    c:\windows\NvContainerRecovery.bat
2016-11-23 12:58 . 2016-08-09 19:02    7538847    ----a-w-    c:\windows\system32\nvcoproc.bin
2016-11-17 13:45 . 2016-10-21 04:21    1854400    ----a-w-    c:\windows\system32\nvspcap64.dll
2016-11-17 13:45 . 2016-10-21 04:21    1755072    ----a-w-    c:\windows\system32\nvspbridge64.dll
2016-11-17 13:45 . 2016-10-21 04:21    1452480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2016-11-17 13:45 . 2016-10-21 04:21    1317312    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2016-11-17 13:45 . 2016-10-21 04:21    120256    ----a-w-    c:\windows\system32\NvRtmpStreamer64.dll
2016-11-09 17:21 . 2014-10-04 03:47    796352    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-09 17:21 . 2014-10-04 03:47    142528    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-11-06 21:51 . 2016-06-16 02:13    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-02 16:28 . 2016-11-02 16:58    389392    ----a-w-    c:\windows\SysWow64\EasyAntiCheat.exe
2016-10-25 21:39 . 2016-10-29 05:39    1953336    ----a-w-    c:\windows\system32\nvdispco6437570.dll
2016-10-25 21:39 . 2016-10-29 05:39    1586744    ----a-w-    c:\windows\system32\nvdispgenco6437570.dll
2016-10-22 20:29 . 2014-10-04 08:31    226168    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2016-10-22 07:20 . 2016-10-25 06:00    1953336    ----a-w-    c:\windows\system32\nvdispco6437563.dll
2016-10-22 07:20 . 2016-10-25 06:00    1585088    ----a-w-    c:\windows\system32\nvdispgenco6437563.dll
2016-10-18 21:23 . 2016-10-21 20:40    1951680    ----a-w-    c:\windows\system32\nvdispco6437557.dll
2016-10-18 21:23 . 2016-10-21 20:40    1586744    ----a-w-    c:\windows\system32\nvdispgenco6437557.dll
2016-10-01 21:15 . 2016-10-21 04:41    1935808    ----a-w-    c:\windows\system32\nvdispco6437306.dll
2016-10-01 21:15 . 2016-10-21 04:41    1585088    ----a-w-    c:\windows\system32\nvdispgenco6437306.dll
2016-09-17 00:46 . 2016-09-23 18:59    1922616    ----a-w-    c:\windows\system32\nvdispco6437290.dll
2016-09-17 00:46 . 2016-09-23 18:59    1585088    ----a-w-    c:\windows\system32\nvdispgenco6437290.dll
2016-09-09 18:25 . 2016-09-09 18:25    269600    ----a-w-    c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-09-09 18:25    110880    ----a-w-    c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-09-09 18:25    261920    ----a-w-    c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-09-09 18:24    125216    ----a-w-    c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-09-28 8944344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2014-10-04 356128]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2014-09-04 488328]
.
c:\users\Vikingur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\Vikingur\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2016-7-27 1122184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2014-10-3 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;f:\program files (x86)\Origin\OriginWebHelperService.exe;f:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;f:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;f:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;f:\temp\GPUZ.sys;f:\temp\GPUZ.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max 2015 64-bit;f:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe;f:\program files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;f:\program files (x86)\Origin\OriginClientService.exe;f:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 SASDIFSV;SASDIFSV;f:\programs\SUPERAntiSpyware\SASDIFSV64.SYS;f:\programs\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;f:\programs\SUPERAntiSpyware\SASKUTIL64.SYS;f:\programs\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;f:\programs\SUPERAntiSpyware\SASCORE64.EXE;f:\programs\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2016-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-04 17:21]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 03:24]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2015-08-30 14850168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-04-29 500936]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-11-17 1854400]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\users\Vikingur\AppData\Roaming\Mozilla\Firefox\Profiles\9zgzijn4.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2494524723-2272121240-4141452648-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):49,af,11,fc,a1,9e,85,e9,85,0b,d5,1e,11,2d,d5,02,c5,cc,32,1f,0f,
   57,3e,2f,9f,ea,db,2f,5b,fc,b7,37,00,d5,33,c3,b2,ee,39,fb,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2494524723-2272121240-4141452648-1000_Classes\Wow6432Node\CLSID\{d4006de3-5806-4c3a-b4af-83beff37470f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000136
"Therad"=dword:0000001a
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-12-04  15:18:42
ComboFix-quarantined-files.txt  2016-12-04 23:18
.
Pre-Run: 19,312,689,152 bytes free
Post-Run: 19,375,808,512 bytes free
.
- - End Of File - - 4D98D049CD521A86DB0BDF6BB3351E6A

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 15:45:05 ====



#5 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 06:49 PM

Windows update settings are greyed out, i cannot change them.

 

 

I an unable to download windows readiness tool. The download stops within seconds of starting (my internet is fine, this has been a problem with me for several months, i am unable to download larger files through any browsers). I did use Internet Download Manager, which fixed the problem - but since then the trial has ran out. Sometimes I'm able to force it to download eventually by pausing and resuming frequently.

 

EDIT: I was able to download readiness tool


Edited by Tomatoo, 11 December 2016 - 06:58 PM.


#6 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 07:07 PM

Farbar Service Scanner Version: 27-01-2016
Ran by Vikingur (administrator) on 11-12-2016 at 16:07:00
Running from "Q:\Users\Vikingur\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Attached Files


Edited by Tomatoo, 11 December 2016 - 07:08 PM.


#7 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 08:56 PM

I have left the Windows Readiness tool running for about 2 hours now, and its just stuck @ "Searching for updates on this computer".



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 11 December 2016 - 09:56 PM

Thank you for the information.

Please do the following and if you are notified the change was successful attempt to run the System Update tool again.

===================================================

Modifying Service StartState

-------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Type sc config wuauserv start= disabled and press Enter
  • You should receive confirmation the command was successful
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 10:00 PM

It said "SUCCESS"

 

which system update tool? The readiness one?

 

Thanks for the quick reply


Edited by Tomatoo, 11 December 2016 - 10:01 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 11 December 2016 - 10:01 PM

Very good, hopefully the System Update Readiness Tool will run now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 10:14 PM

Still seems to be stuck in "Searching for updates on this computer" Limbo. How long should that step usually take?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 11 December 2016 - 10:51 PM

Using Windows Explorer navigate to C:\Windows\System32\wuapp.exe. Right click on the file and select Run as administrator. See if you can change the settings as instructed in Post #3.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 December 2016 - 11:07 PM

Still greyed out

Attached Files


Edited by Tomatoo, 11 December 2016 - 11:09 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,187 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:51 AM

Posted 11 December 2016 - 11:32 PM

Greetings,

I am ending for the evening but please do this and I will check back in the morning.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Tomatoo

Tomatoo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 12 December 2016 - 01:01 AM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"AUOptions"=dword:00000002
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users