Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up/search redirect adware?


  • This topic is locked This topic is locked
23 replies to this topic

#1 hanspeterxd

hanspeterxd

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 April 2017 - 03:48 AM

Hi!

 

For the last couple of days I've had problems browsing with both Chrome and FF. 

 

Examples: 

  1. When following links, e.g. when opening up a post on this forum, I get redirected to shady sites such as "theprofitmaker.net". The correct link will then instead open up in a new tab. 
  2. Pop-ups when trying to follow links.
  3. When searching google, instead of getting to the google-results I get redirected to results from another search provider (search3.ozipcompression.com/search).

Measures already taken:

  • Reinstalling both Chrome and FF. No effect.
  • Scanning computer with Avast. Nothing found. 

OS: Windows 7.

 

 



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 02 April 2017 - 06:57 AM

hanspeterxd:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil . May I address you by your first name?

Sorry to hear about your redirects and pop-ups. We should be able to resolve those issues for you.

I think that we should run a few preliminary security scans on your computer and see what turns up.

.

:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Copy and paste the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

If I haven't responded to your reply in 48 hours, please send me a personal message.

Thank you and have a great day.

Regards,
-Phil

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 April 2017 - 01:07 PM

Hi Phil!

 

Thanks a lot for the quick answer. I've now completed both the scans with both ESET and Malwarebytes and I've paste the reports down below. 

 

When I first started my browser after post-scan reboot, I got one pop-up. But since then I haven't been able to trigger it again, so I can't really say if the problems is completely gone.

 

ESET log: 

 

F:\Dropbox\uTorrent (1).exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting

F:\Nedladdat\Plogue - Bidule v0.9747 OS X [R2R][dada]\Plogue - Bidule v0.9747 OS X [R2R][dada].zip Win32/Keygen.ML potentially unsafe application deleted
F:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
F:\Program Files (x86)\PlagueInc\steam_api.dll Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
F:\Program Files (x86)\Ray Adams\ATI Tray Tools\attdrv64.exe a variant of Win32/RiskWare.Atsiv.A application cleaned by deleting
F:\ProgramData\Panda Security\Panda Cloud Antivirus\Download\0x04011000\CloudAntivirus.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 a variant of MSIL/Hoax.Agent.NAD application deleted
F:\Users\Martin\AppData\Local\Temp\busA5D1\BUSolution.dll Win32/Toolbar.Babylon.AE potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\busA88F\fntupdtr.exe a variant of Win32/Toolbar.Babylon.AE potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\FEE9F6BB-BAB0-7891-BBD7-F66E7A551065\Latest\BabMaint.exe a variant of Win32/Toolbar.Babylon.I potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\FEE9F6BB-BAB0-7891-BBD7-F66E7A551065\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\FEE9F6BB-BAB0-7891-BBD7-F66E7A551065\Latest\IEHelper.dll Win32/Toolbar.Babylon.E potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\nse66E5.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\nsl1600.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\nsl4096.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\nst4722.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\nst4722.tmp\nsj58DF.tmp\chrome.packed.7z Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
F:\Users\Martin\AppData\Local\Temp\nst4722.tmp\nsj58DF.tmp\pack.exe Win32/Bundled.Toolbar.Ask.P potentially unsafe application deleted
F:\Users\Martin\AppData\Local\Temp\RarSFX1\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\updDADB\BabMaint.x Win32/Toolbar.Babylon.I potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Local\Temp\updDADB\BUSolution.x a variant of Win32/Toolbar.Babylon.P potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Roaming\BabSolution\Shared\BabMaint.exe Win32/Toolbar.Babylon.I potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Roaming\BabSolution\Shared\BUSolution.dll Win32/Toolbar.Babylon.AE potentially unwanted application cleaned by deleting
F:\Users\Martin\AppData\Roaming\uTorrent\updates\3.3.2_30180.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
F:\Users\Martin\Downloads\bitcoin-0.8.1-win32-setup.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application cleaned by deleting
F:\Users\Martin\Downloads\TorchSetup.exe a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application cleaned by deleting
F:\Users\Martin\Downloads\utorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting
F:\Users\Martin\Downloads\Ny mapp (2)\PlayStation 3 Emulator 1.3.3.rar a variant of MSIL/Hoax.Agent.NAD application deleted
F:\Users\Martin\Downloads\Ny mapp (2)\PS3 Emulator 1.3.3.exe a variant of MSIL/Hoax.Agent.NAD application cleaned by deleting

 

Malwarebytes log:

 

Malwarebytes

www.malwarebytes.com
 
-Log Details-
Scan Date: 4/2/17
Scan Time: 7:49 PM
Logfile: Malwarebytes 2017-04-02.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1647
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin-PC\Martin
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387733
Time Elapsed: 3 min, 4 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [134], [383418],1.0.1647
 
Registry Value: 6
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, No Action By User, [18266], [251589],1.0.1647
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [134], [383416],1.0.1647
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [134], [-1],0.0.0
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

Sincerely, Martin


Edited by hanspeterxd, 02 April 2017 - 01:19 PM.


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 02 April 2017 - 01:47 PM

Martin:
 
Thank you for the logs.  I don't think that we have probably gotten all of it yet.
 
By the way, the Malwarebytes logs are showing "No action by user". Please go to "Settings", "Protection", scroll to the bottom of that page, and ensure that "Automatic Quarantine" is turned "On." If it was off, please turn it on and repeat the scan so that Malwarebyes removes what it detected.

Let's run a few more scans to see what might lurking.

.

:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

.


:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 April 2017 - 02:53 PM

Hi again!

 

Oops, realized now that I created the Mwb-logfile before the reboot  :blush:

 

Anyways, the automatic quarantine option was turned on and I've pasted the "real" log down below, together with logs from AdwCleaner and JRT.

 

Malwarebytes (after reboot):

 

 

-Scan Summary-

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387733
Time Elapsed: 3 min, 4 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [134], [383418],1.0.1647
 
Registry Value: 6
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, Quarantined, [18266], [251589],1.0.1647
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [134], [383416],1.0.1647
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, Quarantined, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2340422068-96799099-1755646500-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [134], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [134], [-1],0.0.0
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

 

AdwCleaner:

 

# AdwCleaner v6.045 - Logfile created 02/04/2017 at 21:42:45

# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-01.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3211 Bytes] - [01/04/2017 09:18:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [3734 Bytes] - [31/03/2017 20:50:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [3710 Bytes] - [01/04/2017 09:05:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1227 Bytes] - [02/04/2017 21:42:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1300 Bytes] ##########
 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Martin (Administrator) on 2017-04-02 at 21:45:23,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14LXTCVN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15RFA975 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RBDCEKI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCXG6M58 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPWT262J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HURRD6NP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXMQMD4D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W54OLSZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM56LEVX (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14LXTCVN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15RFA975 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9RBDCEKI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCXG6M58 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPWT262J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HURRD6NP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXMQMD4D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W54OLSZ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM56LEVX (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-04-02 at 21:47:55,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I really appreciate your time and help,

Martin



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 02 April 2017 - 03:24 PM

Martin:

 

The logs look good.  Are you still experiencing any pop-ups or redirects?

 

If so, please let me know.  If not, then you are probably good to go.

 

If there are still issues, would you provide me with details of where you are being redirected, or what pop-ups you are seeing?   Based on your reply, I can determine whether I should continue to help you here in this Forum, or request that a Moderator move your topic to the Virus, Trojans, Spyware, and Malware Removal Logs Forum, where I will continue to assist you. In the "Logs" Forum, I am permitted to use much more powerful anti-malware scanning, detection, and removal tools than is the case here in the "Am I Infected? What Do I Do?" Forum.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 03 April 2017 - 11:39 AM

Phil:

 

Sorry for the late reply!

 

I'm afraid the pop-ups and redirects are still happening and I will do my best to describe exactly what happens:

 

  • When I click on any link/hyperlink, there seems to be a 50/50 chance for me to either go where the link is supposed to send me; or I'm getting a pop-up in a new tab/getting the correct site in a new tab, while the original tab (from where i clicked a link) will get redirected.
  • When on Google main site, there is a extension-looking extra bar (pic: http://imgur.com/a/qO9ol), and as i try to type in the google-search bar the text ends up in this extra search-bar. I can close this extra bar, using the cross on the right, and then use Google just as usual. But when I'm not focusing and hit enter even though the text didn't get into the google bar, my search results will instead show up on different search providers such as:

Thanks for your continued support,

Martin



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 03 April 2017 - 12:38 PM

Martin:

 

I am going to ask a Moderator to move your topic to the Virus, Trojan, Spyware, and Malware Removal Logs Forum.  This seems to be a stubborn piece of malware.

 

When your topic is moved to that Forum, please follow the instructions in this article, most particularly, Step :step6:.  I want you to copy and paste FRST logs ("FRST.txt" and "Addition.txt") into your first reply, or replies (you might have to copy and paste the contents into individual posts if they are too large to be posted in one post) in that Forum.  We are not permitted to work on FRST logs in this Forum.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 04 April 2017 - 05:43 AM

Martin:

 

Your topic was moved by a Moderator to the Virus, Trojan, Spyware, and Malware Removal Logs Forum.  You can find it at this link.

 

Please download and run FRST.  Then copy and paste the contents of both of the logs ("FRST.txt" and "Addition.txt" into your next post(s).

 

Standing by.  Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 05 April 2017 - 01:35 AM

Hi again!

 

Posting the FRST and Addition logs down below:

 

FRST:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by Martin (administrator) on MARTIN-PC (03-04-2017 20:04:36)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
() C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
() C:\Windows\System32\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Plantronics\HD1\optimus3D_x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [Creative SB Monitoring Utility Launcher] => RunDll32 SBAVMonL.dll,SBAVMonitorLauncher
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\HD1\optimus3D_x64.exe [3321632 2015-10-19] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-02] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [D-Link D-Link DWA-125] => C:\Program Files (x86)\D-Link\DWA-125 revA\AirNCFG.exe [1074496 2011-06-10] (D-Link Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-23] (Valve Corporation)
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [HP ENVY 5540 series (NET)] => C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-03-28] (Nota Inc.)
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [582784 2016-12-27] ()
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Run: [GizmoDriveDelegate] => F:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-03-19] (Arainia Solutions)
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\MountPoints2: {ea3e92a8-7997-11e5-9689-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\MountPoints2: {ff05e40c-34af-11e6-bc0b-fcaa14c6eaf0} - H:\setup.exe
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-02] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-02] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-10-23]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-04-02]
ShortcutTarget: Curse.lnk -> C:\Users\Martin\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-08-21] ()
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C632F97A-8C98-4E01-BD51-CAC80387F406}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7BE831F-489D-49AF-9F34-64C34F90D5D8}: [DhcpNameServer] 195.54.122.199 195.54.122.204
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-02] (AVAST Software)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-02] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-08] (Intel Security)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
 
FireFox:
========
FF DefaultProfile: if98wij8.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\if98wij8.default [2017-04-02]
FF Extension: (uBlock Origin) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\if98wij8.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2340422068-96799099-1755646500-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2340422068-96799099-1755646500-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
StartMenuInternet: FIREFOX.EXE - F:\Program Files (x86)\Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-04-03]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23]
CHR Extension: (Google Search) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avast SafePrice) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-18]
CHR Extension: (Avast Online Security) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-02] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-10-24] (BitRaider, LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
R2 D_Link_DWA-125_WPS; C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 OpenVpnService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2016-12-27] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [70272 2016-12-27] (The OpenVPN Project)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2017-02-08] (Electronic Arts)
S2 Origin Web Helper Service; F:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184208 2017-02-08] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-10-06] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-09-26] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [307736 2017-04-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-04-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334088 2017-04-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-04-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-04-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-04-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [127112 2017-04-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-04-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-04-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1005048 2017-04-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [556784 2017-04-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [164064 2017-04-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-04-02] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-24] (BitRaider)
S3 CSRBC; C:\Windows\System32\Drivers\csrbc.sys [38400 2013-08-14] (CSR plc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-06-17] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2015-07-28] (GEAR Software Inc.)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2017-04-03] ()
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [2056192 2013-09-04] (Creative Technology Ltd.) [File not signed]
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2017-02-03] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-03] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-03] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-03] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251840 2017-04-03] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-04-03] (Malwarebytes)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.)
R3 PLTHD1; C:\Windows\System32\DRIVERS\RIG5020HD.sys [4200960 2015-09-11] (Plantronics)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [42672 2015-09-29] (SteelSeries ApS)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ESEADriver2; \??\C:\Users\Martin\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-03 20:04 - 2017-04-03 20:04 - 00025258 _____ C:\Users\Martin\Desktop\FRST.txt
2017-04-03 20:03 - 2017-04-03 20:04 - 00000000 ____D C:\FRST
2017-04-03 20:02 - 2017-04-03 20:02 - 02424832 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2017-04-03 20:02 - 2017-04-03 20:02 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-03 18:19 - 2017-04-03 18:19 - 00000000 ____D C:\ProgramData\Gyazo
2017-04-02 21:48 - 2017-04-02 21:48 - 00003517 _____ C:\Users\Martin\Desktop\JRT2.txt
2017-04-02 21:44 - 2017-04-02 21:44 - 00001379 _____ C:\Users\Martin\Desktop\AdwCleaner 2017-04-02.txt
2017-04-02 21:38 - 2017-04-02 21:38 - 00002413 _____ C:\Users\Martin\Desktop\MWB2.txt
2017-04-02 21:37 - 2017-03-31 20:53 - 01663904 _____ (Malwarebytes) C:\Users\Martin\Desktop\JRT.exe
2017-04-02 21:37 - 2017-03-31 20:48 - 04089296 _____ C:\Users\Martin\Desktop\AdwCleaner.exe
2017-04-02 19:50 - 2017-03-31 20:59 - 02870984 _____ (ESET) C:\Users\Martin\Downloads\esetsmartinstaller_enu.exe
2017-04-02 19:48 - 2017-04-03 20:04 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-02 19:48 - 2017-04-03 20:01 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-02 19:48 - 2017-04-03 20:01 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-02 19:48 - 2017-04-03 20:01 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-02 19:48 - 2017-04-03 20:01 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-02 19:48 - 2017-04-02 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-02 19:48 - 2017-04-02 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-02 19:48 - 2017-04-02 19:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-02 19:48 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-02 14:03 - 2017-03-31 20:59 - 02870984 _____ (ESET) C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
2017-04-02 11:18 - 2017-04-02 11:18 - 00305848 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-02 11:18 - 2017-04-02 11:18 - 00069856 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-02 10:20 - 2017-04-02 10:20 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-04-02 10:20 - 2017-04-02 10:20 - 00000000 ____D C:\Windows\pss
2017-04-02 10:20 - 2017-04-02 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-04-02 10:19 - 2017-04-02 10:20 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-04-02 10:19 - 2017-04-02 10:19 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-02 10:16 - 2017-04-02 10:16 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-01 09:01 - 2017-04-01 09:01 - 00009032 _____ C:\Users\Martin\Desktop\ESET.txt
2017-03-31 20:59 - 2017-03-31 20:59 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-31 20:58 - 2017-04-02 21:47 - 00003517 _____ C:\Users\Martin\Desktop\JRT.txt
2017-03-31 20:48 - 2017-04-02 21:42 - 00000000 ____D C:\AdwCleaner
2017-03-31 20:32 - 2017-03-31 20:32 - 00002263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-31 20:32 - 2017-03-31 20:32 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-31 16:55 - 2017-03-31 16:55 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Plogue Art et Technologie, Inc
2017-03-31 16:55 - 2017-03-31 16:55 - 00000000 ____D C:\Program Files\Plogue
2017-03-31 16:49 - 2017-03-31 16:56 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Plogue
2017-03-31 16:49 - 2017-03-31 16:49 - 00000000 ____D C:\ProgramData\Plogue
2017-03-31 16:37 - 2017-03-31 16:37 - 00000000 ____D C:\Users\Martin\Documents\FabFilter
2017-03-31 16:37 - 2017-03-31 16:37 - 00000000 ____D C:\Users\Martin\AppData\Roaming\FabFilter
2017-03-31 16:36 - 2017-03-31 16:36 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
2017-03-31 16:36 - 2017-03-31 16:36 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-03-31 16:36 - 2017-03-31 16:36 - 00000000 ____D C:\Program Files (x86)\FabFilter
2017-03-31 16:35 - 2017-03-31 16:35 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2017-03-31 16:35 - 2017-03-31 16:35 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-03-31 10:00 - 2017-03-31 16:33 - 00000016 _____ C:\Windows\system32\w3data.vss
2017-03-31 10:00 - 2017-03-31 16:33 - 00000016 _____ C:\Windows\system32\msvcsv60.dll
2017-03-31 09:46 - 2017-03-31 09:46 - 00000873 _____ C:\Users\Public\Desktop\Studio One 3 x64.lnk
2017-03-31 09:46 - 2017-03-31 09:46 - 00000873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio One 3 x64.lnk
2017-03-31 09:46 - 2015-07-28 17:56 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2017-03-31 09:41 - 2017-03-31 09:46 - 00000000 ____D C:\Users\Martin\Documents\Studio One
2017-03-31 09:33 - 2017-03-31 09:41 - 00000000 ____D C:\ProgramData\PreSonus
2017-03-31 09:33 - 2017-03-31 09:33 - 00000000 ____D C:\Users\Martin\AppData\Roaming\PreSonus
2017-03-31 09:30 - 2017-03-31 09:30 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-03-31 09:09 - 2017-03-31 09:09 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Apple Computer
2017-03-30 21:13 - 2017-03-30 21:13 - 00000000 ____D C:\Users\Martin\Documents\Native Instruments
2017-03-30 21:13 - 2017-03-30 21:13 - 00000000 ____D C:\Users\Martin\AppData\Local\Native Instruments
2017-03-30 21:10 - 2017-03-30 21:10 - 00000000 ____D C:\Program Files\Common Files\Avid
2017-03-30 21:05 - 2017-03-31 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-03-30 21:05 - 2017-03-31 09:28 - 00000000 ____D C:\Program Files\Native Instruments
2017-03-30 21:05 - 2017-03-31 09:28 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-03-30 21:05 - 2017-03-30 21:05 - 00001059 _____ C:\Users\Public\Desktop\Service Center.lnk
2017-03-30 21:05 - 2017-03-30 21:05 - 00000000 __HDC C:\ProgramData\{BD761B7D-CF85-4D9F-8742-F8457E267565}
2017-03-30 21:05 - 2017-03-30 21:05 - 00000000 ____D C:\ProgramData\Native Instruments
2017-03-30 19:04 - 2017-03-30 19:04 - 00001138 _____ C:\Users\Martin\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2017-03-30 19:04 - 2017-03-30 19:04 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-03-30 19:04 - 2017-03-30 19:04 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2017-03-30 18:53 - 2017-03-30 18:53 - 00001209 _____ C:\Users\Martin\Desktop\Custom Shop.lnk
2017-03-30 18:53 - 2017-03-30 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2017-03-30 18:53 - 2017-03-30 18:53 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2017-03-30 18:53 - 2010-12-22 11:33 - 09410736 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m.dll
2017-03-30 18:53 - 2010-12-22 11:33 - 09210032 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4.dll
2017-03-30 18:53 - 2010-12-22 11:33 - 09078960 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4p.dll
2017-03-30 18:53 - 2010-11-04 11:52 - 12708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2017-03-30 18:53 - 2010-11-04 11:52 - 12474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2017-03-30 18:53 - 2010-11-04 11:52 - 09917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2017-03-30 18:53 - 2010-11-04 11:52 - 00529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2017-03-30 18:53 - 2009-10-14 16:15 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2017-03-30 18:53 - 2009-10-14 16:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2017-03-30 18:51 - 2017-03-30 18:51 - 00000000 ____D C:\Program Files\VstPlugIns
2017-03-30 18:51 - 2017-03-30 18:51 - 00000000 ____D C:\Program Files (x86)\VstPlugIns
2017-03-30 18:50 - 2017-03-31 16:33 - 00000016 _____ C:\Windows\msocreg32.dat
2017-03-30 18:50 - 2017-03-31 16:33 - 00000016 _____ C:\Users\Martin\AppData\Roaming\msregsvv.dll
2017-03-30 18:50 - 2017-03-31 16:33 - 00000016 _____ C:\ProgramData\autobk.inc
2017-03-30 18:50 - 2017-03-31 13:16 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2017-03-30 18:50 - 2017-03-31 13:16 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2017-03-30 18:39 - 2017-03-30 18:39 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-30 18:39 - 2017-03-30 18:39 - 00000000 ____D C:\Users\Martin\AppData\Local\Apple
2017-03-30 18:39 - 2017-03-30 18:39 - 00000000 ____D C:\ProgramData\Apple
2017-03-30 18:39 - 2017-03-30 18:39 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-30 18:38 - 2017-03-30 18:38 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Apple Computer
2017-03-30 18:38 - 2010-12-22 11:33 - 09033904 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m3.dll
2017-03-30 18:38 - 2010-12-22 11:33 - 06944944 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_core.dll
2017-03-30 18:38 - 2010-12-22 11:33 - 03868848 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_intel_thread.dll
2017-03-30 18:38 - 2010-12-22 11:33 - 00530608 _____ (Intel Corporation) C:\Windows\SysWOW64\libiomp5md.dll
2017-03-30 18:38 - 2010-12-22 11:33 - 00354480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-03-30 18:37 - 2017-03-30 18:37 - 00000000 ____D C:\Users\Martin\Documents\IK Multimedia
2017-03-23 19:09 - 2017-03-23 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-23 11:34 - 2017-03-23 11:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-23 11:34 - 2017-03-23 11:34 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-22 23:07 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2017-03-22 23:07 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2017-03-22 23:07 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-03-22 23:07 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2017-03-22 23:07 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2017-03-22 23:07 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2017-03-22 23:07 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2017-03-22 23:07 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2017-03-22 17:36 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2017-03-22 17:36 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2017-03-22 17:36 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2017-03-22 17:36 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2017-03-22 17:35 - 2016-07-07 17:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-03-22 17:35 - 2016-07-07 17:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-03-22 17:35 - 2016-07-07 17:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-03-22 17:35 - 2016-07-07 17:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-03-22 17:35 - 2016-05-14 00:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-03-22 17:35 - 2016-05-14 00:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-03-22 17:35 - 2016-05-14 00:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-03-22 17:35 - 2016-05-14 00:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-03-22 17:35 - 2016-05-13 23:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-22 17:35 - 2016-05-13 23:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-03-22 17:35 - 2016-05-13 23:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-03-22 17:35 - 2016-05-13 23:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-03-22 17:35 - 2016-05-13 23:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-03-22 17:35 - 2016-05-13 23:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-03-22 17:35 - 2016-05-13 23:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-03-22 17:35 - 2016-05-13 23:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-03-22 17:35 - 2016-05-13 23:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-03-22 17:35 - 2016-05-13 23:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-03-22 17:35 - 2016-05-13 23:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-03-22 17:35 - 2016-05-13 23:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-03-22 17:35 - 2016-05-12 17:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-03-22 17:35 - 2016-03-16 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-03-22 17:35 - 2016-03-16 20:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-03-22 17:35 - 2016-03-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-03-22 17:35 - 2016-02-05 20:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-03-22 17:35 - 2016-02-05 20:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-03-22 17:35 - 2016-02-05 19:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-03-22 17:35 - 2016-02-02 20:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-03-22 17:35 - 2016-01-21 02:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-03-22 17:35 - 2016-01-11 21:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-03-22 17:35 - 2015-11-19 16:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-22 17:35 - 2015-11-19 16:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-22 17:35 - 2015-10-29 19:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-03-22 17:35 - 2015-10-29 19:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-03-22 17:35 - 2015-10-29 19:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-03-22 17:35 - 2015-10-29 19:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-03-22 17:35 - 2015-10-29 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-03-22 17:35 - 2015-10-29 19:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-03-22 17:35 - 2015-10-29 19:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-03-22 17:35 - 2015-07-23 02:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-03-22 17:35 - 2015-07-22 19:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-03-22 17:35 - 2015-07-09 19:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-03-22 17:35 - 2015-07-09 19:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-03-22 17:35 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-03-22 17:35 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-03-22 17:35 - 2015-06-03 22:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-03-22 17:35 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-03-22 17:35 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-03-22 17:35 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-03-22 17:35 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-03-22 17:35 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-03-22 17:35 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-03-22 17:35 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-03-22 17:35 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-03-22 17:35 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-03-22 17:35 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-03-22 17:35 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-03-22 17:35 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-03-22 17:35 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2017-03-22 17:35 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2017-03-22 17:35 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-03-22 17:35 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-03-22 17:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2017-03-22 17:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2017-03-22 17:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2017-03-22 17:35 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2017-03-22 17:35 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2017-03-22 17:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2017-03-22 17:35 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2017-03-22 17:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2017-03-22 17:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2017-03-22 17:35 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2017-03-22 17:35 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-03-22 17:35 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2017-03-22 17:35 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2017-03-22 17:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2017-03-22 17:35 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2017-03-22 17:35 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2017-03-22 17:35 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2017-03-22 17:35 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2017-03-22 17:35 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2017-03-22 17:35 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2017-03-22 17:35 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2017-03-22 17:35 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2017-03-22 17:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2017-03-22 17:35 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2017-03-22 17:35 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2017-03-22 17:35 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2017-03-22 17:35 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2017-03-22 17:35 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2017-03-22 17:35 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2017-03-22 17:35 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2017-03-22 17:35 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2017-03-22 17:35 - 2013-10-04 04:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-03-22 17:35 - 2013-10-04 04:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2017-03-22 17:35 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-03-22 17:35 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2017-03-22 17:35 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2017-03-22 17:35 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2017-03-22 17:35 - 2012-10-09 20:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2017-03-22 17:35 - 2012-10-09 20:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2017-03-22 17:35 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2017-03-22 17:35 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2017-03-22 17:35 - 2012-10-03 19:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-03-22 17:35 - 2012-10-03 19:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2017-03-22 17:35 - 2012-10-03 19:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2017-03-22 17:35 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-03-22 17:35 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2017-03-22 17:35 - 2012-08-21 23:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2017-03-22 17:35 - 2012-07-04 22:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2017-03-22 17:35 - 2012-01-04 12:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-03-22 17:35 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2017-03-22 17:35 - 2011-12-30 08:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2017-03-22 17:35 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2017-03-22 17:35 - 2011-06-16 07:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2017-03-22 17:35 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2017-03-22 17:35 - 2011-05-04 07:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-03-22 17:35 - 2011-05-04 07:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-03-22 17:35 - 2011-05-04 07:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-03-22 17:35 - 2011-05-04 07:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-03-22 17:35 - 2011-05-04 07:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-03-22 17:35 - 2011-05-04 07:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-03-22 17:35 - 2011-05-04 07:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-03-22 17:35 - 2011-05-04 07:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-03-22 17:35 - 2011-05-04 07:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-03-22 17:35 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-03-22 17:35 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-03-22 17:35 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-03-22 17:35 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-03-22 17:35 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-03-22 17:35 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-03-22 17:35 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-03-22 17:35 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-03-22 17:35 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-03-22 17:34 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-22 17:34 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-22 17:34 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-22 17:34 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-22 17:34 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-22 17:34 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-22 17:34 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-22 17:34 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-22 17:34 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-22 17:34 - 2016-08-29 17:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-03-22 17:34 - 2016-08-29 17:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-03-22 17:34 - 2016-08-29 17:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-03-22 17:34 - 2016-08-29 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-03-22 17:34 - 2016-08-29 17:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-03-22 17:34 - 2016-08-29 16:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-03-22 17:34 - 2016-08-16 22:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-03-22 17:34 - 2016-08-16 22:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-03-22 17:34 - 2016-03-24 00:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-03-22 17:34 - 2016-03-09 21:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-03-22 17:34 - 2016-03-09 20:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-03-22 17:34 - 2016-03-09 20:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-03-22 17:34 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-03-22 17:34 - 2015-08-27 20:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-03-22 17:34 - 2015-08-27 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-03-22 17:34 - 2015-08-27 19:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-03-22 17:34 - 2015-08-27 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-03-22 17:34 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2017-03-22 17:34 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2017-03-22 17:34 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2017-03-22 17:34 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-03-22 17:34 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-03-22 17:34 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2017-03-22 17:34 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2017-03-22 17:34 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2017-03-22 17:34 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2017-03-22 17:34 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2017-03-22 17:34 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-03-22 17:34 - 2012-12-07 15:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2017-03-22 17:34 - 2012-12-07 15:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2017-03-22 17:34 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2017-03-22 17:34 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2017-03-22 17:34 - 2012-12-07 13:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2017-03-22 17:34 - 2012-12-07 13:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2017-03-22 17:34 - 2012-12-07 13:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2017-03-22 17:34 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2017-03-22 17:34 - 2011-03-11 08:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2017-03-22 17:34 - 2011-03-11 08:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2017-03-22 17:34 - 2011-03-11 08:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2017-03-22 17:34 - 2011-03-11 08:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2017-03-22 17:34 - 2011-03-11 08:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2017-03-22 17:34 - 2011-03-11 08:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-03-22 17:34 - 2011-03-11 08:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2017-03-22 17:34 - 2011-03-11 07:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2017-03-22 17:34 - 2011-03-11 07:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2017-03-22 17:34 - 2011-02-18 12:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2017-03-22 17:34 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2017-03-22 16:32 - 2017-03-22 16:31 - 00001360 _____ C:\Users\Martin\Desktop\Wow WoTLK.lnk
2017-03-19 13:40 - 2017-04-03 20:01 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2017-03-18 19:54 - 2017-03-18 19:54 - 00000000 _____ C:\Users\Martin\Desktop\New Text Document (2).txt
2017-03-18 15:10 - 2017-04-02 10:16 - 00334088 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-03-18 15:10 - 2017-04-02 10:16 - 00307736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-03-18 15:10 - 2017-04-02 10:16 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-03-18 15:10 - 2017-04-02 10:16 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-03-18 15:10 - 2017-04-02 10:16 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-03-15 21:53 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 21:53 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 21:53 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 21:53 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 21:53 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 21:53 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 21:53 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 21:53 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 21:53 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 21:53 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 21:53 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 21:53 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 21:53 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 21:53 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 21:53 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 21:53 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 21:53 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 21:53 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 21:53 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 21:53 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 21:53 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 21:53 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 21:53 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 21:53 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 21:53 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 21:53 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 21:53 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 21:53 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 21:53 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 21:53 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 21:53 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 21:53 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 21:53 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 21:53 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 21:53 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 21:53 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 21:53 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 21:53 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 21:53 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 21:53 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 21:53 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 21:53 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 21:53 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 21:53 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 21:53 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 21:53 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 21:53 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 21:53 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 21:53 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 21:53 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 21:52 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 21:52 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 21:52 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 21:52 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 21:52 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 21:52 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 21:52 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 21:52 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 21:52 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 21:52 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 21:52 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 21:52 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 21:52 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 21:52 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 21:52 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 21:52 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 21:52 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 21:52 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 21:52 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 21:52 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 21:52 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 21:52 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 21:52 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 21:52 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 21:52 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 21:52 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 21:52 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 21:52 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 21:52 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 21:52 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 21:52 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 21:52 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 21:52 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 21:52 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 21:52 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 21:52 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 21:52 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 21:52 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 21:52 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 21:52 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 21:52 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 21:52 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 21:52 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 21:52 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 21:52 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 21:52 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 21:52 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 21:52 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 21:52 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 21:52 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 21:52 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 21:52 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 21:52 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 21:52 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 21:52 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 21:52 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 21:52 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 21:52 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 21:52 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 21:52 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 21:52 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 21:52 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 21:52 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 21:52 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 21:52 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 11:40 - 2017-03-15 11:40 - 00000000 ____D C:\Users\Martin\OpenVPN
2017-03-15 11:39 - 2017-03-15 11:39 - 00000908 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2017-03-15 11:39 - 2017-03-15 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2017-03-15 11:39 - 2017-03-15 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2017-03-15 11:39 - 2017-03-15 11:39 - 00000000 ____D C:\Program Files\TAP-Windows
2017-03-15 11:39 - 2017-03-15 11:39 - 00000000 ____D C:\Program Files\OpenVPN
2017-03-15 11:38 - 2017-03-15 11:38 - 56716614 _____ C:\Users\Martin\Downloads\Janeway’s Immunobiology [9 ed.].pdf
2017-03-15 11:38 - 2017-03-15 11:38 - 03892080 _____ C:\Users\Martin\Downloads\openvpn-install-latest-stable.exe
2017-03-11 12:39 - 2017-03-11 12:39 - 27353774 _____ C:\Users\Martin\Downloads\HawsJon TBC Addon Pack v1.5.zip
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-06 12:39 - 2017-03-05 21:57 - 00001263 _____ C:\Users\Martin\Desktop\Wow TBC.lnk
2017-03-05 21:53 - 2017-03-05 21:53 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-05 21:34 - 2017-04-02 10:07 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\uTorrent
2017-03-05 20:45 - 2017-03-05 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-03 20:04 - 2016-09-02 20:27 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Curse Client
2017-04-03 20:02 - 2015-10-23 18:03 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Skype
2017-04-03 20:01 - 2015-10-23 18:02 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-03 20:01 - 2015-10-23 17:31 - 00030528 _____ C:\Windows\GVTDrv64.sys
2017-04-03 20:01 - 2015-10-23 17:09 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-04-03 20:00 - 2016-11-29 13:12 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-03 20:00 - 2016-11-29 13:03 - 00000000 ____D C:\Program Files\TrueKey
2017-04-03 20:00 - 2015-10-28 12:51 - 00001000 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-03 20:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-03 18:19 - 2017-02-21 18:24 - 00003414 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-04-03 18:19 - 2017-02-21 18:24 - 00003288 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2017-04-03 18:19 - 2017-02-21 18:23 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-04-03 18:12 - 2015-10-28 12:51 - 00001004 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-03 18:07 - 2009-07-14 06:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-03 18:07 - 2009-07-14 06:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-03 18:05 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-03 18:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-02 11:18 - 2016-03-22 22:13 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458677621
2017-04-02 11:17 - 2015-12-15 20:49 - 00000000 ____D C:\Users\Martin\AppData\Roaming\uTorrent
2017-04-02 10:35 - 2016-11-19 19:04 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
2017-04-02 10:20 - 2016-02-18 17:13 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-02 10:20 - 2016-02-18 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-02 10:20 - 2016-02-18 17:12 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-02 10:20 - 2015-10-24 23:05 - 00000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2017-04-02 10:16 - 2016-03-22 22:13 - 00032600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 01005048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00556784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00339696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00164064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00127112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00101152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-04-02 10:16 - 2016-02-22 11:38 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-04-01 09:18 - 2016-09-14 23:41 - 00000742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-01 09:18 - 2016-03-22 22:13 - 00001004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-01 09:18 - 2015-10-23 16:59 - 00000991 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-31 23:49 - 2016-06-07 16:29 - 00000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2017-03-31 21:53 - 2015-11-21 18:26 - 00000812 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-31 20:32 - 2015-10-23 17:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-31 09:29 - 2017-01-25 23:20 - 00000000 ____D C:\Program Files\FACEIT Client
2017-03-31 09:23 - 2016-06-03 18:24 - 00000000 ____D C:\ProgramData\HappyCloud
2017-03-31 09:23 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-30 18:43 - 2016-07-07 16:14 - 00000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2017-03-30 18:23 - 2015-10-23 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-28 22:28 - 2015-11-07 23:13 - 00000000 ____D C:\Users\Martin\AppData\Local\Spotify
2017-03-28 22:26 - 2015-11-07 23:12 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2017-03-28 18:08 - 2015-11-21 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-24 16:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-23 19:09 - 2015-10-28 12:51 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-23 15:34 - 2016-08-24 16:23 - 00000000 ____D C:\Windows\rescache
2017-03-23 11:34 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2017-03-23 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2017-03-23 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-03-23 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2017-03-23 11:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-03-19 21:38 - 2016-02-22 11:37 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-18 15:10 - 2016-02-22 11:38 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148984264560004
2017-03-18 15:10 - 2016-02-22 11:38 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148984264666106
2017-03-17 11:55 - 2016-10-13 23:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-17 11:55 - 2015-11-21 18:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-17 00:07 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 17:21 - 2015-10-26 00:48 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 17:19 - 2015-10-26 00:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 17:17 - 2015-11-21 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 23:01 - 2015-10-23 18:03 - 00000000 ____D C:\ProgramData\Skype
2017-03-15 11:40 - 2015-10-23 16:59 - 00000000 ____D C:\Users\Martin
2017-03-14 18:10 - 2016-11-29 13:03 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 18:10 - 2016-11-29 13:03 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 18:10 - 2016-11-29 13:03 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 18:10 - 2016-11-29 13:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-14 18:10 - 2016-11-29 13:03 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-11 12:27 - 2016-05-07 12:39 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2017-03-11 12:27 - 2016-05-07 12:39 - 00000000 ____D C:\Users\Martin\AppData\Local\SquirrelTemp
2017-03-11 12:27 - 2016-05-07 12:39 - 00000000 ____D C:\Users\Martin\AppData\Local\Innkeeper
2017-03-05 22:00 - 2016-09-12 20:00 - 00002166 _____ C:\Users\Martin\Desktop\Discord.lnk
2017-03-05 22:00 - 2016-09-12 20:00 - 00000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-03-05 22:00 - 2016-09-12 20:00 - 00000000 ____D C:\Users\Martin\AppData\Roaming\discord
2017-03-05 22:00 - 2016-09-12 20:00 - 00000000 ____D C:\Users\Martin\AppData\Local\Discord
2017-03-05 20:45 - 2015-10-23 18:03 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-05 20:45 - 2015-10-23 18:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-05 20:45 - 2015-10-23 17:19 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2017-03-30 18:50 - 2017-03-31 16:33 - 0000016 _____ () C:\Users\Martin\AppData\Roaming\msregsvv.dll
2015-12-26 13:51 - 2015-12-26 13:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-03-30 18:50 - 2017-03-31 16:33 - 0000016 _____ () C:\ProgramData\autobk.inc
2015-11-01 21:56 - 2013-05-23 17:27 - 0001697 _____ () C:\ProgramData\CfGH0250.ini
2015-11-01 21:56 - 2013-05-23 17:27 - 0001696 _____ () C:\ProgramData\CfGH0280.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2015-11-01 21:56 - 2010-06-29 16:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2015-11-01 21:56 - 2013-07-01 10:35 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2015-11-01 21:56 - 2009-02-24 15:27 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2015-11-01 21:56 - 2009-03-20 19:07 - 0000939 _____ () C:\ProgramData\CfSB1170.ini
2015-11-01 21:56 - 2009-11-17 16:54 - 0002844 _____ () C:\ProgramData\cfSB1240.ini
2015-11-01 21:56 - 2013-03-08 17:15 - 0002844 _____ () C:\ProgramData\cfSB1240A.ini
2015-11-01 21:56 - 2010-06-23 15:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2015-11-01 21:56 - 2013-03-08 17:15 - 0003077 _____ () C:\ProgramData\cfSB1290A.ini
2015-11-01 21:56 - 2010-11-26 12:07 - 0000806 _____ () C:\ProgramData\cfSB1300.ini
2015-11-01 21:56 - 2013-07-01 10:35 - 0000806 _____ () C:\ProgramData\cfSB1300A.ini
2015-11-01 21:56 - 2011-09-26 17:33 - 0000715 _____ () C:\ProgramData\CfSB1360.ini
2015-11-01 21:56 - 2012-02-09 16:11 - 0000715 _____ () C:\ProgramData\CfSB1380.ini
2015-11-01 21:56 - 2012-02-09 16:11 - 0000715 _____ () C:\ProgramData\CfSB1390.ini
2015-11-01 21:56 - 2012-12-07 19:01 - 0000715 _____ () C:\ProgramData\CfSB1530.ini
2015-11-01 21:56 - 2012-12-07 19:01 - 0000715 _____ () C:\ProgramData\CfSB1532.ini
2015-11-01 21:56 - 2013-06-11 18:37 - 0001980 _____ () C:\ProgramData\cfSB1560.ini
2015-10-23 17:19 - 2015-10-23 17:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-24 19:19
 
==================== End of FRST.txt ============================

Addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by Martin (03-04-2017 20:05:06)
Running from C:\Users\Martin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-10-23 14:59:12)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2340422068-96799099-1755646500-500 - Administrator - Disabled)
Guest (S-1-5-21-2340422068-96799099-1755646500-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2340422068-96799099-1755646500-1002 - Limited - Enabled)
Martin (S-1-5-21-2340422068-96799099-1755646500-1000 - Administrator - Enabled) => C:\Users\Martin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.8.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.8.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARIA Engine v1.9.1.6 (HKLM\...\ARIA Engine_is1) (Version: v1.9.1.6 - Plogue Art et Technologie, Inc)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Discord (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
D-Link DWA-125 (HKLM-x32\...\{E45CACFE-0576-4375-A84F-C34B99A7B652}) (Version:  - D-Link)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ESEA Client (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\ESEA) (Version: 5.0.0.0 - E-Sports Entertainment LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ET6 B15.0210.1 (HKLM-x32\...\InstallShield_{35D86AE6-EC16-4C56-8CE7-B85F0E5EFFA4}) (Version: 1.00.0000 - GIGABYTE)
ET6 B15.0210.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.44.20513.9 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gyazo 3.3.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Happy Cloud Client (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 5540 series Basic Device Software (HKLM\...\{44CE34C3-7B6A-44CA-BD7F-73E053BBAEC8}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
Innkeeper (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Innkeeper) (Version: 0.4.2 - Curse Inc.)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Uppdatering (KB963678) (HKLM-x32\...\{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6696EB50-EC8B-4D01-8061-04A6DE3D590C}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669) (HKLM-x32\...\{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{18E9F644-2552-4544-AABB-C1838964DDEE}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Uppdatering (KB963665) (HKLM-x32\...\{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{5DF6817C-E3C0-4226-9565-5C10A0AF4BF5}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 43.0.1 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 sv-SE)) (Version: 43.0.1 - Mozilla)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.4.1428 - Native Instruments)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
OpenVPN 2.4.0-I601  (HKLM\...\OpenVPN) (Version: 2.4.0-I601 - OpenVPN Technologies, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Plantronics® RIG 500 Software for Dolby® Headphone (HKLM-x32\...\{2A01907E-2CD8-4870-B820-DEB03266960C}) (Version: 2.12.01 - Plantronics)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Plogue sforzando v1.916 (HKLM\...\__ARIA_1014___is1) (Version: v1.916 - Plogue)
PreSonus Studio One 3 x64 (HKLM\...\PreSonus Studio One 3) (Version: 3.1.0.35191 - PreSonus Audio Electronics)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.8-r120085-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sound Blaster EVO Zx/ZxR Extras (HKLM-x32\...\{D55BF3B9-AE2D-45BB-9E3D-2426EE92ED08}) (Version:  - )
Spotify (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.5.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.5.2 - SteelSeries ApS)
Svenska Spels Poker (HKLM-x32\...\Svenska Spels Poker ) (Version:  - Boss Media AB)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version:  - Nadeo)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
UAS&TURBO DRIVER CONTROL TOOL 1.0.0.13 (HKLM-x32\...\{078BD51D-BC3A-4178-93DE-57FFE92A83DE}}_is1) (Version:  - GIGA-BYTE TECHNOLOGY CO., LTD.)
Unity Web Player (HKU\S-1-5-21-2340422068-96799099-1755646500-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unravel™ (HKLM-x32\...\{5105E605-9EE7-4050-9CC0-005093BBF89A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Plattform för enhetshanterare (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Windows Driver Package - Microsoft (xusb21) XnaComposite  (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2340422068-96799099-1755646500-1000_Classes\CLSID\{513678f7-3559-49ee-8882-85c8c15e17e8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {267CA5A8-3832-40E0-8692-5980D9DBD11A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {2FFEAE27-AB52-422A-AD89-6E710FF431B4} - System32\Tasks\HP AR Program Upload - ff9ccec77fb648b49e3eeff8f6374a3ac4b141a2c8e9408f8345bb30fd346528 => C:\Program Files\HP\HP ENVY 5540 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {36A00F75-1A71-4602-90D2-79A0F212FF4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4D76D2F3-6A67-402D-BB82-44112C641666} - System32\Tasks\SafeZone scheduled Autoupdate 1458677621 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {508CE1EA-BC62-4973-9ECC-8637AE81EFB6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-02] (AVAST Software)
Task: {5561C79F-929D-4A50-A6F5-3FEAC1A0CD3D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {5A11E989-EA7D-471C-B185-08889F1BD8F8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {6019AAD9-4D52-481F-9A8F-21FCF59E5782} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
Task: {608F6696-436D-499F-9C33-4FCA637F969A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {650611B0-1986-41F0-97B2-3DBFC0FAFB6E} - System32\Tasks\{F7AAA621-D221-4184-9B53-37AC8D720B87} => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe [2016-11-29] ()
Task: {67E16C3B-38A5-4F7E-9484-3A531A3B9789} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {78955436-BC34-4505-9410-2A20CD80D7DF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software)
Task: {9E946AD9-192F-4757-A6F1-A6F99A794BC1} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {B0A23347-D81C-43F6-8E3E-47AFAAFB0389} - System32\Tasks\{36C6B7C8-A410-40B2-9545-589B6E59E6E4} => pcalua.exe -a C:\Users\Martin\AppData\Local\Temp\Temp1_(150127)DWA-125_D1_FW_v4.02.zip\(150127)DWA-125_D1_FW_v4.02\Setup.exe <==== ATTENTION
Task: {B15ACAE9-99F3-4AEF-805C-BA6CF0541DF4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {C56FE417-652A-45C4-9C03-07C394AC6766} - System32\Tasks\HP AR Program Upload - fd348c6be6ec4dfab31a576959907fc3094babf5cc41474284a2a3a5baeaed46 => C:\Program Files\HP\HP ENVY 5540 series\bin\HPRewards.exe [2015-03-09] (Hewlett-Packard Development Company, LP)
Task: {C5E0CCDF-B697-4440-BEDC-49AA76F6FF61} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-03-28] ()
Task: {C93F134C-91A8-4EA5-AD8C-D42BD87C776D} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {FC04A54F-95FF-4D41-BEFD-C5C23147E765} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-04 00:25 - 2015-08-04 00:25 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2015-08-04 00:25 - 2015-08-04 00:25 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-02-06 19:46 - 2017-02-06 19:46 - 00310272 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveSockets\aae4aec12bd779cc95bea88c4140f8a9\ReactiveSockets.ni.dll
2014-05-02 12:52 - 2014-05-02 12:52 - 00599040 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\irrKlang.NET4.dll
2014-05-02 07:55 - 2014-05-02 07:55 - 00185344 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpflac.dll
2014-05-02 07:05 - 2014-05-02 07:05 - 00173056 _____ () C:\Program Files\Nefarius Software Solutions\ScpToolkit\irrKlang\amd64\ikpmp3.dll
2015-10-23 18:00 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
2016-10-06 20:36 - 2016-10-06 20:36 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-04-02 19:48 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-02 19:48 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-01-13 14:04 - 2012-01-13 14:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2016-07-12 11:38 - 2015-10-19 12:51 - 03321632 ____N () C:\Program Files\Plantronics\HD1\optimus3D_x64.exe
2016-12-27 14:41 - 2016-12-27 14:41 - 00582784 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2015-10-13 20:53 - 2015-10-13 20:53 - 00507144 _____ () C:\Program Files\SteelSeries\SteelSeries Engine 3\SSEdevice.dll
2017-03-31 20:32 - 2017-03-29 10:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-03-31 20:32 - 2017-03-29 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-04-02 10:16 - 2017-04-02 10:16 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-04-02 10:16 - 2017-04-02 10:16 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-03 17:59 - 2017-04-03 17:59 - 06012984 _____ () C:\Program Files\AVAST Software\Avast\defs\17040300\algo.dll
2017-04-02 10:16 - 2017-04-02 10:16 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-04-03 20:00 - 2017-04-03 20:00 - 06012984 _____ () C:\Program Files\AVAST Software\Avast\defs\17040301\algo.dll
2017-04-02 10:16 - 2017-04-02 10:16 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2014-12-26 19:29 - 2014-12-26 19:29 - 02895943 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2015-02-10 13:51 - 2015-02-10 13:51 - 00663619 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2014-05-27 15:24 - 2014-05-27 15:24 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 15:01 - 2012-05-08 15:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 15:03 - 2012-11-27 15:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 15:50 - 2010-06-24 15:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 19:00 - 2011-03-01 19:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 09:26 - 2011-10-18 09:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2015-02-10 16:14 - 2015-02-10 16:14 - 01503300 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2015-01-07 16:55 - 2015-01-07 16:55 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 10:59 - 2013-03-23 10:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 10:29 - 2013-11-01 10:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-24 00:50 - 2013-05-24 00:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-24 00:50 - 2013-05-24 00:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2015-02-09 20:42 - 2015-02-09 20:42 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2017-01-02 13:43 - 2017-01-02 13:43 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-02 10:16 - 2017-04-02 10:16 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2015-10-23 18:03 - 2017-03-10 02:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-23 18:03 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-23 18:03 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-23 18:03 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-23 18:03 - 2017-03-23 02:52 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-23 18:03 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-23 18:03 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-23 18:03 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-23 18:03 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-23 18:03 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-23 18:03 - 2017-03-31 00:46 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 14:31 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-01-30 13:52 - 2017-01-30 13:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2016-12-14 16:46 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-10-23 18:01 - 2015-10-23 18:01 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
2015-10-23 18:00 - 2010-05-13 10:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-125 revA\WlanApp.dll
2017-03-23 19:09 - 2017-03-21 20:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2015-12-15 15:56 - 2017-02-28 22:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-15 15:56 - 2017-02-28 22:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-15 15:56 - 2017-02-28 22:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-15 15:56 - 2017-03-21 20:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-15 15:56 - 2017-02-28 22:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-15 15:56 - 2017-02-28 22:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-23 19:09 - 2017-02-28 22:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-23 19:09 - 2017-02-28 22:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-23 19:09 - 2017-02-28 22:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-15 15:56 - 2017-02-28 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-21 13:51 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-23 19:09 - 2017-02-28 22:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-23 19:09 - 2017-02-28 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-15 15:56 - 2017-03-21 20:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-21 13:51 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-21 13:51 - 2017-02-28 22:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-15 15:56 - 2017-03-21 20:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-15 15:56 - 2017-02-28 22:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-27 21:16 - 2017-03-21 20:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-24 13:54 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-24 13:54 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 13:54 - 2017-03-21 20:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 13:54 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-19 16:56 - 2017-03-21 20:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-23 19:09 - 2017-03-21 20:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-23 19:09 - 2017-02-28 22:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-23 19:09 - 2017-03-21 20:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-12 11:31 - 2017-03-21 20:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-23 19:09 - 2017-02-28 22:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-23 19:09 - 2017-02-28 22:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-23 19:09 - 2017-03-21 20:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-15 15:56 - 2017-02-28 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-21 13:51 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-23 19:09 - 2017-03-21 20:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2340422068-96799099-1755646500-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Discord => C:\Users\Martin\AppData\Local\Discord\app-0.0.296\Discord.exe
MSCONFIG\startupreg: Innkeeper => C:\Users\Martin\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Spotify => "C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5FD4E42B-86F4-493E-A760-D6BB06701F37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1881E2F8-A7E4-4DA9-BE74-B13C4AB13869}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C4ECAC5C-0A09-4870-90EA-D0D7191F82C7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{15611EC5-8C99-4C66-9684-43DAF142D8B9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9683748A-B172-4D9F-9FDE-CDA55CE40E4F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0C46E7A-6528-4733-A474-61699C1DC6E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3A48AEAF-DD86-424A-9AFE-6BCA48836C29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E46A96DF-77C6-4EA4-94DD-DD64991754F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB0D3772-CA73-4C37-9616-5FEE1791E942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E5FE9569-35EA-4245-839A-62A031EA808A}] => (Allow) F:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{B582F650-6BAE-4C6D-9509-CF62FC1B51EC}] => (Allow) F:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{F9F34F3F-8D35-454C-ADD6-03F36E8DA35D}] => (Allow) F:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{935DAFB6-C650-4491-ACDE-B3754BAD3B6C}] => (Allow) F:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3B919BAC-EADA-47C8-BB5D-DB33D8BA5A24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1004D8A9-CDE0-49F6-877E-6ADE0FA03295}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6044B751-6BD9-4BE1-A5C7-207B6C39D004}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BC8128BB-CB62-4107-9E9D-6DC0F176BB0A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{273ADFCB-35DE-4AEA-A513-40D6D8E84778}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{7B9E456C-3FD3-47BB-B929-0576633F9B77}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{BA125E8A-3A2B-405B-AFE8-D4B81608CC62}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6324252A-9E24-4EB0-9775-E3A7D1BE3768}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9D89D05E-09F0-4AE7-9D3C-FA635EDA46A2}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11FEC2BF-2567-445B-8CA1-F2F78C847A78}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{354CCB68-C88B-4892-931F-80DFC4E9D651}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{30C14200-F06B-4C77-A143-F8108D15A02A}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C1AF2636-D440-4E67-A0B1-F9298FECADAF}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9CEE1753-B7F3-4F96-8A3D-7AFB6B33ECA0}] => (Allow) C:\Users\Martin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C8E441F-9D0A-4611-A621-993B22A6FC95}] => (Allow) C:\Users\Martin\AppData\Local\Temp\7zS113F\HP.EasyStart.exe
FirewallRules: [{0ABFAD5F-5CA8-4EA0-B902-6FFB6575DDF3}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe
FirewallRules: [{FDC488A1-F746-4B75-8890-1A9AB05A3D8C}] => (Allow) LPort=5357
FirewallRules: [{659EC2D5-7550-4D16-B931-20210376D3D5}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A5DDE360-1A98-4867-8587-B60408119D46}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{09C7EDEE-FC0F-414F-A32D-6875CDE91BC3}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{300881F4-2E06-45C7-9D7C-E05D98DCC55C}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{6F849AB0-3E07-4FF0-B4DC-8CA1DAA6BB23}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{DBBB20A0-A21F-44A1-9DA3-187E9D4AB414}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{51FB2422-6F5D-4541-A725-E7F59330E72B}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{40F2CEF9-4FD5-4D33-AC82-3502B95FB10C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D70F87C9-B9EA-4ADE-A737-915159614912}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9573F031-0F7A-488B-8D2C-413240029FE1}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7D577428-64E4-476C-A9D0-ABA927A1D275}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{06CA95F7-AE4C-40B4-83B2-D774A2ED3064}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D44F7E2B-6712-49BF-ADFF-6D7193EC3139}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{55681C50-9829-4050-8EE9-C0372A849850}F:\program files (x86)\origin games\bfh\bfh.exe] => (Allow) F:\program files (x86)\origin games\bfh\bfh.exe
FirewallRules: [UDP Query User{A9A1D478-9AB0-4243-A15B-B5CD6A733968}F:\program files (x86)\origin games\bfh\bfh.exe] => (Allow) F:\program files (x86)\origin games\bfh\bfh.exe
FirewallRules: [TCP Query User{40A46B84-DAB9-44FF-A3FC-411019DA0828}F:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) F:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{1898B275-A786-418E-A05D-D26B73B65F1F}F:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) F:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{E3413F82-033D-4E16-8303-B5BB5A406C43}F:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) F:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{30CCA818-82CD-413C-AA20-C75B17483A4C}F:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) F:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{27DA0711-3503-4D2A-9B40-2584E58B167C}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{20E988EA-000B-4995-929C-E81140CB319E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{AD8DE323-BD1F-4371-A87E-9979F5572770}] => (Allow) F:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{C54C707E-EB92-496F-A69B-894EFACB0CDD}] => (Allow) F:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{CC0B3847-CCA0-4DD3-8646-5005D21A43DD}] => (Allow) F:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{3BEA5E4C-9308-4FEE-941B-AE41CB06ADEA}] => (Allow) F:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{C99D3EFE-CC97-414F-8D76-888080799939}] => (Allow) F:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{F226B835-AC72-4280-9D63-69E518313F72}] => (Allow) F:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{F568A261-A04E-4F8B-B645-BF97A3C36152}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3695E7E3-1DF7-4D1C-9C04-BCCD8BB7FC16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00E2A4F4-B9E8-439B-8BD9-1344CB24152B}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{904819BD-5AE9-4755-B16D-C5EF39CA5A3C}] => (Allow) F:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{D8A7E79A-3204-4F63-860A-406E3A5780FF}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{CF2AD538-CB3B-4300-A532-434B99454FFB}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{1D5A5892-CE72-42F4-B2A5-6CA9A21B28CC}] => (Allow) C:\Users\Martin\AppData\Local\Apps\2.0\VB98RBO0.8ML\R99HX6ZB.8M5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{99DAF79C-034B-4466-9A8B-AAD9EF1D87E2}] => (Allow) C:\Users\Martin\AppData\Local\Apps\2.0\VB98RBO0.8ML\R99HX6ZB.8M5\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
FirewallRules: [{2EA4054C-653A-43C7-B92B-F594C03EDF5B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{4AEB6DC4-1990-40C8-8306-328A12486CAD}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5323CAB5-9180-453B-9836-9A12EE3AC533}] => (Allow) F:\Program Files (x86)\Firefox\firefox.exe
FirewallRules: [{47A7DAC6-196C-4233-BCCA-73FF63F8B902}] => (Allow) F:\Program Files (x86)\Firefox\firefox.exe
FirewallRules: [{7BCDADC7-FCA3-49EC-A2FC-72CA8EA27E6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F66E6F96-7B40-4A97-BA5E-FADC3C9A4262}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4FCF0680-0574-4080-BDD0-60FF508FC622}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{25E44155-70FF-4A0F-9D90-8AFD288ADF90}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3272E3CA-392C-47E1-9CD6-47219E675C94}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{19886EBA-400B-4F14-A943-F01629699378}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{6F44C786-D734-4B1C-A9C3-AD3CA14F12C9}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{84A4E5EA-FD14-4119-A298-23963E71CEC0}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{43D5699B-DED9-4F97-BB4C-27E921AE8371}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{F115282A-2A42-4035-91C6-09FBE1703631}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [TCP Query User{7C92312A-D6BA-4A2E-B469-168FC1DF0EB4}F:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) F:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{32432FA1-9558-4C47-8316-7AEDAB910E1D}F:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) F:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{CCB44A81-834F-4C3C-A909-2DC4927FADCF}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{6988B7EE-D56B-4507-A320-C5CCB027EF3F}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{08818BBA-0A09-4495-B055-BB3528425598}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{001AF697-FE9A-463F-8D40-75D5403ECD47}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{8430B7D5-647E-49DE-8340-636C2D161D43}] => (Allow) F:\Program Files (x86)\Heroes of the Storm\Versions\Base48297\HeroesOfTheStorm_x64.exe
FirewallRules: [{63B2568B-2F1F-41B4-AEFF-32231508BF67}] => (Allow) F:\Program Files (x86)\Heroes of the Storm\Versions\Base48297\HeroesOfTheStorm_x64.exe
FirewallRules: [{814AC73A-03E5-48BF-8326-625D68F2CDF2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{70EB8E23-70EB-474E-8CB9-689E9AB15817}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{72039975-D6E2-40A9-B487-91265326D7DE}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{49B395D0-1C1B-4F8D-847F-47E3B726554D}] => (Allow) F:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{DCBF5E0D-D4F6-435D-9D78-CC5E6B1A3DBD}] => (Allow) F:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{028D0631-8B38-4F3E-BDB8-83B0B105EFD9}] => (Allow) F:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{4D21E6E7-EBD9-4F0F-9229-D1A11862598F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{605F4EA9-0577-4492-891F-2D4D398E89C4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FDDDF4D7-AE80-4C9C-B8C7-704E5F6DC7CF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0789F813-00D1-48E0-8F3B-9A6C6A41A36C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{B42BF00E-4C5C-4589-878F-E509856ECB47}F:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) F:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{8C5C49DC-A79D-41AD-A3A8-0F57D032BE60}F:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) F:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{A4CBDEA4-50D0-4245-94E7-FB3AA9026C19}] => (Allow) F:\Program Files (x86)\Heroes of the Storm\Versions\Base50286\HeroesOfTheStorm_x64.exe
FirewallRules: [{53590AC0-1C53-4B30-8A52-6F9756CDC830}] => (Allow) F:\Program Files (x86)\Heroes of the Storm\Versions\Base50286\HeroesOfTheStorm_x64.exe
FirewallRules: [{07B28A72-1A0E-4A67-824E-C736A12E757F}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe
FirewallRules: [{8646C91C-103C-465C-8606-DF0AC9E0F737}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{72128BAF-9E01-46F5-AEFC-5365B3E65F16}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{80030298-2D17-4E08-BB9B-C872F75E2FF8}F:\program files\presonus\studio one 3\studio one.exe] => (Block) F:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [UDP Query User{1E8FD3C5-F909-401C-A366-1A04606643F1}F:\program files\presonus\studio one 3\studio one.exe] => (Block) F:\program files\presonus\studio one 3\studio one.exe
FirewallRules: [{CB7F6E79-C313-4D1C-A008-32B34905CCF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E38EBF1-3199-4571-BC74-B248C901B954}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
 
==================== Restore Points =========================
 
02-04-2017 10:20:12 Avast Cleanup
02-04-2017 21:45:24 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: hp DVD-RAM GH40L SATA CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: ESEADriver2
Description: ESEADriver2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ESEADriver2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: DTSOFT Virtual CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2017 08:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/03/2017 08:00:31 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/03/2017 06:03:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/03/2017 06:02:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\users\martin\downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/03/2017 06:02:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\users\martin\desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/03/2017 05:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/03/2017 05:59:10 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/02/2017 09:37:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/02/2017 09:36:11 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/02/2017 07:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (04/03/2017 08:01:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
UsbCharger
 
Error: (04/03/2017 08:01:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/03/2017 08:01:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (04/03/2017 08:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/03/2017 07:03:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.
 
Error: (04/03/2017 06:10:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.
 
Error: (04/03/2017 05:59:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
UsbCharger
 
Error: (04/03/2017 05:59:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/03/2017 05:59:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (04/03/2017 05:59:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-18 14:44:47.067
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 16:33:36.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-07 16:27:52.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-6300 Six-Core Processor 
Percentage of memory in use: 43%
Total physical RAM: 8158.67 MB
Available physical RAM: 4598.6 MB
Total Virtual: 16315.52 MB
Available Virtual: 12873.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:22.76 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP) (Fixed) (Total:582.9 GB) (Free:80.07 GB) NTFS
Drive g: (FACTORY_IMAGE) (Fixed) (Total:13.17 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5C0728A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 05 April 2017 - 11:57 AM

Martin:

 

Thank you for your FRST logs.  In the future, please don't use the quote codes - I find it easier to read the logs if they are just simply copied and pasted directly into a reply, rather than being quoted, which reduces the font size.

 

There are almost 1,700 lines to be analyzed in the logs, so it is going to take me some time get through both logs.  It could take a day or two, since I have other things "on the go" that limit the time I can dedicate to your log analysis.  "Real life" does get in my way from time to time.   :(

 

Thank you for your understanding and patience.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 06 April 2017 - 06:54 AM

Martin:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have µTorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.


:step2: The FRST logs show that you have QuickTime installed. I would recommend that your review this article. If you decide to uninstall QuickTime, please do so via the Control Panel, Programs, Add/Remove Program.

.


:step3: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE: It is important that both files, FRST/FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ESEADriver2; \??\C:\Users\Martin\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
Task: {B15ACAE9-99F3-4AEF-805C-BA6CF0541DF4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
C:\Program Files\Common Files\AV\Norton Internet Security
  • Right click FRST/FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste the contents into your reply.

.


:step4: You have an issue with your CD drive.

 

Name: hp DVD-RAM GH40L SATA CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


.


:step5: I did not find indications in the FRST logs that would explain the redirects that you are experiencing. I suspect that your computer may have been subsequently reinfected after our initial scans with the standard anti-malware tools, so we may have to repeat those scans. It is critical that you avoid using P2P software until we can identify the malware present and completely disinfect your computer. Personally, I would URGE you to uninstall µTorrent as it is a major malware attack vector.


.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 April 2017 - 09:08 AM

Hi Phil!

 

To start with I'd just like to express my gratitude to you, spending your time helping me. So there is absolutely no problem with things taking some time. So all respect to you, and all other volunteers on this forum, for doing this.

 

1: uTorrent uninstalled.

 

2: Thanks for the heads up, I've now uninstalled QuickTime.

 

3. Will do and copy the log in my next reply.

 

4: Not sure what might be causing this. Haven't used my CD-rom drive in the last couple of years, so will try and fix it.

 

5: I've barely been using this computer, apart from some offline-work and visiting this forum. since we started this process. But if you want me to, I can of course run them again.

 

Regards

Martin



#14 hanspeterxd

hanspeterxd
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 April 2017 - 09:14 AM

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Martin (06-04-2017 16:09:36) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ESEADriver2; \??\C:\Users\Martin\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
Task: {B15ACAE9-99F3-4AEF-805C-BA6CF0541DF4} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
C:\Program Files\Common Files\AV\Norton Internet Security
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{40211632-250D-4B8C-B04E-DA45BAE6DF8C} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\ESEADriver2 => key removed successfully
ESEADriver2 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B15ACAE9-99F3-4AEF-805C-BA6CF0541DF4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15ACAE9-99F3-4AEF-805C-BA6CF0541DF4} => key removed successfully
C:\Windows\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask => key removed successfully
C:\Program Files\Common Files\AV\Norton Internet Security => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 16:09:44 ====


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,891 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:38 AM

Posted 06 April 2017 - 09:30 AM

Martin:
 
Thank you for your post and for copying and pasting the contents of  the "fixlog.txt" file, without quotes.  So much easier for these old eyes! :)
 
That all looks good! :thumbup2:
 
I was not aware that this computer was not being frequently used, given the number of programs and games installed on it.  It is not unusual that people whom we are helping, manage to reinfect their computers during the disinfection process, particularly if they continue to use P2P software.  I am glad that you have uninstalled µTorrent.
 
.
 
 
:step1: As I indicated in my previous post, I would like to repeat some scans, just to be sure that there are no new malware entities lurking in your computer.  FRST is a very powerful scanning and disinfection utility, but it has its limits, as do all anti-malware scanners/cleaners.  They all focus on different classes of malware.  Of course, there is overlap.

ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.


:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users