Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible BOTNET-infection - Blacklist from PSN - HIJACKTHIS and FARBAR analysis


  • This topic is locked This topic is locked
13 replies to this topic

#1 Hanseman

Hanseman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 05 April 2017 - 03:37 AM

Dear Sirs
 
I have for the last months time had numerous problems with a possible Malware infection.
 
The problem was discovered as I was being blocked from PLAYSTATION NETWORK  - the support ( or total lack thereof ) informed me:

"Hi Hans,


Thank you for contacting PlayStation Support.

Our engineers have confirmed that your IP address was on our blacklist and has now again been manually removed.
As previously mentioned this can happen if there are security concerns regarding access to our network from an IP address. The most likely reason is a "botnet" attack from a device within that network.
Our engineers have advised that if there are further security concerns regarding this IP address, there will be further restrictions in the future. Your Internet Service Provider will need to offer further assistance to prevent this from happening.
Our Security team may temporarily stop a particular IP address from accessing PlayStation Network if malicious activity is detected from said IP. Recurrent malicious activity from the same IP may ultimately lead to a more permanent IP block.

Please note we will not be able to provide further information for the reason for any restrictions and these are confidential details regarding the security of our network.

If you need anything else just let me know! Quote 170131-001889 and one of our team will be happy to help you.
 
Thank you,"

 
Thus I started to scan my only PC for malware and possible infections..

The problem is however that PLAYSTATION NETWORK is a bunch of wankers who will not even provide simple info as e.g. the MAC-address from the unit sending the suspicious traffic or provide info about what program is doing it - It's like talking to an open door!

I qoute: 


Hi Hans,

My name is Sanna and I am a member of the supervisor team at PlayStation Support.

I've been in touch with you previously regarding this issue and unfortunately I have no further information to provide.

I can confirm that we have now for the seventh time manually removed your IP address from the blacklist and received a confirmation of this from our engineers today. Your IP address has been checked regularly since the beginning of February and we have consistently informed you that this has been manually removed.

While we understand this is frustrating and you would like a more permanent solution, unfortunately this is not something we can offer directly. We cannot provide you the MAC address you've requested for, nor can we provide you further information on why this gets blocked as these are highly confidential details of our security system. IP blocks are put in place as a security measure when suspicious activity is traced back to a certain IP address, and we can simply tell you whether these are on our blacklist or not, however your Internet Service Provider would need to address the security issue to prevent this from getting restricted again. This policy is very clear and we will not be able to make an exception.

Therefore if you wish to find a permanent solution you would once again need to get in touch with your Internet Service Provider. I understand from your case that they're not willing to change your IP address, however if their representative gets in touch with our support directly we can pass the details on to see if our security team will be able to advise them further. At this point this would be the only way we're able to proceed with the issue.

If you need anything else just let me know. 
 
Thank you,


However - here is what I have done to try to weed out the problem:
 
The daily basic setup is this:

 
Windows 7 Ultimate 64bit - Heimdal Security PRO - Free AVIRA Antivirus - Windows Firewall. - - -  This setup has kept med problem free for 6 years 0 infections total!!!
 
Yet I was told by PSN support that "illegal traffic" occurred on my IP-address!!!  The other day FACEBOOK suddenly logged off and I was told to download a malware removal tool from KASPERSKY - yet if found no infection!
Then GOOGLE started to act up - and I was told that due to suspicious traffic from my IP I needed to enter a CAPTCHA to continue my searches!

I then ran following System- and  MALWARE REMOVAL TOOLS in mentioned order.

CCLEANER - to clear out old files  - then registry clean to remove registry errors befor scan with malware tools,
I downloaded and ran:
 
Combofix
SUPERantispyware
Spybot - Search & Destroy
MALWAREBYTES 

and today FARBAR64

SPYBOT was the only tool that found other stuff than the odd trackingcookie - it claimed it found a Trojan - which it removed!

Then I ran HijackThis  and to the best of my knowledge looked through the line - trying to find any culprit.
 
This is where I ask for your help:
 
Can you find any unwanted entries in the logfiles - please tell me :)

Thank You for your time and effort
 
Hi Hans,

My name is Sanna and I am a member of the supervisor team at PlayStation Support.

I've been in touch with you previously regarding this issue and unfortunately I have no further information to provide.

I can confirm that we have now for the seventh time manually removed your IP address from the blacklist and received a confirmation of this from our engineers today. Your IP address has been checked regularly since the beginning of February and we have consistently informed you that this has been manually removed.

While we understand this is frustrating and you would like a more permanent solution, unfortunately this is not something we can offer directly. We cannot provide you the MAC address you've requested for, nor can we provide you further information on why this gets blocked as these are highly confidential details of our security system. IP blocks are put in place as a security measure when suspicious activity is traced back to a certain IP address, and we can simply tell you whether these are on our blacklist or not, however your Internet Service Provider would need to address the security issue to prevent this from getting restricted again. This policy is very clear and we will not be able to make an exception.

Therefore if you wish to find a permanent solution you would once again need to get in touch with your Internet Service Provider. I understand from your case that they're not willing to change your IP address, however if their representative gets in touch with our support directly we can pass the details on to see if our security team will be able to advise them further. At this point this would be the only way we're able to proceed with the issue.

If you need anything else just let me know. 
 
Thank you,

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Hans (administrator) on HANS-PC (05-04-2017 10:08:05)
Running from C:\Users\Hans\Desktop\FRST64
Loaded Profiles: Hans (Available Profiles: Hans)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Heimdal Security) C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe
(Heimdal Security) C:\Program Files (x86)\Heimdal\Heimdal.UptimeChecker.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google, Inc) C:\Users\Hans\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Heimdal Security) C:\Program Files (x86)\Heimdal\Heimdal.Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Facebook) C:\Users\Hans\AppData\Local\Facebook\Games\FacebookGameroom.exe
(The CefSharp Authors) C:\Users\Hans\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HeimdalAgentLoader] => C:\Program Files (x86)\Heimdal\Heimdal.AgentLoader.exe [57344 2016-08-05] (Heimdal Security)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [Google Photos Backup] => C:\Users\Hans\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [dpinst] => C:\Users\Hans\AppData\Roaming\DIFX\dpinst.exe [7293280 2013-02-19] (TeamViewer GmbH)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1893123435-502546059-115590479-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
ShellExecuteHooks: No Name - {E5BC1154-D1C8-11E6-9646-64006A5CFC23} - -> No File
ShellExecuteHooks: No Name - {8395822C-D1C8-11E6-9072-64006A5CFC23} - -> No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2017-04-04]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Hans\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.150.129.22 89.150.129.10
Tcpip\..\Interfaces\{8B885CCD-DB89-4A73-944B-2976A5EE2AEA}: [DhcpNameServer] 89.150.129.22 89.150.129.10

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1893123435-502546059-115590479-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1893123435-502546059-115590479-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1893123435-502546059-115590479-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: lzgygbq3.default
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\lzgygbq3.default [2017-04-05]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\lzgygbq3.default -> hxxps://search.avira.net/#/?show_is=1&source=art
FF Extension: (Avira Browser Safety) - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\lzgygbq3.default\Extensions\abs@avira.com.xpi [2017-03-21]
FF Extension: (Site Deployment Checker) - C:\Program Files\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-01-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1893123435-502546059-115590479-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1893123435-502546059-115590479-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1893123435-502546059-115590479-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData2
CHR HomePage: ChromeDefaultData2 -> hxxp://www.youtube.com/
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://google.com/","hxxp://www.google.com","hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDtC0BtAzz0EtD0CyDtN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBtCtB0CtByB0FtG0AyByE0EtGtC0FyB0AtGtDtDtC0BtGtD0FyEtAtDyC0C0DtDyEzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0EyCtC0CtBtDtG0BtBtD0EtG0Azy0C0DtGtDyByE0DtGyCtC0ByE0Azz0D0Ezy0DtBtA2Q&cr=880233221&ir=","hxxp://www.youndoo.com/?z=372903f34a0555fa2fee277g3zcb0zaebe3g7ectfm&from=amz&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E566851668516&type=hp"
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-05] <==== ATTENTION
CHR Extension: (Google Præsentation) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-23]
CHR Extension: (Google Dokumenter) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-23]
CHR Extension: (Google Drev) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-23]
CHR Extension: (Adguard AdBlocker) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-04-04]
CHR Extension: (YouTube) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-23]
CHR Extension: (Honey) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-03-26]
CHR Extension: (Note Anywhere) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh [2016-09-06]
CHR Extension: (FlyOrDie Reversi) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ciikcpoceholhdpfboiogdndpibcjjdh [2016-01-23]
CHR Extension: (Google-søgning) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-23]
CHR Extension: (Dropbox til Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-03-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Ark) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-23]
CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-04]
CHR Extension: (Sticky Notes) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\hpgihpombekglbnddmdamimnepihcbfh [2016-09-06]
CHR Extension: (Google+1 knap) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2016-01-23]
CHR Extension: (FlyOrDie Backgammon) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\jjajfipfoldnngmddjicblncidmijama [2016-01-23]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-04-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-27]
CHR Extension: (Google E-mail-tæller) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-01-23]
CHR Extension: (Ghostery) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-02-13]
CHR Extension: (Video Speed Controller) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2017-03-16]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-03-24]
CHR Extension: (Gmail) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-23]
CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-21] (Avira Operations GmbH & Co. KG)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 Heimdal Client Host; C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [87040 2017-03-03] (Heimdal Security) [File not signed]
S2 Heimdal SecureDNS; C:\Program Files (x86)\Heimdal\Heimdal.SecureDNS.exe [60416 2017-03-03] (Heimdal Security) [File not signed]
R2 Heimdal Uptime Checker; C:\Program Files (x86)\Heimdal\Heimdal.UptimeChecker.exe [71168 2017-03-03] (Heimdal Security) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-06-09] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2016-05-12] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-21] (Overwolf LTD)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-01-23] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows ® Win 7 DDK provider)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-01-10] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\System32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 mt7612US; C:\Windows\System32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 10:07 - 2017-04-05 10:08 - 00000000 ____D C:\Users\Hans\Desktop\FRST64
2017-04-05 10:04 - 2017-04-05 10:08 - 00000000 ____D C:\FRST
2017-04-05 10:01 - 2017-04-05 10:01 - 00011854 _____ C:\Users\Hans\Documents\hijackthis050417
2017-04-04 21:52 - 2017-04-04 21:52 - 00001160 _____ C:\Users\Hans\Desktop\Facebook Gameroom (2).lnk
2017-04-04 19:50 - 2017-04-04 19:50 - 00001160 _____ C:\Users\Hans\Desktop\Facebook Gameroom.lnk
2017-04-04 19:50 - 2017-04-04 19:50 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-04-04 19:50 - 2017-04-04 19:50 - 00000000 ____D C:\Users\Hans\AppData\Local\Facebook
2017-04-04 19:04 - 2017-04-04 19:04 - 00004405 _____ C:\Windows\wininit.ini
2017-04-04 16:56 - 2017-04-04 16:56 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-04 16:56 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-04-04 16:55 - 2017-04-04 16:55 - 00000000 ____D C:\EEK
2017-04-04 15:46 - 2017-04-05 09:36 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dc2039f4-a6d0-4c38-831c-010979f882ff.job
2017-04-04 15:46 - 2017-04-05 02:00 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e42f0bfd-0e77-46d9-a52a-8d50ded7fc6f.job
2017-04-04 15:46 - 2017-04-04 15:46 - 00003582 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task e42f0bfd-0e77-46d9-a52a-8d50ded7fc6f
2017-04-04 15:46 - 2017-04-04 15:46 - 00003508 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task dc2039f4-a6d0-4c38-831c-010979f882ff
2017-04-04 15:46 - 2017-04-04 15:46 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-04-04 15:46 - 2017-04-04 15:46 - 00000000 ____D C:\Users\Hans\AppData\Roaming\SUPERAntiSpyware.com
2017-04-04 15:46 - 2017-04-04 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-04 15:46 - 2017-04-04 15:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-04 15:34 - 2017-04-05 09:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-04 15:34 - 2017-04-04 15:34 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-04-04 15:34 - 2017-04-04 15:34 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-04-04 15:34 - 2017-04-04 15:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-04 15:34 - 2017-04-04 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-04-04 15:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-04-04 15:33 - 2017-04-04 16:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-04 13:32 - 2017-04-04 13:32 - 00037565 _____ C:\ComboFix.txt
2017-04-04 13:18 - 2017-04-04 13:18 - 00000000 ____D C:\Users\Hans\AppData\Roaming\TeamViewer
2017-04-04 13:06 - 2017-04-04 13:16 - 00000000 ____D C:\KVRT_Data
2017-03-26 10:00 - 2017-03-26 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-16 20:59 - 2017-03-16 20:59 - 00001132 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-03-16 10:58 - 2017-03-16 10:58 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2017-03-15 08:52 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 08:52 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 08:52 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 08:52 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 08:52 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 08:52 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 08:52 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 08:52 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 08:52 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 08:52 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 08:52 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 08:52 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 08:52 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 08:52 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 08:52 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 08:52 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 08:52 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 08:52 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 08:52 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 08:52 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 08:52 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 08:52 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 08:52 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 08:52 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 08:52 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 08:52 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 08:52 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 08:52 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 08:52 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 08:52 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 08:52 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 08:52 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 08:52 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 08:52 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 08:52 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 08:52 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 08:52 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 08:52 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 08:52 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 08:52 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 08:52 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 08:52 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 08:52 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 08:52 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 08:52 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 08:52 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 08:52 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 08:52 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 08:52 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 08:52 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 08:52 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 08:52 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 08:52 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 08:52 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 08:52 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 08:52 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 08:52 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 08:52 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 08:52 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 08:52 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 08:52 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 08:52 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 08:52 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 08:52 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 08:52 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 08:52 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 08:52 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 08:52 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 08:52 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 08:52 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 08:52 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 08:52 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 08:52 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 08:52 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 08:52 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 08:52 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 08:52 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 08:51 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 08:51 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 08:51 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 08:51 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 08:51 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 08:51 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 08:51 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 08:51 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 08:51 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 08:51 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 08:51 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 08:51 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 08:51 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 08:51 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 08:51 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 08:51 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 08:51 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 08:51 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 08:51 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 08:51 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 08:51 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 08:51 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 08:51 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 08:51 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 08:51 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 08:51 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 08:51 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 08:51 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 08:51 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 08:51 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 08:51 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 08:51 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 08:51 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 08:51 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 08:51 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 08:51 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 08:51 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 08:51 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 08:51 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 08:51 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 08:51 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 08:51 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 08:51 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 08:49 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 08:49 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 08:49 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 08:49 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-05 09:46 - 2016-02-06 14:24 - 00000984 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-04 19:04 - 2016-01-23 18:44 - 00000000 ____D C:\Users\Hans\AppData\Local\SlimWare Utilities Inc
2017-04-04 13:44 - 2009-07-14 06:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-04 13:44 - 2009-07-14 06:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-04 13:42 - 2016-01-25 02:07 - 00510176 _____ C:\Windows\system32\perfh006.dat
2017-04-04 13:42 - 2016-01-25 02:07 - 00098978 _____ C:\Windows\system32\perfc006.dat
2017-04-04 13:42 - 2009-07-14 07:13 - 01382258 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-04 13:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-04 13:36 - 2016-02-06 14:30 - 00000000 ___RD C:\Users\Hans\Dropbox
2017-04-04 13:35 - 2016-12-02 21:44 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-04 13:35 - 2016-08-09 14:40 - 00000000 ____D C:\Users\Public\Documents\Heimdal Security
2017-04-04 13:35 - 2016-02-06 14:24 - 00000980 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-04 13:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 13:33 - 2017-01-10 00:55 - 00000000 ____D C:\Qoobox
2017-04-04 13:31 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-04-04 13:22 - 2017-02-23 12:41 - 00000000 ____D C:\Users\Hans\Desktop\backups
2017-04-04 13:18 - 2017-01-10 00:31 - 00000000 ___HD C:\Users\Hans\AppData\Roaming\DIFX
2017-04-03 17:06 - 2016-02-12 11:49 - 00000000 ____D C:\Users\Hans\AppData\Local\razer
2017-04-03 17:06 - 2016-02-12 11:47 - 00000000 ____D C:\ProgramData\Razer
2017-04-03 17:06 - 2016-02-12 11:47 - 00000000 ____D C:\Program Files (x86)\Razer
2017-04-03 17:05 - 2016-01-27 01:53 - 00000000 ____D C:\Users\Hans\AppData\Local\Unity
2017-04-02 21:41 - 2016-01-23 20:43 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype
2017-04-02 16:35 - 2016-01-23 20:05 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-02 12:57 - 2016-03-18 23:38 - 00000000 ____D C:\Users\Hans\BrawlhallaReplays
2017-03-30 18:24 - 2017-01-03 13:49 - 00000000 ____D C:\Users\Public\Facebook Games
2017-03-30 10:14 - 2016-01-23 18:21 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-30 10:14 - 2016-01-23 18:21 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-30 10:13 - 2016-01-25 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-29 11:17 - 2017-02-13 11:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-29 11:17 - 2016-08-25 10:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-29 11:17 - 2016-01-25 12:30 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-26 10:00 - 2016-02-06 14:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-26 09:58 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-03-24 08:04 - 2016-04-19 00:19 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-23 10:56 - 2016-01-27 14:19 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-03-23 10:56 - 2016-01-27 14:19 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-03-23 10:56 - 2016-01-27 14:19 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-03-23 10:56 - 2016-01-27 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-23 10:55 - 2017-03-04 20:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-23 10:55 - 2016-01-23 20:43 - 00000000 ____D C:\ProgramData\Skype
2017-03-21 21:27 - 2016-02-06 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-21 13:53 - 2016-11-20 17:28 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla
2017-03-19 15:24 - 2016-03-06 22:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-16 20:59 - 2016-01-23 18:33 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-16 10:58 - 2016-02-12 11:48 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-15 08:57 - 2017-01-17 21:26 - 00409560 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 08:57 - 2016-08-08 11:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 08:57 - 2016-08-08 11:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 08:56 - 2016-01-25 17:18 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 08:56 - 2016-01-25 00:48 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 08:56 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 08:54 - 2016-01-25 00:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 08:53 - 2016-08-08 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-15 08:49 - 2017-02-14 21:57 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-15 08:49 - 2016-02-12 11:48 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 08:49 - 2016-02-12 11:48 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 08:49 - 2016-02-12 11:48 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 08:49 - 2016-02-12 11:48 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 08:46 - 2016-02-06 12:22 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-13 14:54 - 2016-05-02 08:56 - 00000000 ____D C:\Users\Hans\Documents\ezvid
2017-03-10 15:52 - 2016-12-02 21:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-10 15:51 - 2017-01-25 15:36 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-10 15:51 - 2016-12-02 21:46 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-03-10 15:51 - 2016-12-02 21:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-10 15:51 - 2016-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-09 16:31 - 2016-01-25 13:39 - 00000000 ____D C:\Program Files (x86)\Heimdal
2017-03-07 20:18 - 2016-02-06 14:24 - 00000000 ____D C:\Users\Hans\AppData\Local\Dropbox
2017-03-07 09:12 - 2016-02-19 02:04 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2016-05-02 08:56 - 2016-09-04 22:23 - 0012800 _____ () C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-04 12:02 - 2017-02-04 12:02 - 0000839 _____ () C:\Users\Hans\AppData\Local\recently-used.xbel
2016-01-23 18:50 - 2016-01-23 18:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-04 23:02

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Hans (05-04-2017 10:08:16)
Running from C:\Users\Hans\Desktop\FRST64
Windows 7 Ultimate Service Pack 1 (X64) (2016-01-23 16:04:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1893123435-502546059-115590479-500 - Administrator - Disabled)
Guest (S-1-5-21-1893123435-502546059-115590479-501 - Limited - Disabled)
Hans (S-1-5-21-1893123435-502546059-115590479-1000 - Administrator - Enabled) => C:\Users\Hans
HomeGroupUser$ (S-1-5-21-1893123435-502546059-115590479-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\{A028A66B-0FC8-4C97-8A8C-2E6CE3548B55}) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\{08A17A35-5362-453D-B788-AB76F5899684}) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\{190EDFFE-3B55-48A8-9827-AE4B7D3D9C3C}) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.260 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.260 - NC Interactive, LLC) Hidden
BLOCKADE 3D (HKLM\...\Steam App 302830) (Version: - Shumkov Dmitriy)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Brother MFL-Pro Suite DCP-540CN (HKLM-x32\...\{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Danske Spil Poker (HKLM-x32\...\DanskeSpilPoker) (Version: - DanskeSpil)
DARK SOULS III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.)
Dragon's Dogma: Dark Arisen (HKLM\...\Steam App 367500) (Version: - Capcom)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EVE Online (HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\{679fdf7f-6efd-4237-afc9-2c2fdd6b04ae}) (Version: 1.0.0 - CCP)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Facebook Gameroom 1.3.1.3 (HKLM-x32\...\{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}) (Version: 1.3.1.3 - Facebook)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Fortix (HKLM\...\Steam App 45400) (Version: - Nemesys Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\{ABB67988-B698-39BE-99E3-E41B2027AC1F}) (Version: 57.0.2987.133 - Google, Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Heimdal Agent (HKLM-x32\...\{1F60856A-A7B0-47A0-9CA9-DFFDD2A79E0F}) (Version: 2.2.151 - Heimdal Security)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4414 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Kingdoms of Amalur: Reckoning™ (HKLM\...\Steam App 102500) (Version: - Big Huge Games)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.5.3 - PandoraTV)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Microsoft .NET Framework 4.6.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 52.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 52.0.2 (x64 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
No More Room in Hell (HKLM\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.44.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.34 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.34.102 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
TERA (HKU\S-1-5-21-1893123435-502546059-115590479-1000\...\teraenmasse) (Version: - )
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM\...\Steam App 242760) (Version: - Endnight Games Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VEGA Conflict (HKLM-x32\...\Steam App 339600) (Version: - KIXEYE)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1893123435-502546059-115590479-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1893123435-502546059-115590479-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1893123435-502546059-115590479-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1893123435-502546059-115590479-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {025CAF44-F358-4B91-A359-A970F5470D4D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {03894DD9-EEBB-42F5-8D1E-48F3737628F6} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {04F070AB-26E9-46F1-8C6F-98AE99EF3AA0} - System32\Tasks\SUPERAntiSpyware Scheduled Task dc2039f4-a6d0-4c38-831c-010979f882ff => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {217579ED-46BA-4C82-8DCB-04AD0884DEA1} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {2506FDBF-1EF1-4490-93A3-22E44ABE28BF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {26F96F4F-8FD2-4B63-B6D4-FC2276FC7A68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1893123435-502546059-115590479-1000Core => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
Task: {31668576-3EDB-4E53-9E40-1C7DF8CF3808} - \{0E0D0C47-0D09-0E79-0E11-0F0C7878110A} -> No File <==== ATTENTION
Task: {348E79BD-FD4E-4A10-AB61-972C38B358E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1893123435-502546059-115590479-1000UA => C:\Users\Hans\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-22] (Google Inc.)
Task: {3B0E06D2-ACC1-42E9-8A14-9E7E6C76D2DE} - System32\Tasks\{0338D1DE-F895-4393-BA0D-8C972EF9E2EC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.109/da/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {3E4DE88D-DE4A-4F8A-B152-5AE13CA67FE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {3E90DCCE-513A-49D8-9905-714BAB612AD4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {46419531-A442-46AB-8B55-2B974B6401F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {4DBCBEEA-E4C4-4478-9E5F-50A04443D04E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()
Task: {6672FC43-F496-40C9-A299-73B3229A15AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {7330CBD2-A56C-4F0B-A5C9-333E5D4C0F2D} - System32\Tasks\Driver Booster SkipUAC (Hans) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {7F3B4874-3548-44D5-BDB0-472E1F476678} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {82A94825-78F0-45DB-BAF2-C36BDABA7A0C} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {8AE31D50-6D52-4915-8978-EFDC524CF429} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Hans\AppData\Roaming\Adobe\Manager.exe
Task: {8BE7D553-27CF-470E-8B2F-07BF68F79DB1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {9D8021BF-2F43-4531-9275-6D867FD16428} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {A09718FA-94D5-402E-8208-8AE89925C742} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {B38209DD-2B0A-4D4F-AA14-ECC826D47617} - System32\Tasks\SUPERAntiSpyware Scheduled Task e42f0bfd-0e77-46d9-a52a-8d50ded7fc6f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B43E3448-A81B-4E96-99B4-D1FF7C6C8F47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.)
Task: {B746994F-B18C-4817-A7DD-5F39FA1A9430} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {BB17562C-F678-456D-A804-63F84A1EC7E9} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-05-01] (WinZip Computing, S.L.)
Task: {C09D0A54-80DB-4175-A4FB-A26E20789B82} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {D5776937-3FDD-43C3-A8CD-4DA868AFF287} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {D659133C-FF2A-42C8-B144-219D141906AE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {D6AAC6FB-8C25-4ABD-AB6D-23B05DC1B2D8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {DED6A325-7F60-47F1-82D3-82634B629CE1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {E6E2865F-ECDB-4839-863B-6E9138B5CBDD} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-21] (Overwolf LTD)
Task: {E9F47040-8A69-4DAA-A45E-8107078804A3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {FA343653-B475-42AB-A558-7FD51D98AEAC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dc2039f4-a6d0-4c38-831c-010979f882ff.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e42f0bfd-0e77-46d9-a52a-8d50ded7fc6f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Hans\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7eacadfa43776aec\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData2

==================== Loaded Modules (Whitelisted) ==============

2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-01-06 21:43 - 2016-01-06 21:43 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-12-02 21:46 - 2017-02-23 20:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-02 21:46 - 2017-02-23 20:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-01-26 11:14 - 2005-04-22 14:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-02 21:44 - 2016-12-29 14:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-09 00:26 - 2016-06-08 18:07 - 00458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-08-09 00:26 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-08-09 00:26 - 2016-06-08 18:17 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-08-09 00:26 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-08-09 00:26 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-08-09 00:26 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-08-09 00:26 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-08-09 00:26 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-08-09 00:26 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-08-09 00:26 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-08-09 00:26 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-08-09 00:26 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-04-09 00:35 - 2016-04-09 00:35 - 03481600 _____ () C:\Users\Hans\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2017-03-26 10:00 - 2017-03-21 20:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-02-06 14:26 - 2017-02-28 22:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-06 14:26 - 2017-02-28 22:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-06 14:26 - 2017-02-28 22:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-06 14:26 - 2017-03-21 20:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-06 14:26 - 2017-02-28 22:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-06 14:26 - 2017-02-28 22:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-26 10:00 - 2017-02-28 22:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-26 10:00 - 2017-02-28 22:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-26 10:00 - 2017-02-28 22:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-06 14:26 - 2017-02-28 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 23:47 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-26 10:00 - 2017-02-28 22:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-26 10:00 - 2017-02-28 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-06 14:26 - 2017-03-21 20:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 23:47 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 23:47 - 2017-02-28 22:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-06 14:26 - 2017-03-21 20:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-06 14:26 - 2017-02-28 22:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-02-28 11:16 - 2017-03-21 20:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 23:23 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 23:23 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 23:23 - 2017-03-21 20:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 23:23 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-20 22:34 - 2017-03-21 20:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-26 10:00 - 2017-03-21 20:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-26 10:00 - 2017-02-28 22:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-26 10:00 - 2017-03-21 20:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-08 20:51 - 2017-03-21 20:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-26 10:00 - 2017-02-28 22:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-26 10:00 - 2017-02-28 22:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-26 10:00 - 2017-03-21 20:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-06 14:26 - 2017-02-28 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-06 23:47 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-26 10:00 - 2017-03-21 20:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-01-26 11:14 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-04-04 13:35 - 2017-04-04 13:35 - 00098816 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32api.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00110080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\pywintypes27.dll
2017-04-04 13:35 - 2017-04-04 13:35 - 00364544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\pythoncom27.dll
2017-04-04 13:35 - 2017-04-04 13:35 - 00320512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32com.shell.shell.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00914432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_hashlib.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 01176576 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._core_.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00806400 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._gdi_.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00816128 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._windows_.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 01067008 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._controls_.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00733184 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._misc_.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00682496 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\pysqlite2._sqlite.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_ctypes.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00686080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\unicodedata.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00119808 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32file.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00108544 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32security.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00007168 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\hashobjs_ext.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00017920 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\thumbnails_ext.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00088064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\usb_ext.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00012800 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\common.time34.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00018432 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32event.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00167936 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32gui.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00046080 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_socket.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 01303552 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_ssl.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00128512 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_elementtree.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00127488 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\pyexpat.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00038912 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32inet.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00036864 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_psutil_windows.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00524248 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\windows._lib_cacheinvalidation.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00011264 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32crypt.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00123392 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._wizard.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00077312 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._html2.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00027648 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_multiprocessing.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00020480 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\_yappi.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00035840 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32process.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00078848 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\wx._animate.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00024064 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32pipe.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00010240 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\select.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00025600 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32pdh.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00017408 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32profile.pyd
2017-04-04 13:35 - 2017-04-04 13:35 - 00022528 ____R () C:\Users\Hans\AppData\Local\Temp\_MEI24962\win32ts.pyd
2016-12-02 21:46 - 2017-02-23 20:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-02 21:46 - 2017-02-23 20:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-02 21:46 - 2017-02-23 20:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-12-02 21:46 - 2017-02-23 20:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-12-02 21:46 - 2017-02-23 16:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-12-02 21:46 - 2017-02-23 16:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-12-02 21:46 - 2017-02-23 16:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-12-02 21:46 - 2017-02-23 16:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-12-02 21:46 - 2017-02-23 16:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-12-02 21:46 - 2017-02-23 16:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-04-04 15:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-04-04 15:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-04-04 15:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-04-04 15:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-04-04 15:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-02-15 17:58 - 2017-02-15 17:58 - 01162752 _____ () C:\Users\Hans\AppData\Local\Facebook\Games\CefSharp.Core.dll
2017-02-15 17:58 - 2017-02-15 17:58 - 67197440 _____ () C:\Users\Hans\AppData\Local\Facebook\Games\libcef.dll
2017-02-15 17:58 - 2017-02-15 17:58 - 00752640 _____ () C:\Users\Hans\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2017-02-15 17:58 - 2017-02-15 17:58 - 01886208 _____ () C:\Users\Hans\AppData\Local\Facebook\Games\libglesv2.dll
2017-02-15 17:58 - 2017-02-15 17:58 - 00078848 _____ () C:\Users\Hans\AppData\Local\Facebook\Games\libegl.dll
2017-03-30 10:14 - 2017-03-29 04:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-03-30 10:14 - 2017-03-29 04:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-04-04 13:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1893123435-502546059-115590479-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 89.150.129.22 - 89.150.129.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SlimService => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: vToolbarUpdater40.2.5 => 2
MSCONFIG\startupfolder: C:^Users^Hans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Google Update => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Comms\RazerComms.exe "--cache-path=C:\Users\Hans\AppData\Local\Temp\razercomms"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SlimCleaner Plus => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize /boot
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{89782B82-445B-4CEF-A4EB-B09E1B539974}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{51DDE6A6-E042-4D5D-8EC9-E6F4C9523725}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B5CA96CC-8AA7-4B74-86F6-B67F5DBD069C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D3E4877D-5297-4323-B3C3-9466C060AB55}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{C3452C02-B562-43CC-B0CE-D2B72F7F9594}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA29F764-7112-41F5-884A-8B83311DA775}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6986A25E-1236-428B-81FB-547BABF45B05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [{1D62C32A-5EBF-46AA-BE95-8B1C9D211AA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [{EBA1F1B5-9D43-4953-B494-AAC4A3A624D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{319C5B9F-FF52-4AB6-BE6A-3174313A0E38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABA0B588-A4C5-4A57-AD81-F797DBFE5E98}] => (Allow) LPort=54925
FirewallRules: [{7AAB7D61-3998-48E7-8A34-BA3C38B9F61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DB47D701-91C4-4661-81F0-D08CCFB88085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{C8E25A32-B23B-43B6-B9C3-554F38ADD42D}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{DCF21BEC-5099-40B2-9072-18B6A1B361F9}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{54C878A6-36A3-44A9-B577-E5692A829114}] => (Allow) D:\steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{7712F4A9-0B92-4339-A5CC-03E9C792D1C4}] => (Allow) D:\steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{9BD8259B-D574-4E0F-A54E-27ECB1C76976}] => (Allow) D:\steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{1778BFA9-724D-4BE0-92E1-073B8D59143B}] => (Allow) D:\steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{FC3AA368-CEF1-4547-BC18-095F489FD0D8}] => (Allow) D:\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{464F7D35-AD36-45D3-98A9-41A17E4B6CCC}] => (Allow) D:\steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DFA8436C-5CC5-4091-BB13-73BA088735BA}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{2832EC67-F74A-4914-B69F-3FF6CF45DBBB}] => (Allow) D:\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{16FF09C3-38F0-487B-B7D0-3CE1961BD2ED}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{E31BC948-6C3D-416F-99AC-A14B66FB4E51}] => (Allow) D:\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{AAFF7067-79FF-4AB5-8D2C-29FCB5667344}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{69FC4BE2-3031-4E60-B4A2-E2439A471DD1}] => (Allow) D:\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{2DC331EA-CED2-4FD0-9145-C49EB3E054A8}] => (Allow) D:\steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{547F8A7F-61E8-4E70-84F7-9EFFE088F752}] => (Allow) D:\steam\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{AC496101-3F9F-4E6F-A6F1-D218AC3128E0}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{14F64339-FD03-413D-BA30-6F10B80C41C9}D:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Block) D:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{40F31E7C-EAB9-4D29-9B27-0F6DBF44A8F8}] => (Allow) D:\steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{51A8CFE9-6D9B-4974-84ED-EDA831E9DBF2}] => (Allow) D:\steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{A7AFB2F7-476F-4174-88B7-6BBEF42FF6B8}] => (Allow) D:\steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{6C69E01B-DEC6-44D4-AC7E-D982B4AE4CE3}] => (Allow) D:\steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BB2817B4-30A3-420D-B53D-63FC9ED47AF0}] => (Allow) D:\steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{157716E4-2260-4D0E-B1A6-9673054E26FB}] => (Allow) D:\steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{C28227AD-4969-42A6-8A61-EE5165A508D7}] => (Allow) D:\steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{D2C13F17-67C8-4F7E-A24D-DBB72B43222B}] => (Allow) D:\steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{9C08D3F1-F801-4157-A595-2070D4AAEF83}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{46A0397C-4A34-4B42-A9F7-223355FEDC76}] => (Allow) D:\steam\steamapps\common\Blockade3d\main.exe
FirewallRules: [{F3750B15-F99A-41C9-88C0-3B44C8E7D074}] => (Allow) D:\steam\steamapps\common\Blockade3d\main.exe
FirewallRules: [{79E31EE3-4DB2-4871-A695-EFDC56ADFD28}] => (Allow) D:\steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{7B3DC192-9984-4C8D-972E-AA961D829E0B}] => (Allow) D:\steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{0F45E497-D751-4932-8919-2B58ECB0053B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{73DAB820-4D94-4E41-9B6C-D9655523C215}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{7793EB21-8105-49DD-9CE7-C7064AEDCBF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A1B024C8-FBEF-478C-ADD3-B8C74074D90F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{32C6063F-55E1-4B90-95A8-B6FBE7197CCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{8810BDF4-70A2-43E1-832D-4DFDB825D561}D:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) D:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{641418B1-CCC2-4842-B700-C9E65873319C}D:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) D:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{0124DD59-A062-4572-9857-0EEE7A57BB0B}D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Block) D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EFF04050-C466-4833-B9AC-6B3AFA475BC7}D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Block) D:\battle.net\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{B4DC9C2F-C695-41C6-8FDF-4532CDB398A4}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{0490FB86-BE39-4E71-8B7E-D9892946E9B2}] => (Allow) D:\steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F2518454-B3A0-4EAC-BD23-85D82378F5AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A6CE480-937D-4244-9ACC-4A7A14D10DCE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{82DD2F27-1126-4394-9311-31228FCE9E9E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fortix\Fortix.exe
FirewallRules: [{C3CF9E8C-E29A-48FB-B743-A559A30C556C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fortix\Fortix.exe
FirewallRules: [TCP Query User{4DD685E8-06BC-4057-BEF7-0897C9EF8D74}D:\battle.net\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D3D2FD2D-F2D8-46D5-8442-2B986A2A2397}D:\battle.net\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{39898C6B-A93A-4F93-9227-284F884F3F05}] => (Allow) D:\steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{9E6F5E0C-41AD-43B9-944C-604A816E4930}] => (Allow) D:\steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{6563531F-6315-477C-A345-C9FAD51BA9B6}] => (Allow) D:\steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{2CD1C94A-982F-42D0-AB63-DFAA02B3050A}] => (Allow) D:\steam\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{5CE0EF9C-2A5F-4C25-B5D8-2C1FCC12E20E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{38D9AAB3-7FD1-42CE-BD65-AFD7BE6DD583}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4337F6A4-DA92-402E-BA04-F6AB7D658109}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{DD942639-7BBE-4559-AE3B-5C8C095A68AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{301C51D0-14BF-4947-9638-730B1FC5C40F}] => (Allow) D:\steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{AFCE329B-9F2C-4FF3-9364-143DD72B073B}] => (Allow) D:\steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

03-04-2017 10:08:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2017 01:35:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/04/2017 01:31:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/04/2017 01:18:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/04/2017 01:16:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Heimdal.ClientHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Net.NetworkInformation.NetworkInformationException
at System.Net.NetworkInformation.SystemNetworkInterface.GetNetworkInterfaces()
at System.Net.NetworkInformation.NetworkInterface.GetAllNetworkInterfaces()
at Heimdal.Helpers.NetworkingInfoRepository.GetNetworkInterface(Heimdal.Domain.Helpers.Model.NetworkInterfaceID, Boolean, Boolean)
at Heimdal.Helpers.NetworkingInfoRepository.GetActivePhysicalNetworkInterfaces(Boolean, Boolean)
at Heimdal.SecureDNS.DNSRepository.InitSecureDNS()
at Heimdal.SecureDNS.Managers.SecureDnsManager.SetSecureDnsAddress()
at Heimdal.SecureDNS.Managers.SecureDnsManager.‫‎‫‬‫‫‫‌‍‍‮‬​‪‌‏‫‭‍‬‎‎‮‫‮(System.Object)
at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireQueuedTimerCompletion(System.Object)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/04/2017 10:12:04 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (04/04/2017 12:29:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/03/2017 10:09:19 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (04/03/2017 10:04:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/02/2017 02:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/02/2017 12:02:15 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (04/04/2017 01:36:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver

Error: (04/04/2017 01:31:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver

Error: (04/04/2017 01:30:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/04/2017 01:30:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/04/2017 01:30:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/04/2017 01:29:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (04/04/2017 01:21:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/04/2017 01:21:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (04/04/2017 01:18:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ESProtectionDriver

Error: (04/04/2017 01:17:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
Access is denied.


CodeIntegrity:
===================================
Date: 2017-04-04 13:30:21.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-04 13:30:21.778
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-04 13:30:21.731
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-04 13:30:21.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-24 10:42:58.518
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-24 10:42:58.487
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-24 10:42:58.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-24 10:42:58.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-09 23:58:58.498
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-09 23:58:58.451
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 31%
Total physical RAM: 8131.36 MB
Available physical RAM: 5541.69 MB
Total Virtual: 16260.91 MB
Available Virtual: 11518.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:19.16 GB) NTFS
Drive d: () (Fixed) (Total:465.66 GB) (Free:256.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C73AC54C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00237FEF)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 April 2017 - 08:13 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 09 April 2017 - 08:12 AM

Greetings Hans and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Hanseman

Hanseman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 10 April 2017 - 02:51 AM

Excellent  - thnx Gary

 

FYI 

 

no further scans or installations has been made since I posted this.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 10 April 2017 - 12:21 PM

Greetings Hans.

I apologize for the delayed reply. I thought I had posted yesterday but I guess not.

Did you create a shortcut link to launch Chrome instead of Internet Explorer?

Please consider and do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {E5BC1154-D1C8-11E6-9646-64006A5CFC23} - -> No File
ShellExecuteHooks: No Name - {8395822C-D1C8-11E6-9072-64006A5CFC23} - -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://google.com/","hxxp://www.google.com","hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDtC0BtAzz0EtD0CyDtN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBtCtB0CtByB0FtG0AyByE0EtGtC0FyB0AtGtDtDtC0BtGtD0FyEtAtDyC0C0DtDyEzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0EyCtC0CtBtDtG0BtBtD0EtG0Azy0C0DtGtDyByE0DtGyCtC0ByE0Azz0D0Ezy0DtBtA2Q&cr=880233221&ir=","hxxp://www.youndoo.com/?z=372903f34a0555fa2fee277g3zcb0zaebe3g7ectfm&from=amz&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E566851668516&type=hp"
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-05] <==== ATTENTION
2017-04-04 19:04 - 2017-04-04 19:04 - 00004405 _____ C:\Windows\wininit.ini
Task: {31668576-3EDB-4E53-9E40-1C7DF8CF3808} - \{0E0D0C47-0D09-0E79-0E11-0F0C7878110A} -> No File <==== ATTENTION
CMD: type "C:\ComboFix.txt"
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 13 April 2017 - 07:14 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Hanseman

Hanseman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 13 April 2017 - 06:23 PM

Hey Gary - sorry for my late reply - Easter Holidays and all you know :)

 

Happy Easter btw

 

there is what I got after doing as you instructed:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Hans (14-04-2017 01:09:35) Run:1
Running from C:\Users\Hans\Desktop\FRST64
Loaded Profiles: Hans (Available Profiles: Hans)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {E5BC1154-D1C8-11E6-9646-64006A5CFC23} - -> No File
ShellExecuteHooks: No Name - {8395822C-D1C8-11E6-9072-64006A5CFC23} - -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lzgygbq3.default -> youndoo
CHR StartupUrls: ChromeDefaultData2 -> "hxxp://google.com/","hxxp://www.google.com","hxxp://speedial.com/?f=1&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDtC0BtAzz0EtD0CyDtN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyBtCtB0CtByB0FtG0AyByE0EtGtC0FyB0AtGtDtDtC0BtGtD0FyEtAtDyC0C0DtDyEzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtC0EyCtC0CtBtDtG0BtBtD0EtG0Azy0C0DtGtDyByE0DtGyCtC0ByE0Azz0D0Ezy0DtBtA2Q&cr=880233221&ir=","hxxp://www.youndoo.com/?z=372903f34a0555fa2fee277g3zcb0zaebe3g7ectfm&from=amz&uid=WDCXWD5000AAKX-00ERMA0_WD-WMC2E566851668516&type=hp"
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-04-05] <==== ATTENTION
2017-04-04 19:04 - 2017-04-04 19:04 - 00004405 _____ C:\Windows\wininit.ini
Task: {31668576-3EDB-4E53-9E40-1C7DF8CF3808} - \{0E0D0C47-0D09-0E79-0E11-0F0C7878110A} -> No File <==== ATTENTION
CMD: type "C:\ComboFix.txt"
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E5BC1154-D1C8-11E6-9646-64006A5CFC23} => value removed successfully
HKCR\CLSID\{E5BC1154-D1C8-11E6-9646-64006A5CFC23} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{8395822C-D1C8-11E6-9072-64006A5CFC23} => value removed successfully
HKCR\CLSID\{8395822C-D1C8-11E6-9072-64006A5CFC23} => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-1893123435-502546059-115590479-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Hans\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 => moved successfully
C:\Windows\wininit.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31668576-3EDB-4E53-9E40-1C7DF8CF3808} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31668576-3EDB-4E53-9E40-1C7DF8CF3808} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0E0D0C47-0D09-0E79-0E11-0F0C7878110A} => key removed successfully
 
========= type "C:\ComboFix.txt" =========
 
ComboFix 17-03-28.01 - Hans 04-04-2017  13:28:05.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.45.1033.18.8131.5515 [GMT 2:00]
Kører fra: d:\downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hans\AppData\Local\assembly\tmp
c:\users\Hans\AppData\Local\Temp\_MEI54122\_ctypes.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_elementtree.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_hashlib.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_multiprocessing.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_psutil_windows.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_socket.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_ssl.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\_yappi.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\common.time34.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\hashobjs_ext.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\pyexpat.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\pysqlite2._sqlite.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\python27.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\pythoncom27.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\PyWinTypes27.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\select.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\thumbnails_ext.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\unicodedata.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\usb_ext.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32api.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32com.shell.shell.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32crypt.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32event.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32file.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32gui.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32inet.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32pdh.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32pipe.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32process.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32profile.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32security.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\win32ts.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\windows._lib_cacheinvalidation.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._animate.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._controls_.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._core_.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._gdi_.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._html2.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._misc_.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._windows_.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wx._wizard.pyd
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxbase30u_net_vc90.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxbase30u_vc90.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxmsw30u_adv_vc90.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxmsw30u_core_vc90.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxmsw30u_html_vc90.dll
c:\users\Hans\AppData\Local\Temp\_MEI54122\wxmsw30u_webview_vc90.dll
.
.
(((((((((((((((((((((((((((((   Filer skabt fra 2017-03-04 til 2017-04-04  )))))))))))))))))))))))))))))))))))
.
.
2017-04-04 11:30 . 2017-04-04 11:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-04-04 11:30 . 2017-04-04 11:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-04 11:18 . 2017-04-04 11:18 -------- d-----w- c:\users\Hans\AppData\Roaming\TeamViewer
2017-04-04 11:06 . 2017-04-04 11:16 -------- d-----w- C:\KVRT_Data
2017-04-03 08:08 . 2017-03-10 16:55 12774864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7235E4C8-FEBD-47AB-9CC9-DB5946CDE1C2}\mpengine.dll
2017-03-29 09:17 . 2017-03-23 19:28 872440 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2017-03-29 09:17 . 2017-03-23 19:28 90568 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-03-29 09:17 . 2017-03-23 19:22 872384 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2017-03-29 09:17 . 2017-03-23 19:22 65992 ----a-w- c:\program files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2017-03-23 08:55 . 2017-03-23 08:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2017-03-16 08:58 . 2017-03-16 08:58 -------- d-----w- c:\windows\SysWow64\Adobe
2017-03-15 06:51 . 2017-02-11 15:58 462848 ----a-w- c:\windows\system32\drivers\srv.sys
2017-03-15 06:49 . 2017-02-22 23:42 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-03-15 06:49 . 2017-02-22 23:37 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-03-15 06:49 . 2017-02-18 14:05 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-03-15 06:49 . 2017-02-18 14:05 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-03-10 23:17 . 2017-03-10 23:17 46408 ----a-w- c:\windows\system32\DbxSvc.exe
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2017-03-10 23:17 . 2017-03-10 23:17 45672 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2017-03-08 09:02 . 2017-03-23 19:28 613320 ----a-w- c:\program files\Mozilla Firefox\minidump-analyzer.exe
2017-03-08 09:01 . 2017-03-23 19:21 527816 ----a-w- c:\program files (x86)\Mozilla Firefox\minidump-analyzer.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-15 06:54 . 2016-01-24 22:48 138634176 -c--a-w- c:\windows\system32\MRT.exe
2017-03-15 06:49 . 2016-02-12 09:48 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-03-15 06:49 . 2016-02-12 09:48 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-03-02 16:07 . 2016-10-06 09:30 51248 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-03-02 16:07 . 2016-02-06 19:47 78600 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-03-02 16:07 . 2016-02-06 19:47 35328 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-03-02 16:07 . 2016-02-06 19:47 176968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-03-02 16:07 . 2016-02-06 19:47 148104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-02-23 18:35 . 2016-12-02 19:46 1880512 ----a-w- c:\windows\system32\nvspcap64.dll
2017-02-23 18:35 . 2016-12-02 19:46 1755072 ----a-w- c:\windows\system32\nvspbridge64.dll
2017-02-23 18:35 . 2016-12-02 19:46 1468864 ----a-w- c:\windows\SysWow64\nvspcap.dll
2017-02-23 18:35 . 2016-12-02 19:46 1317312 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2017-02-23 18:35 . 2016-12-02 19:46 120256 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2017-02-23 14:32 . 2016-12-02 19:44 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2017-02-23 14:30 . 2017-01-25 13:36 1951 ----a-w- c:\windows\NvTelemetryContainerRecovery.bat
2017-02-14 17:25 . 2017-02-14 17:25 27136 ----a-w- c:\windows\system32\drivers\tap0901.sys
2017-02-09 16:14 . 2017-03-15 06:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-01-20 18:39 . 2017-02-15 10:26 57792 ----a-w- c:\windows\system32\drivers\nvvhci.sys
2017-01-09 22:31 . 2017-01-09 22:31 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2017-01-06 01:10 . 2017-01-25 13:36 47672 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-01-06 01:10 . 2017-01-25 13:36 158264 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-01-06 01:10 . 2017-01-25 13:36 126008 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-01-04 14:28 . 2017-01-04 14:28 34712112 ----a-w- c:\windows\system32\nvoglv64.dll
2017-01-04 14:28 . 2017-01-04 14:28 28148792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-01-04 14:28 . 2017-01-04 14:28 14081592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-01-04 14:27 . 2017-01-04 14:27 446904 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 398904 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 951224 ----a-w- c:\windows\system32\NvIFR64.dll
2017-01-04 14:27 . 2017-01-04 14:27 903096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-01-04 14:26 . 2017-01-04 14:26 54728 ----a-w- c:\windows\system32\nvhdap64.dll
2017-01-04 14:26 . 2017-01-04 14:26 1604152 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2017-01-04 14:26 . 2017-01-04 14:26 221632 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2017-01-04 14:26 . 2017-01-04 14:26 1044920 ----a-w- c:\windows\system32\NvFBC64.dll
2017-01-04 14:26 . 2017-01-04 14:26 982456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-01-04 14:26 . 2017-01-04 14:26 1964600 ----a-w- c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26 1600056 ----a-w- c:\windows\system32\nvdispgenco6437653.dll
2017-01-04 14:25 . 2017-01-04 14:25 3647416 ----a-w- c:\windows\system32\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 3216440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 40132536 ----a-w- c:\windows\system32\nvcompiler.dll
2017-01-04 14:25 . 2017-01-04 14:25 35231160 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-01-04 14:05 . 2016-12-02 19:42 20130624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-01-04 14:05 . 2016-12-02 19:42 17537912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-01-04 14:05 . 2016-12-02 19:42 504936 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-01-04 14:05 . 2017-01-04 14:05 419704 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-01-04 14:05 . 2017-01-04 14:05 11016832 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 9000152 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-01-04 14:04 . 2017-01-04 14:04 10898544 ----a-w- c:\windows\system32\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 9240240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 163632 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-01-04 14:04 . 2017-01-04 14:04 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-01-04 14:04 . 2017-01-04 14:04 181280 ----a-w- c:\windows\system32\nvinitx.dll
2017-01-04 14:04 . 2017-01-04 14:04 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-01-04 14:04 . 2017-01-04 14:04 698728 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 586968 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 534600 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-01-04 14:04 . 2017-01-04 14:04 448800 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-01-04 14:04 . 2016-12-02 19:42 17598144 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-01-04 14:03 . 2016-12-02 19:42 14545352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-01-04 14:03 . 2017-01-04 14:03 10444784 ----a-w- c:\windows\system32\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 8839216 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-01-04 14:03 . 2016-12-02 19:42 3985104 ----a-w- c:\windows\system32\nvapi64.dll
2017-01-04 14:03 . 2016-12-02 19:42 3518872 ----a-w- c:\windows\SysWow64\nvapi.dll
.
.
(((((((((((((((((((((((((((((((((((   Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 236360 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.15.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2017-03-21 23819304]
"Google Photos Backup"="c:\users\Hans\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2016-04-08 3790936]
"dpinst"="c:\users\Hans\AppData\Roaming\DIFX\dpinst.exe" [2013-02-19 7293280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Dropbox"="c:\program files (x86)\Dropbox\Client\Dropbox.exe" [2017-03-21 28065728]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2017-03-21 909744]
"HeimdalAgentLoader"="c:\program files (x86)\Heimdal\Heimdal.AgentLoader.exe" [2016-08-05 57344]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2017-03-09 63432]
.
c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Gameroom.lnk - c:\users\Hans\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/ [2017-3-2 385456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dbupdate;Dropbox-opdatering-tjeneste (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R2 ESRV_SVC_WILLAMETTE;Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 Heimdal SecureDNS;Heimdal SecureDNS;c:\program files (x86)\Heimdal\Heimdal.SecureDNS.exe;c:\program files (x86)\Heimdal\Heimdal.SecureDNS.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 CM_VENDER_CMD;CM_VENDER_CMD;c:\program files\Common Files\Logitech\G430Install\CMVC64.sys;c:\program files\Common Files\Logitech\G430Install\CMVC64.sys [x]
R3 dbupdatem;Dropbox-opdatering-tjeneste (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys;c:\windows\SYSNATIVE\DRIVERS\dbx.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 lgLowAudio;Logitech USB Filter Driver (LGS);c:\windows\system32\drivers\lgLowAudio.sys;c:\windows\SYSNATIVE\drivers\lgLowAudio.sys [x]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys;c:\windows\SYSNATIVE\drivers\farflt.sys [x]
R3 mt7612US;Xbox Wireless Adapter for Windows;c:\windows\system32\DRIVERS\mt7612US.sys;c:\windows\SYSNATIVE\DRIVERS\mt7612US.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 semav6msr64;semav6msr64;c:\windows\system32\drivers\semav6msr64.sys;c:\windows\SYSNATIVE\drivers\semav6msr64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USER_ESRV_SVC_WILLAMETTE;User Energy Server Service WILLAMETTE;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe;c:\program files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xb1usb;Xbox Peripherals (legacy) Driver;c:\windows\system32\DRIVERS\xb1usb.sys;c:\windows\SYSNATIVE\DRIVERS\xb1usb.sys [x]
R3 xboxgip;Xbox Game Input Protocol Driver;c:\windows\system32\DRIVERS\xboxgip.sys;c:\windows\SYSNATIVE\DRIVERS\xboxgip.sys [x]
R4 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Heimdal Client Host;Heimdal Client Host;c:\program files (x86)\Heimdal\Heimdal.ClientHost.exe;c:\program files (x86)\Heimdal\Heimdal.ClientHost.exe [x]
S2 Heimdal Uptime Checker;Heimdal Uptime Checker;c:\program files (x86)\Heimdal\Heimdal.UptimeChecker.exe;c:\program files (x86)\Heimdal\Heimdal.UptimeChecker.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 LGCoreTemp;Logitech CPU Core Tempurature;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys;c:\program files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [x]
S2 LogiRegistryService;Logitech Gaming Registry Service;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe;c:\program files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 SystemUsageReportSvc_WILLAMETTE;Intel® System Usage Report Service SystemUsageReportSvc_WILLAMETTE;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe;c:\program files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
Nunesstither REG_MULTI_SZ   Nunesstither
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-30 08:14 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2017-04-04 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06 12:24]
.
2017-04-04 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06 12:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-03-21 18:01 286024 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.15.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-03-21 07:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2016-01-06 15053944]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-09 9068040]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-02-23 1880512]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10
FF - ProfilePath - c:\users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\lzgygbq3.default\
FF - prefs.js: browser.search.selectedEngine - youndoo
FF - prefs.js: browser.startup.homepage - hxxps://search.avira.net/#/?show_is=1&source=art
.
- - - - TOMME GENVEJE FJERNET - - - -
.
SafeBoot-92854193.sys
ShellExecuteHooks-{E5BC1154-D1C8-11E6-9646-64006A5CFC23} - (no file)
ShellExecuteHooks-{8395822C-D1C8-11E6-9072-64006A5CFC23} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.25"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_25_0_0_127.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\APRP\aprp.exe
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Gennemført tid: 2017-04-04  13:32:58 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2017-04-04 11:32
ComboFix2.txt  2017-02-24 09:47
.
Pre-Kørsel: 19.865.870.336 bytes free
Post-Kørsel: 19.924.996.096 bytes free
.
- - End Of File - - DC69F407A55ADF40B1747F56CA972E27
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84190578 B
Java, Flash, Steam htmlcache => 552405683 B
Windows/system/drivers => 877710 B
Edge => 0 B
Chrome => 0 B
Firefox => 43837174 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 114784 B
systemprofile => 83653 B
systemprofile32 => 69584 B
LocalService => 132244 B
NetworkService => 172588 B
Hans => 131606238 B
 
RecycleBin => 0 B
EmptyTemp: => 783.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:09:52 ====


After Reboot I had lost all my setting for Chrome :/


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 13 April 2017 - 07:47 PM

And Happy Easter to you as well.
 

Did you create a shortcut link to launch Chrome instead of Internet Explorer?


-----
 

After Reboot I had lost all my setting for Chrome :/

Are you talking about just your start pages or other/additional settings?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 17 April 2017 - 03:50 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Hanseman

Hanseman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 17 April 2017 - 05:13 PM

I always use Chrome - NEVER IE



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 17 April 2017 - 07:31 PM

Thank you.
 

After Reboot I had lost all my setting for Chrome :/

Are you talking about just your start pages or other/additional settings?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Hanseman

Hanseman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 18 April 2017 - 06:55 AM

after a Chrome sync - they came back



#12 Hanseman

Hanseman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 18 April 2017 - 06:56 AM

I believe the problen has been resolved - thank you very much



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 18 April 2017 - 08:19 AM

Very good, thank you.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:49 AM

Posted 18 April 2017 - 08:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users