Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST and GMER logs shows rootkit-virus-activity


  • This topic is locked This topic is locked
2 replies to this topic

#1 HansJen

HansJen

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 31 May 2017 - 02:13 AM

Hello good people of BleepingComputer.

 

My computer has recently begun showing unusual activity. 

 

- it can not shut down. It just logs off windows and the screen get black, but the PC is still running. 

- the logon-process is taking alot longer than usual

- the overall performance is decreased alot in very short time

 

I've made FRST-logs and will be posting them now:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by glny (administrator) on DESKTOP-2P0LG35 (31-05-2017 09:05:52)
Running from C:\Users\glny\Downloads
Loaded Profiles: glny (Available Profiles: glny)
Platform: Windows 10 Pro Version 1607 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Small Business Advantage Next\SbaService.exe
(Plex, Inc.) D:\Plex\Plex Update Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\glny\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\glny\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Plex, Inc.) D:\Plex\Plex Media Server.exe
(Hammer & Chisel, Inc.) C:\Users\glny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\glny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\glny\AppData\Local\Discord\app-0.0.297\Discord.exe
(Python Software Foundation) D:\Plex\PlexScriptHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Plex, Inc.) D:\Plex\Plex DLNA Server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Yamicsoft) C:\Program Files\Yamicsoft\Windows 10 Manager\Windows10Manager.exe
(Yamicsoft) C:\Program Files\Yamicsoft\Windows 10 Manager\DiskAnalyzer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-01-29] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1178912 2016-03-16] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [29246568 2017-05-23] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [Spotify Web Helper] => C:\Users\glny\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-13] (Spotify Ltd)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [f.lux] => C:\Users\glny\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [Plex Media Server] => D:\Plex\Plex Media Server.exe [15055848 2017-03-15] (Plex, Inc.)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [Discord] => C:\Users\glny\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Run: [uTorrent] => C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe [1980608 2017-05-21] (BitTorrent Inc.)
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Policies\Explorer: [NoCDBurning] 1
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-23] (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 100.112.128.36 100.112.128.37
Tcpip\..\Interfaces\{4292b3a1-7c19-4cff-a526-433e81577e22}: [DhcpNameServer] 100.112.128.36 100.112.128.37
Tcpip\..\Interfaces\{f421b159-8be2-460a-b7cd-cc5b2b327ae7}: [DhcpNameServer] 193.162.153.164 194.239.134.83
 
Internet Explorer:
==================
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/da-dk/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-08] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-08] (Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: q9e6s6av.default
FF ProfilePath: C:\Users\glny\AppData\Roaming\Mozilla\Firefox\Profiles\q9e6s6av.default [2016-10-21]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-12-03] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://ekstrabladet.dk/
CHR StartupUrls: Default -> "","hxxp://www.boligportal.dk/lejebolig/din_find_bolig_pakke.php","hxxp://www.google.dk/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDK&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDK&apn_dbr=cr_35.0.1916.153&apn_uid=A9BA5689-5CD9-4A78-86B9-C82768CA4893&itbv=12.12.2.83&doi=2014-06-22&psv=&pt=tb","hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDK&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDK&apn_dbr=cr_35.0.1916.153&apn_uid=C603A156-D249-4987-B105-48ACC3B1E6A6&itbv=12.15.1.20&doi=2014-07-21&psv=&pt=tb"
CHR Profile: C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default [2017-05-31]
CHR Extension: (Google Slides) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-03]
CHR Extension: (Google Docs) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-03]
CHR Extension: (Google Drive) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-03]
CHR Extension: (YouTube) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-03]
CHR Extension: (Dropbox for Gmail) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-03-12]
CHR Extension: (Google Sheets) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-03]
CHR Extension: (AdBlock) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Date Countdown) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbmbpihmhcjkagbbnfdikmjieigakgj [2016-10-04]
CHR Extension: (StumbleBar by StumbleUpon) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2017-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Gmail) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-03]
CHR Extension: (Chrome Media Router) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-20] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-05-23] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395024 2016-12-11] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
S3 intelsba; C:\Program Files\Intel\Intel® Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [58792 2015-06-04] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177288 2015-05-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 PlexUpdateService; D:\Plex\Plex Update Service.exe [1982952 2017-03-15] (Plex, Inc.)
R2 SbaService; C:\Program Files (x86)\Intel\Intel® Small Business Advantage Next\SbaService.exe [26296 2015-10-14] (Intel Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-03] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [144456 2016-01-22] (Rivet Networks, LLC.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-23] (Disc Soft Ltd)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-10-03] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185144 2016-10-03] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-31 09:05 - 2017-05-31 09:06 - 00021374 _____ C:\Users\glny\Downloads\FRST.txt
2017-05-31 09:05 - 2017-05-31 09:05 - 02429952 _____ (Farbar) C:\Users\glny\Downloads\FRST64.exe
2017-05-31 08:56 - 2017-05-31 09:03 - 00000000 ____D C:\Users\glny\Desktop\img
2017-05-29 20:49 - 2017-05-29 20:49 - 00000000 ____D C:\WINDOWS\Panther
2017-05-29 19:00 - 2017-05-29 19:00 - 00000000 ____D C:\Users\glny\AppData\Roaming\.minecraft
2017-05-29 15:25 - 2017-05-29 15:25 - 00025836 _____ C:\Users\glny\Downloads\Banshee.S02.NORDiC.1080p.BluRay.X264-SS.torrent
2017-05-29 15:25 - 2017-05-29 15:25 - 00016062 _____ C:\Users\glny\Downloads\Banshee.S02.NORDiC.720p.BluRay.X264-SS (1).torrent
2017-05-29 15:10 - 2017-05-29 15:10 - 00109953 _____ C:\Users\glny\Downloads\Banshee.S02.Retail.DKsubs.720p.HDTV.x264-RAPiDCOWS.torrent
2017-05-29 15:10 - 2017-05-29 15:10 - 00016062 _____ C:\Users\glny\Downloads\Banshee.S02.NORDiC.720p.BluRay.X264-SS.torrent
2017-05-26 11:40 - 2017-05-26 11:40 - 00011168 _____ C:\Users\glny\Downloads\John.Wick.Chapter.2.2017.DKSubs.1080p.WEB-DL.x264-UNiTAiL.torrent
2017-05-25 17:50 - 2017-05-25 17:50 - 00019069 _____ C:\Users\glny\Downloads\Logan.2017.DKSubs.BLUR.720p.HDRip.x264-UNiTAiL.torrent
2017-05-25 17:49 - 2017-05-25 17:49 - 00028536 _____ C:\Users\glny\Downloads\Logan.2017.DKsubs.1080p.BluRay.DTS.x264-UNiTAiL.torrent
2017-05-25 13:48 - 2017-05-25 13:48 - 00014457 _____ C:\Users\glny\Downloads\Prison.Break.S05E08.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2017-05-23 18:43 - 2017-05-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-23 15:16 - 2017-05-23 15:16 - 00014715 _____ C:\Users\glny\Downloads\Prison.Break.S05E07.REPACK.NORDiC.720p.WEB-DL.DD5.1.H264-DBRETAiL.torrent
2017-05-23 10:25 - 2017-05-23 10:25 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-05-22 22:20 - 2017-05-22 22:20 - 00000000 _____ C:\Users\glny\AppData\Local\{1BEE20AC-26BD-4DA9-865A-A8D56C007001}
2017-05-22 21:45 - 2017-05-22 21:45 - 00002347 _____ C:\Users\glny\Downloads\The.Blacklist.S04E22.NORDiC.720p.WEB-DL.DD5.1.H264-DBRETAiL.torrent
2017-05-22 21:45 - 2017-05-22 21:45 - 00002347 _____ C:\Users\glny\Downloads\The.Blacklist.S04E21.NORDiC.720p.WEB-DL.DD5.1.H264-DBRETAiL.torrent
2017-05-22 19:46 - 2017-05-22 19:46 - 00020819 _____ C:\Users\glny\Downloads\Blindspot.S02E22.Custom.DKsubs.720p.HDTV.x264-SUBSTANCE.torrent
2017-05-17 11:29 - 2017-05-17 11:29 - 00017998 _____ C:\Users\glny\Downloads\prison-break-sequel-first-season-tv_english-1562320.zip
2017-05-17 11:23 - 2017-05-17 11:24 - 00005963 _____ C:\Users\glny\Downloads\Prison.Break.S05E07.720p.HDTV.x264-KILLERS.torrent
2017-05-15 19:16 - 2017-05-15 19:16 - 00017926 _____ C:\Users\glny\Downloads\The.Blacklist.S04E20.NORDiC.1080p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2017-05-15 12:08 - 2017-05-15 12:08 - 00001050 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-05-15 12:08 - 2017-05-15 12:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-15 10:00 - 2017-05-15 10:00 - 00017439 _____ C:\Users\glny\Downloads\Malwarebytes_Anti-Malware_3.0.6.1458_Premium_RP_4realtorrentz.torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014789 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E03.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014749 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E02.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014729 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E04.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014629 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E05.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014549 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E06.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-12 14:38 - 2017-05-12 14:38 - 00014449 _____ C:\Users\glny\Downloads\[HoundDawgs]Prison.Break.S05E01.NORDiC.720p.WEB-DL.H.264-RAPiDCOWS[Sharing-Is-Caring].torrent
2017-05-11 15:13 - 2017-05-11 15:13 - 00024058 _____ C:\Users\glny\Downloads\the-blacklist-fourth-season_english-1555532.zip
2017-05-11 15:12 - 2017-05-11 15:12 - 00002958 _____ C:\Users\glny\Downloads\The.Blacklist.S04E19.HDTV.x264-KILLERS.torrent
2017-05-11 15:12 - 2017-05-11 15:12 - 00002341 _____ C:\Users\glny\Downloads\The.Blacklist.S04E19.NORDiC.720p.WEB-DL.DD5.1.H264-DBRETAiL.torrent
2017-05-11 12:04 - 2017-05-11 12:04 - 00020124 _____ C:\Users\glny\Downloads\blindspot-second-season-2015_english-1558872.zip
2017-05-11 11:39 - 2017-05-11 11:39 - 00006563 _____ C:\Users\glny\Downloads\Blindspot.S02E21.720p.HDTV.x264-AVS.torrent
2017-05-10 11:17 - 2017-05-10 11:17 - 00014383 _____ C:\Users\glny\Downloads\The.Blacklist.S04E18.NORDiC.720p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2017-05-09 11:27 - 2017-05-09 11:27 - 00096404 _____ C:\Users\glny\Downloads\unspecified (4)
2017-05-09 11:27 - 2017-05-09 11:27 - 00096404 _____ C:\Users\glny\Downloads\unspecified (3)
2017-05-08 21:34 - 2017-05-29 19:00 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-05-08 21:23 - 2017-05-08 21:23 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-05-08 21:23 - 2017-05-08 21:23 - 00000000 ____D C:\Users\glny\AppData\Roaming\Sun
2017-05-08 21:23 - 2017-05-08 21:23 - 00000000 ____D C:\Users\glny\AppData\LocalLow\Sun
2017-05-08 21:23 - 2017-05-08 21:23 - 00000000 ____D C:\ProgramData\Oracle
2017-05-08 21:23 - 2017-05-08 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-05-08 21:23 - 2017-05-08 21:23 - 00000000 ____D C:\Program Files (x86)\Java
2017-05-08 21:15 - 2017-05-08 21:15 - 00000000 ____D C:\Users\glny\Downloads\OptiFine_1.11.2_HD_U_B8
2017-05-08 20:57 - 2017-05-08 20:57 - 00000000 ____D C:\Users\glny\Documents\Curse
2017-05-08 20:51 - 2017-05-08 20:51 - 00000000 ____D C:\Users\glny\AppData\Roaming\Twitch Setup
2017-05-08 20:51 - 2017-05-08 20:51 - 00000000 ____D C:\ProgramData\Twitch
2017-05-04 13:30 - 2017-05-04 13:30 - 00020710 _____ C:\Users\glny\Downloads\blindspot-second-season-2015_english-1554949.zip
2017-05-04 13:29 - 2017-05-04 13:29 - 00007163 _____ C:\Users\glny\Downloads\Blindspot.S02E20.720p.HDTV.x264-AVS.torrent
2017-05-04 13:28 - 2017-05-04 13:28 - 00034025 _____ C:\Users\glny\Downloads\Embrace.of.the.Serpent.2015.LIMITED.720p.BluRay.x264-DEPTH.torrent
2017-05-04 13:27 - 2017-05-04 13:27 - 00019192 _____ C:\Users\glny\Downloads\[torrent.cd].Embrace_Of_The_Serpent_2015_720p_BluRay_900_MB_-_iExTV.torrent
2017-05-04 11:50 - 2017-05-04 11:50 - 00055643 _____ C:\Users\glny\Downloads\Brev fra SKAT.PDF
2017-05-01 10:06 - 2017-05-01 10:06 - 00274955 _____ C:\Users\glny\Downloads\tickets_14391874.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-31 09:05 - 2016-10-03 18:32 - 00000000 ____D C:\FRST
2017-05-31 09:04 - 2017-04-18 08:53 - 00000000 ____D C:\Users\glny\AppData\Roaming\uTorrent
2017-05-31 08:57 - 2016-11-08 23:58 - 00001288 _____ C:\Users\glny\Desktop\Windows 10 Manager.lnk
2017-05-31 08:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-31 08:54 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-31 08:32 - 2016-12-11 20:43 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-31 08:30 - 2016-10-25 20:32 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3555DD5F-C735-46E7-846A-64DF6CEB120A}
2017-05-31 08:30 - 2016-10-06 16:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-30 21:58 - 2016-10-03 19:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-30 19:29 - 2016-10-04 12:42 - 00000000 ____D C:\Users\glny\AppData\Roaming\vlc
2017-05-29 21:13 - 2016-10-03 19:38 - 00000000 ____D C:\Users\glny\AppData\Local\ConnectedDevicesPlatform
2017-05-29 20:55 - 2016-10-03 15:41 - 03690240 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-29 20:55 - 2016-07-17 02:09 - 01589238 _____ C:\WINDOWS\system32\perfh006.dat
2017-05-29 20:55 - 2016-07-17 02:09 - 00434480 _____ C:\WINDOWS\system32\perfc006.dat
2017-05-29 20:49 - 2016-12-11 21:39 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-29 20:49 - 2016-10-03 19:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-29 20:49 - 2016-10-03 19:35 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-29 20:49 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-05-28 18:39 - 2017-04-04 21:04 - 00000000 ____D C:\Users\glny\AppData\Roaming\discord
2017-05-28 18:39 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-26 16:03 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-25 17:26 - 2016-10-12 15:06 - 00000000 ____D C:\Users\glny\AppData\Roaming\Spotify
2017-05-25 17:25 - 2016-11-01 17:02 - 00000000 ____D C:\Users\glny\AppData\Roaming\Skype
2017-05-25 17:25 - 2016-11-01 17:02 - 00000000 ____D C:\ProgramData\Skype
2017-05-24 11:51 - 2016-10-03 18:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-24 11:49 - 2016-10-03 18:32 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-23 19:33 - 2016-10-03 19:35 - 00000000 ____D C:\Users\glny
2017-05-23 18:44 - 2016-11-20 16:13 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-23 10:11 - 2016-10-03 18:42 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-05-22 23:04 - 2016-10-03 18:28 - 00000000 ____D C:\Users\glny\AppData\Local\Battle.net
2017-05-22 22:23 - 2016-10-03 18:27 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-16 19:50 - 2016-10-03 20:11 - 00000000 ____D C:\Users\glny\Documents\Diablo III
2017-05-16 18:15 - 2016-11-19 22:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-05-16 12:35 - 2017-01-17 13:04 - 00000000 ____D C:\Program Files (x86)\Nero
2017-05-15 18:31 - 2016-11-20 16:13 - 00000000 ____D C:\Users\glny\AppData\Local\Dropbox
2017-05-15 12:09 - 2016-10-03 18:08 - 00000000 ____D C:\Users\glny\AppData\Local\CrashDumps
2017-05-15 12:08 - 2017-04-03 15:47 - 00000000 ____D C:\Users\glny\Desktop\ABN
2017-05-15 12:08 - 2016-11-09 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-15 09:53 - 2016-10-03 19:35 - 00000000 ____D C:\Program Files (x86)\Razer
2017-05-12 01:26 - 2016-11-01 12:46 - 00002284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 01:26 - 2016-11-01 12:46 - 00002272 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 11:27 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-10 20:12 - 2016-10-03 18:46 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-10 20:11 - 2016-12-11 21:28 - 00000000 ____D C:\Users\glny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-10 20:00 - 2016-10-03 15:37 - 00000000 ____D C:\Users\glny\AppData\Local\Packages
2017-05-07 21:47 - 2016-10-09 17:49 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2017-05-22 22:20 - 2017-05-22 22:20 - 0000000 _____ () C:\Users\glny\AppData\Local\{1BEE20AC-26BD-4DA9-865A-A8D56C007001}
 
Some files in TEMP:
====================
2017-05-25 17:26 - 2016-11-13 16:14 - 6987376 _____ (Spotify Ltd) C:\Users\glny\AppData\Local\Temp\SpotifyUninstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-22 22:37
 
==================== End of FRST.txt ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by glny (31-05-2017 09:06:19)
Running from C:\Users\glny\Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-03 17:38:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2021747942-74577322-3706033670-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2021747942-74577322-3706033670-503 - Limited - Disabled)
glny (S-1-5-21-2021747942-74577322-3706033670-1001 - Administrator - Enabled) => C:\Users\glny
Gæst (S-1-5-21-2021747942-74577322-3706033670-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Microsoft Office Proofing Tools 2016“ – lietuvių k. (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ansel (Version: 375.86 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple-programunderstøttelse (32 bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple-programunderstøttelse (64 bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 27.3.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.61.1 - Dropbox, Inc.) Hidden
Eines de correcció del Microsoft Office 2016: català (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Flux) (Version:  - )
Ferramentas de Verificação do Microsoft Office 2016 - Português (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.8.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
I-Microsoft Office Proofing Tools 2016 - IsiZulu (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.4.1186 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1519.7 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{89E5F369-612A-4A5E-8BF2-7938C76ABF29}) (Version: 3.0.135 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Small Business Advantage (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 3.1.53.8739 - Intel® Corporation)
Intel® Small Business Advantage (HKLM-x32\...\{C7A82877-2365-4A03-B23F-DFDD629B7F3A}) (Version: 4.0.44 - Intel Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Korrekturredskaber til Microsoft Office 2016 - Dansk (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controllerdriver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision-driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafikdriver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Orodja za preverjanje za Microsoft Office 2016 – angleščina (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{d55f2773-2fc4-4a79-bf44-125c7afff11f}) (Version: 1.4.4.3495 - Plex, Inc.)
Plex Media Server (x32 Version: 1.4.3495 - Plex, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7730 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Security Task Manager 2.1g (HKLM-x32\...\Security Task Manager) (Version: 2.1g - Neuber Software)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spotify (HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (x32 Version: 1.4.3495 - Plex, Inc.) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
TK8 StickyNotes 4.3 (HKLM-x32\...\TK8 StickyNotes_is1) (Version:  - TK8 Software)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Uirlisí Profála Microsoft Office 2016 - Gaeilge (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.0-git - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
Windows 10 Manager (HKU\S-1-5-21-2021747942-74577322-3706033670-1001\...\Windows 10 Manager 1.1.5) (Version: 1.1.5 - Yamicsoft)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AA5AEDD-AFEE-4188-AD80-13B832EF0AE4} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe 
Task: {1BE75613-676B-4984-80DE-FFAF1346B466} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {21A560E9-5F18-463D-B65D-EA7FF35EEAB1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {43380F3E-AA86-4A98-B393-28453E0547C5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {4A53E652-60BD-48AB-A6DB-0662FA19BFFF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-20] (Dropbox, Inc.)
Task: {512608DF-CF15-496D-A805-2AEF43165DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {560E0056-1438-4E83-A370-268A59DCED05} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe 
Task: {5D23C7BF-6C08-4927-B0B9-ED3B530A990D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-01] (Google Inc.)
Task: {6AABA079-41F4-4EC9-852D-DF138C936792} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {748029BD-B8BF-457A-BFCD-D56FF355CD22} - System32\Tasks\Intel® Small Business Advantage\Notifier => C:\Program Files\Intel\Intel® Small Business Advantage\UI\SBA_Notifier.exe [2015-06-04] (Intel Corporation)
Task: {8B046721-F4A8-49D9-9569-94866DECAA24} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe 
Task: {90FE27A0-3E43-4A3B-83B2-9C5D46870CDF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-05-29] ()
Task: {9526E6A1-4176-451B-AD21-F5C87500A753} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {9BB348AE-5155-4BAB-8075-77AD0A765C18} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A264CAE8-D9A6-4606-9310-DC81A214DD0A} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe 
Task: {AC016031-389E-4879-96A0-C250489FEEBC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {B15C1338-59DB-4A93-871A-5A13ABA44FCB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {D1B210C4-D8A4-4AF9-AADB-0AFDB3645FA9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-05-29] ()
Task: {D4BF995E-49DF-45E5-92E4-0431E77A364E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F994ECA5-8F0D-4C52-961D-DEE7C7D3FA8C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-03-28] (Microsoft Corporation)
Task: {FD0EFD50-757A-4EE0-8884-863F0A3A39E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-04-11 20:54 - 2017-03-28 08:22 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-03 19:35 - 2016-12-29 14:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-05-12 01:25 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-12 01:25 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-10-03 20:31 - 2016-10-03 20:31 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 08:53 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 08:53 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 08:53 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 08:53 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-04-11 20:54 - 2017-03-28 07:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-04-11 20:54 - 2017-03-28 07:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00083432 _____ () D:\Plex\zlib.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00203240 _____ () D:\Plex\libidn.dll
2016-03-16 01:54 - 2016-03-16 01:54 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-11 20:43 - 2017-03-10 02:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-11 20:43 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-11 20:43 - 2017-04-26 01:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-11 20:43 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-11 20:43 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-11 20:43 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-11 20:43 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-11 20:43 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-11 20:43 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-11 20:43 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-11 20:43 - 2017-04-26 01:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-11 20:43 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 01083368 _____ () D:\Plex\libxml2.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00115688 _____ () D:\Plex\soci_core-vc80-3_0.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00059880 _____ () D:\Plex\soci_sqlite3-vc80-3_0.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00772072 _____ () D:\Plex\tag.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 01741288 _____ () D:\Plex\opencv_imgproc2411.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 01962984 _____ () D:\Plex\opencv_core2411.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00025576 _____ () D:\Plex\lyric_lite.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 01549104 _____ () D:\Plex\libstdc++-6.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00127136 _____ () D:\Plex\libgcc_s_dw2-1.dll
2017-04-04 21:04 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\glny\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-04-04 21:04 - 2017-04-04 21:04 - 01082880 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-04-04 21:04 - 2017-04-04 21:04 - 03750400 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-04-04 21:04 - 2017-04-04 21:04 - 00914432 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-04-04 21:04 - 2017-04-04 21:04 - 01127424 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2016-12-14 06:20 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-12-11 20:43 - 2017-04-26 01:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-04-04 21:04 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\glny\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-04-04 21:04 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\glny\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-05-31 08:27 - 2017-05-31 08:27 - 00148992 _____ () \\?\C:\Users\glny\AppData\Local\Temp\2E83.tmp.node
2017-04-04 21:04 - 2017-04-29 09:23 - 02658296 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-04-04 21:04 - 2017-04-04 21:04 - 02665976 _____ () \\?\C:\Users\glny\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-03-15 14:18 - 2017-03-15 14:18 - 00050152 _____ () D:\Plex\DLLs\_socket.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00071656 _____ () D:\Plex\DLLs\_ssl.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00024552 _____ () D:\Plex\DLLs\_hashlib.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00041448 _____ () D:\Plex\Exts\simplejson\_speedups.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00930280 _____ () D:\Plex\Exts\lxml\etree.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00074728 _____ () D:\Plex\libexslt.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00190952 _____ () D:\Plex\libxslt.dll
2017-03-15 14:18 - 2017-03-15 14:18 - 00218088 _____ () D:\Plex\Exts\lxml\objectify.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00018920 _____ () D:\Plex\DLLs\select.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00095720 _____ () D:\Plex\DLLs\_ctypes.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00143336 _____ () D:\Plex\DLLs\pyexpat.pyd
2017-03-15 14:18 - 2017-03-15 14:18 - 00694248 _____ () D:\Plex\DLLs\unicodedata.pyd
2017-05-23 18:43 - 2017-05-23 10:22 - 00775488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-05-23 18:43 - 2017-05-23 10:22 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-11-20 16:14 - 2017-05-12 04:25 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-20 16:14 - 2017-05-12 04:25 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-20 16:14 - 2017-05-12 04:25 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-20 16:14 - 2017-05-12 04:25 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-11-20 16:14 - 2017-05-12 04:25 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-05-23 18:43 - 2017-05-12 04:25 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-05-23 18:43 - 2017-05-12 04:25 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-05-23 18:43 - 2017-05-12 04:25 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-20 16:14 - 2017-05-12 04:27 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-05-23 18:43 - 2017-05-12 04:25 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-05-23 18:43 - 2017-05-12 04:27 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-02 23:58 - 2017-05-23 10:25 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-11-20 16:14 - 2017-05-12 04:25 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-12 18:12 - 2017-05-23 10:25 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-06 21:27 - 2017-05-23 10:25 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-06 21:27 - 2017-05-23 10:25 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-06 21:27 - 2017-05-23 10:25 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-06 21:27 - 2017-05-23 10:25 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-11-20 16:14 - 2017-05-12 04:27 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-11-20 16:14 - 2017-05-23 10:25 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-05-23 18:43 - 2017-05-12 04:20 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-05-23 18:43 - 2017-05-23 10:24 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-05-23 18:43 - 2017-03-22 04:07 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-05-23 18:43 - 2017-05-23 10:24 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-11-20 16:14 - 2017-05-23 10:25 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-05-23 18:43 - 2017-05-12 04:30 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-05-23 18:43 - 2017-05-12 04:30 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-11-20 16:14 - 2017-05-23 10:25 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-21 22:38 - 2017-05-23 10:25 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-05-23 18:43 - 2017-05-23 10:25 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-05-23 18:43 - 2017-05-23 10:24 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2021747942-74577322-3706033670-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\glny\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{479d5643-9a24-4096-b680-a4c8c808462d}.jpg
DNS Servers: 100.112.128.36 - 100.112.128.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{88B7A568-42EE-409B-952D-8A22968AED4D}] => (Allow) C:\Program Files (x86)\Intel\Intel® Small Business Advantage Next\Sba.exe
FirewallRules: [TCP Query User{419B4006-9078-4A3F-9668-03379B0EF0F1}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{E07744E4-E90D-47DE-A7F9-AE020487AADA}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{23E24BAF-8A61-49F3-829E-14A47C7A1409}] => (Allow) C:\Users\glny\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{D02BECA3-D324-401D-B575-3E0908AEB7F6}] => (Allow) C:\Users\glny\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{0A4865EA-A8A7-4397-B23D-0F4C0677C612}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{4DCBFE1A-957D-4DAA-8718-63A97786C56C}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{08A605EA-9988-490E-91F3-3AEB56084492}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3F9A0B2C-2456-476F-A118-732CE67E983C}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FB9B9C88-E897-4CDA-A42B-2786BA4C57B8}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8436A39F-5CAA-40EC-96A9-90D102849DEE}C:\users\glny\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\glny\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{76A79DF8-F9F7-4B58-A1F0-E2B145000F58}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{E51A2B4A-1762-4374-9F8B-5E3F69D0CCC9}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{F6467C55-CF95-4069-9DED-FD0C450B352E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7E46953B-2CE9-421F-BCD0-8AE73104E2EE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6CD35B07-ABFA-48CF-A890-604E3C0CF448}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{C1463CDC-2A54-4FE2-A745-C926856C1C1C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{6FD0CFE6-16E3-4BC6-BE0E-7B15F13D95CE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{733370C0-42D3-42CD-AEA1-EA774B76716D}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{207511D5-DB43-4ECE-9E1F-CF8D777FF2D7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{BDBC96EF-C393-42AD-AEB6-32336E7C8125}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{6B55B251-B6F9-49A2-BB02-59CF098D3FAB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{2C0C7DB2-7DD5-43DC-B1D3-74517BB59C41}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{0EA018BE-8F8C-4173-B03F-E14CFCAC8E7E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{33002CF9-6DDD-4171-8778-A3654FC70A4E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{69032838-1A1A-4EBC-B3A5-44FD8843649A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{86B06EA7-4D10-4578-8AD1-61762B57A302}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{531EDBF8-B4B2-4805-B1DA-B601D2A7E38D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06780EF6-9A4B-4821-82DB-C6DDFC2E67C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADEE3339-3E55-43F3-8542-03F70E65FA5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1A97AFD8-47B0-4753-877A-70BC7BF1DDC2}D:\d3\diablo iii\x64\diablo iii64.exe] => (Block) D:\d3\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{C872971B-FB75-40DC-A5DA-FFFEC528D2CD}D:\d3\diablo iii\x64\diablo iii64.exe] => (Block) D:\d3\diablo iii\x64\diablo iii64.exe
FirewallRules: [TCP Query User{FD84D4F0-A144-4962-ADC2-D408370E8578}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{D6845C34-3427-4F8B-837D-DA01584E9A3A}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{7C6A1F27-D52E-4E69-8114-900EF50E20E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DB4225E5-1A51-4B31-B679-5FB5995FCD62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C90B4D93-FEE3-4C26-9AF9-A42B39ACF050}] => (Allow) D:\Plex\Plex Media Server.exe
FirewallRules: [{2434A5A3-E638-4FF0-B459-12CEA095E2A2}] => (Allow) D:\Plex\PlexScriptHost.exe
FirewallRules: [{B7B4F9C4-C1D1-43A1-BDB4-89B2F22B96E1}] => (Allow) D:\Plex\Plex DLNA Server.exe
FirewallRules: [{C9814343-C3D4-4A1E-BE5A-452E3208BE65}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{849437A0-2389-420F-B0B1-31D61262F315}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C08CF889-4C28-439E-82CC-082B58DCEFBF}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6E30C60-7154-4D22-A7B3-7BDA6B58708E}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0DAEB0BA-1774-49A9-8056-3ED0C314E127}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4CC24718-5D78-45AF-9479-2F6101B64487}] => (Allow) C:\Users\glny\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F760ED3B-8BA5-4C8D-98B4-B4312BDF4686}] => (Allow) D:\Games\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{6ABB4BF7-C459-4BAD-BB2F-54559D77E29D}] => (Allow) D:\Games\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017.exe
FirewallRules: [{B9B854B5-5C67-40D2-B589-81B4591BC7C5}] => (Allow) D:\Games\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [{805737BE-B54C-4F92-B180-725130580C11}] => (Allow) D:\Games\Steam\steamapps\common\Serious Sam Fusion 2017\Bin\x64\Sam2017_Unrestricted.exe
FirewallRules: [TCP Query User{3D2BD9D1-E8AD-4CB0-BFE2-03694CA36636}C:\users\glny\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\glny\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{D9F102B8-E594-4A61-A78C-0D93194954E5}C:\users\glny\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\glny\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{CE82B627-0A51-4995-847F-C4827A3C22E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{571B7262-A2B5-42B8-9305-C004816EAF1C}D:\d3\diablo iii\x64\diablo iii64.exe] => (Allow) D:\d3\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{B9A0AA32-5920-4306-9378-2DD931DF2C17}D:\d3\diablo iii\x64\diablo iii64.exe] => (Allow) D:\d3\diablo iii\x64\diablo iii64.exe
FirewallRules: [{4AB34E89-9C9F-4C02-879E-28826C652436}] => (Allow) LPort=1688
FirewallRules: [{67A133BC-4B4B-41A3-A478-A627DDCFCEF8}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{749E1A0F-0ED3-4F51-9D2B-12A8ED4ECC49}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{80FC111A-EBE4-4961-B9EA-4221D0517BBB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2-standardtastatur
Description: PS/2-standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturer)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2-mus
Description: Microsoft PS/2-mus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/30/2017 10:04:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2P0LG35)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (05/29/2017 10:18:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2P0LG35)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (05/29/2017 07:00:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2P0LG35)
Description: Aktivering af app‘en Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (05/25/2017 09:48:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2P0LG35)
Description: Aktivering af app‘en Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (05/25/2017 01:56:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-2P0LG35)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
 
Error: (05/24/2017 11:50:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Den åbne procedure for tjenesten "BITS" i DLL-filen "C:\Windows\System32\bitsperf.dll" mislykkedes. Ydelsesdata for denne tjeneste vil ikke være tilgængelige. De første fire byte (DWORD) af dataafsnittet indeholder fejlkoden.
 
Error: (05/23/2017 06:21:00 PM) (Source: ESENT) (EventID: 104) (User: )
Description: svchost (1140) SRUJet: The database engine stopped the instance (0) with error (-510).
 
 
 
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error: (05/23/2017 06:19:00 PM) (Source: ESENT) (EventID: 492) (User: )
Description: svchost (1140) SRUJet: The logfile sequence in "C:\WINDOWS\system32\SRU\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.
 
Error: (05/23/2017 06:19:00 PM) (Source: ESENT) (EventID: 418) (User: )
Description: svchost (1140) SRUJet: Error -529 (0xfffffdef) occurred while opening a newly-created logfile C:\WINDOWS\system32\SRU\SRU.log.
 
Error: (05/23/2017 06:19:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: svchost (1140) SRUJet: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.
 
 
System errors:
=============
Error: (05/31/2017 08:26:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 og APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
Error: (05/30/2017 10:04:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2P0LG35)
Description: Serveren CortanaUI.AppXaftg6tm6p785vrqz81r3akxav02sk6wc.mca blev ikke registreret af DCOM inden for det specificerede tidsrum.
 
Error: (05/30/2017 10:04:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 og APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
Error: (05/30/2017 08:54:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 og APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
Error: (05/29/2017 10:18:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2P0LG35)
Description: Serveren CortanaUI.AppXaftg6tm6p785vrqz81r3akxav02sk6wc.mca blev ikke registreret af DCOM inden for det specificerede tidsrum.
 
Error: (05/29/2017 10:18:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 og APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
Error: (05/29/2017 08:49:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 og APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
Error: (05/29/2017 08:49:38 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Der opstod en fejl under forsøg på at læse den lokale hosts-fil.
 
Error: (05/29/2017 08:49:37 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: Der opstod en fejl under forsøg på at læse den lokale hosts-fil.
 
Error: (05/29/2017 08:49:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Adgangsindstillingerne programspecifikke giver ikke Lokal Aktivering adgang til COM-serverprogrammet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 og APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 for brugeren NT AUTHORITY\SYSTEM SID (S-1-5-18) fra adressen LocalHost (via LRPC), der kører i programbeholderen Ikke tilgængelig SID (Ikke tilgængelig). Denne sikkerhedstilladelse kan redigeres ved hjælp af administrationsværktøjet til komponenttjenester.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-31 09:05:49.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-31 09:05:49.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-29 19:24:23.640
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-28 18:50:58.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-22 22:37:05.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-21 18:13:05.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-16 22:55:47.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-15 22:13:07.480
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-12 13:56:56.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-11 15:13:23.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 53%
Total physical RAM: 8138.75 MB
Available physical RAM: 3775.57 MB
Total Virtual: 10698.75 MB
Available Virtual: 5269.18 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.28 GB) (Free:1.44 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:84.72 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDB75CE3)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 63D8175D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:46 PM

Posted 01 June 2017 - 09:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
GroupPolicy: Restriction <======= ATTENTION
CHR StartupUrls: Default -> "","hxxp://www.boligportal.dk/lejebolig/din_find_bolig_pakke.php","hxxp://www.google.dk/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDK&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDK&apn_dbr=cr_35.0.1916.153&apn_uid=A9BA5689-5CD9-4A78-86B9-C82768CA4893&itbv=12.12.2.83&doi=2014-06-22&psv=&pt=tb","hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EDK&gct=hp&ap... (long line)
CHR Extension: (Chrome Web Store Payments) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\glny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [737984 2015-08-30] (@ByELDI) [File not signed]
Task: {8B046721-F4A8-49D9-9569-94866DECAA24} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]
HKLM\...\.reg: txtfile => %SystemRoot%\system32\NOTEPAD.EXE %1 <===== ATTENTION
FirewallRules: [{67A133BC-4B4B-41A3-A478-A627DDCFCEF8}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{749E1A0F-0ED3-4F51-9D2B-12A8ED4ECC49}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:46 PM

Posted 07 June 2017 - 08:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users