Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a bitcoinminer, trojan, malware.


  • This topic is locked This topic is locked
24 replies to this topic

#1 Lord_Link

Lord_Link

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 07 November 2017 - 04:40 PM

Hey!

So I was being dumb and tried to pirate a game, and ended up getting infected with malware, keylogger, a bitcoinminer and such

Tried running malwarebytes a few times, quaranteneed and releted the files, but they're right back whenever I reboot my computer.

Got no clue what to do so any help would be greatly appreciated.

FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by Bjørn (administrator) on LAPTOP-SFP0AOIS (07-11-2017 22:20:46)
Running from C:\Users\Bjørn\Downloads
Loaded Profiles: Bjørn (Available Profiles: defaultuser0 & Bjørn)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: Norsk bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP) C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerSt.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8900104 2016-09-09] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\HP\HP 3D DriveGuard\AccelerometerST.exe [133952 2016-09-28] (HP)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Google Update] => C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Bjørn\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2012616 2017-04-17] (Gaijin Entertainment)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Spotify] => C:\Users\Bjørn\AppData\Roaming\Spotify\Spotify.exe [21025392 2017-11-04] (Spotify Ltd)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5094080 2017-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Run: [Spotify Web Helper] => C:\Users\Bjørn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-11-04] (Spotify Ltd)
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\MountPoints2: {69dafa4f-c2c0-11e7-9481-d0577bf2baf6} - "F:\setup.exe" 
Startup: C:\Users\Bjørn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send til OneNote.lnk [2017-11-07]
ShortcutTarget: Send til OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.20.1 192.168.20.1
Tcpip\..\Interfaces\{11fb2923-7e77-4ff7-8670-5306d0c405f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{11fb2923-7e77-4ff7-8670-5306d0c405f0}: [DhcpNameServer] 192.168.20.1 192.168.20.1
Tcpip\..\Interfaces\{73f43155-e575-4f41-a174-a4fb27d4d11e}: [DhcpNameServer] 40.23.1.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {5EA2F295-7E7D-46E0-A6F1-B86347723646} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5EA2F295-7E7D-46E0-A6F1-B86347723646} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001 -> {5EA2F295-7E7D-46E0-A6F1-B86347723646} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-10-12] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-10-12] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-28] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-03-05]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] ()
FF Plugin HKU\S-1-5-21-2005289373-1912076802-1295118333-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2005289373-1912076802-1295118333-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2005289373-1912076802-1295118333-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default [2017-11-07]
CHR Extension: (Slides) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (BetterTTV) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Docs) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-16]
CHR Extension: (YouTube) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-16]
CHR Extension: (Adblock Plus) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-26]
CHR Extension: (uBlock Origin) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-11-05]
CHR Extension: (Sheets) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-16]
CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-16]
CHR Extension: (Chrome Media Router) - C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-28]
CHR Profile: C:\Users\Bjørn\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-06-08] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd)
R2 esifsvc; C:\windows\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPJumpStartBridge; C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-07-28] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [269480 2017-07-03] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-10-06] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-06] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-10-06] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317952 2016-09-09] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2017-10-06] (Synaptics Incorporated)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-08] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3755176 2017-07-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [56168 2016-09-26] (HP)
R3 dptf_cpu; C:\windows\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
R3 dtlitescsibus; C:\windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-17] (Disc Soft Ltd)
R3 esif_lf; C:\windows\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-11-07] ()
S0 hpdskflt; C:\windows\System32\DRIVERS\hpdskflt.sys [42344 2016-09-26] (HP)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R2 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [192952 2017-11-07] (Malwarebytes)
R3 MBAMFarflt; C:\windows\system32\DRIVERS\farflt.sys [110016 2017-11-07] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\DRIVERS\mbam.sys [45504 2017-11-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-07] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\DRIVERS\mwac.sys [94144 2017-11-07] (Malwarebytes)
S3 NetAdapterCx; C:\windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\windows\System32\drivers\Netwtw04.sys [7643648 2017-07-13] (Intel Corporation)
R3 nvlddmkm; C:\windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_37a8c95c43198f03\nvlddmkm.sys [16923064 2017-10-07] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-06] (NVIDIA Corporation)
S3 NVSWCFilter; C:\windows\System32\drivers\nvswcfilter.sys [35272 2016-11-01] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [48064 2017-10-06] (NVIDIA Corporation)
R3 nvvhci; C:\windows\System32\drivers\nvvhci.sys [57792 2017-10-06] (NVIDIA Corporation)
R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [779232 2016-08-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\windows\System32\drivers\Smb_driver_AMDASF.sys [60008 2016-08-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [46680 2017-10-06] (Synaptics Incorporated)
S3 t_mouse.sys; C:\windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-07-31] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-07 22:20 - 2017-11-07 22:20 - 002403328 _____ (Farbar) C:\Users\Bjørn\Downloads\FRST64.exe
2017-11-07 22:20 - 2017-11-07 22:20 - 000022680 _____ C:\Users\Bjørn\Downloads\FRST.txt
2017-11-07 22:20 - 2017-11-07 22:20 - 000000000 ____D C:\FRST
2017-11-07 22:02 - 2017-11-07 22:11 - 000252232 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2017-11-07 22:02 - 2017-11-07 22:11 - 000094144 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-11-07 22:02 - 2017-11-07 22:11 - 000045504 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-11-07 22:02 - 2017-11-07 22:02 - 000192952 _____ (Malwarebytes) C:\windows\system32\Drivers\MbamChameleon.sys
2017-11-07 21:59 - 2017-11-07 22:11 - 000110016 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2017-11-07 21:59 - 2017-11-07 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\VOIP.dat
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\ASR.dat
2017-11-07 15:23 - 2017-11-07 22:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Studios
2017-11-07 15:20 - 2017-11-07 21:47 - 000000000 ____D C:\Users\Bjørn\AppData\Local\Microsoft Windows
2017-11-06 18:11 - 2017-11-06 18:23 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\SpinTires MudRunner
2017-11-06 18:11 - 2017-11-06 18:11 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\SmartSteamEmu
2017-11-06 18:09 - 2017-11-06 18:09 - 000000000 ____D C:\Users\Bjørn\Downloads\Spintires.MudRunner
2017-11-06 17:52 - 2017-11-06 18:09 - 875346382 ____R C:\Users\Bjørn\Downloads\Spintires.MudRunner.rar
2017-11-06 07:41 - 2017-11-06 07:41 - 000000006 _____ C:\Users\Bjørn\Desktop\Nytt tekstdokument.txt
2017-11-06 01:24 - 2017-11-06 01:24 - 000000000 ____D C:\Users\Bjørn\Documents\Ghost Games
2017-11-05 01:10 - 2017-11-05 01:10 - 000000000 ____D C:\Users\Public\Documents\Steam
2017-11-05 01:08 - 2017-11-05 01:08 - 000001065 _____ C:\Users\Bjørn\Desktop\A Hat in Time.lnk
2017-11-05 01:08 - 2017-11-05 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Hat in Time
2017-11-04 07:38 - 2017-11-04 15:04 - 000000000 ____D C:\Users\Bjørn\Downloads\xenia-master
2017-11-03 21:44 - 2017-11-03 21:46 - 010537680 _____ C:\Users\Bjørn\Downloads\xenia-master.zip
2017-11-03 13:28 - 2017-11-03 13:28 - 000000000 ____D C:\windows\LastGood.Tmp
2017-11-02 00:12 - 2017-11-07 07:16 - 000003378 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2005289373-1912076802-1295118333-1001
2017-10-31 20:25 - 2017-10-31 20:25 - 000000000 ____D C:\Users\Bjørn\Downloads\GECK_NVE_v1.4
2017-10-31 20:23 - 2017-10-31 20:23 - 005717294 _____ C:\Users\Bjørn\Downloads\GECK_NVE_v1.4.zip
2017-10-29 13:26 - 2017-10-28 21:48 - 001576877 _____ C:\Users\Bjørn\Desktop\20171028_2240_japan-J27_O_I_120_101_dday.wotreplay
2017-10-28 00:11 - 2017-10-28 00:11 - 000170901 _____ C:\Users\Bjørn\Downloads\Norge.pdf
2017-10-27 15:47 - 2017-10-27 15:47 - 000704928 _____ C:\Users\Bjørn\Downloads\subscriptions.htm
2017-10-19 19:57 - 2017-10-19 19:57 - 000000000 ____D C:\Users\Public\Documents\uPlay
2017-10-13 19:57 - 2016-09-26 12:18 - 000053280 _____ (HP) C:\windows\SysWOW64\accelerometerdll.DLL
2017-10-13 19:56 - 2017-10-13 19:57 - 000000000 ____D C:\Users\Default\AppData\Roaming\hpqLog
2017-10-13 19:56 - 2017-10-13 19:57 - 000000000 ____D C:\Users\Default User\AppData\Roaming\hpqLog
2017-10-11 21:46 - 2017-11-03 13:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-10-11 21:46 - 2017-09-14 00:20 - 000798008 _____ C:\windows\SysWOW64\vulkan-1.dll
2017-10-11 21:46 - 2017-09-14 00:20 - 000490296 _____ C:\windows\SysWOW64\vulkaninfo.exe
2017-10-11 21:46 - 2017-09-14 00:19 - 000927544 _____ C:\windows\system32\vulkan-1.dll
2017-10-11 21:46 - 2017-09-14 00:19 - 000591160 _____ C:\windows\system32\vulkaninfo.exe
2017-10-11 21:44 - 2017-10-06 14:35 - 040237176 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 036229056 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 035156600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 029262272 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 023261440 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 019035160 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 013863184 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 013251240 _____ (NVIDIA Corporation) C:\windows\system32\nvptxJitCompiler.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 011777952 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 010880672 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvptxJitCompiler.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 004201408 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 003816560 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 003614328 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001988216 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6438792.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001606776 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6438792.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001331016 _____ (NVIDIA Corporation) C:\windows\system32\nvEncMFThevc.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001321448 _____ (NVIDIA Corporation) C:\windows\system32\nvEncMFTH264.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001135280 _____ (NVIDIA Corporation) C:\windows\system32\nvfatbinaryLoader.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001098688 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001044664 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncMFThevc.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001038680 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncMFTH264.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 001030264 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000981112 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000932288 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000885496 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvfatbinaryLoader.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000794576 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000632848 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000615544 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000505792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2017-10-11 21:44 - 2017-10-06 14:35 - 000000669 _____ C:\windows\SysWOW64\nv-vk32.json
2017-10-11 21:44 - 2017-10-06 14:35 - 000000669 _____ C:\windows\system32\nv-vk64.json
2017-10-11 15:22 - 2017-10-11 15:22 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2017-10-11 15:20 - 2017-09-18 04:27 - 000218976 _____ (Microsoft Corporation) C:\windows\SysWOW64\offlinesam.dll
2017-10-11 15:20 - 2017-09-18 04:09 - 007780192 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-10-11 15:20 - 2017-09-18 04:09 - 002213760 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-10-11 15:20 - 2017-09-18 04:09 - 000646688 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2017-10-11 15:20 - 2017-09-18 04:09 - 000133984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-10-11 15:20 - 2017-09-18 04:08 - 000998920 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2017-10-11 15:20 - 2017-09-18 04:05 - 001177688 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-10-11 15:20 - 2017-09-18 04:05 - 000497424 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2017-10-11 15:20 - 2017-09-18 04:05 - 000172536 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-10-11 15:20 - 2017-09-18 04:04 - 001706488 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-10-11 15:20 - 2017-09-18 04:04 - 000918304 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2017-10-11 15:20 - 2017-09-18 04:03 - 000791272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-10-11 15:20 - 2017-09-18 04:02 - 007213464 _____ (Microsoft Corporation) C:\windows\system32\windows.storage.dll
2017-10-11 15:20 - 2017-09-18 04:02 - 001860288 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2017-10-11 15:20 - 2017-09-18 04:01 - 000431456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2017-10-11 15:20 - 2017-09-18 04:01 - 000223072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-10-11 15:20 - 2017-09-18 04:00 - 001072248 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 022220864 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 008173672 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 004260072 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 001983408 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 001702392 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 000341344 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-10-11 15:20 - 2017-09-18 03:59 - 000241504 _____ (Microsoft Corporation) C:\windows\system32\CloudExperienceHost.dll
2017-10-11 15:20 - 2017-09-18 03:56 - 000057408 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-10-11 15:20 - 2017-09-18 03:55 - 005722320 _____ (Microsoft Corporation) C:\windows\SysWOW64\windows.storage.dll
2017-10-11 15:20 - 2017-09-18 03:55 - 001431240 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-10-11 15:20 - 2017-09-18 03:54 - 001980768 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 020967840 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 006672680 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 004023560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 001845512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 001360464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 001277856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2017-10-11 15:20 - 2017-09-18 03:52 - 000981888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2017-10-11 15:20 - 2017-09-18 03:51 - 000178016 _____ (Microsoft Corporation) C:\windows\SysWOW64\basecsp.dll
2017-10-11 15:20 - 2017-09-18 03:49 - 001435896 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2017-10-11 15:20 - 2017-09-18 03:49 - 001412128 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32full.dll
2017-10-11 15:20 - 2017-09-18 03:49 - 001260784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2017-10-11 15:20 - 2017-09-18 03:48 - 000117792 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-10-11 15:20 - 2017-09-18 03:36 - 022570496 _____ (Microsoft Corporation) C:\windows\system32\edgehtml.dll
2017-10-11 15:20 - 2017-09-18 03:35 - 000372736 _____ (Microsoft Corporation) C:\windows\system32\RDXTaskFactory.dll
2017-10-11 15:20 - 2017-09-18 03:34 - 000095232 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserDataTimeUtil.dll
2017-10-11 15:20 - 2017-09-18 03:33 - 000135168 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2017-10-11 15:20 - 2017-09-18 03:33 - 000119808 _____ (Microsoft Corporation) C:\windows\system32\UserDataTimeUtil.dll
2017-10-11 15:20 - 2017-09-18 03:32 - 000041472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BasicRender.sys
2017-10-11 15:20 - 2017-09-18 03:32 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-10-11 15:20 - 2017-09-18 03:31 - 006288384 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2017-10-11 15:20 - 2017-09-18 03:31 - 000519168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ngccredprov.dll
2017-10-11 15:20 - 2017-09-18 03:31 - 000239104 _____ (Microsoft Corporation) C:\windows\system32\MusNotification.exe
2017-10-11 15:20 - 2017-09-18 03:31 - 000156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserDeviceRegistration.dll
2017-10-11 15:20 - 2017-09-18 03:31 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-10-11 15:20 - 2017-09-18 03:30 - 000232448 _____ (Microsoft Corporation) C:\windows\SysWOW64\scksp.dll
2017-10-11 15:20 - 2017-09-18 03:30 - 000147456 _____ (Microsoft Corporation) C:\windows\SysWOW64\VCardParser.dll
2017-10-11 15:20 - 2017-09-18 03:29 - 000411136 _____ (Microsoft Corporation) C:\windows\system32\NgcCtnr.dll
2017-10-11 15:20 - 2017-09-18 03:29 - 000231424 _____ (Microsoft Corporation) C:\windows\system32\shutdownux.dll
2017-10-11 15:20 - 2017-09-18 03:29 - 000187904 _____ (Microsoft Corporation) C:\windows\system32\VCardParser.dll
2017-10-11 15:20 - 2017-09-18 03:29 - 000184320 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserMgrProxy.dll
2017-10-11 15:20 - 2017-09-18 03:28 - 000536064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys
2017-10-11 15:20 - 2017-09-18 03:28 - 000406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dsreg.dll
2017-10-11 15:20 - 2017-09-18 03:28 - 000237056 _____ (Microsoft Corporation) C:\windows\SysWOW64\SyncSettings.dll
2017-10-11 15:20 - 2017-09-18 03:28 - 000140288 _____ (Microsoft Corporation) C:\windows\system32\AppointmentActivation.dll
2017-10-11 15:20 - 2017-09-18 03:28 - 000105984 _____ (Microsoft Corporation) C:\windows\system32\ngcpopkeysrv.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 004615168 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 000719872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdiWiFi.sys
2017-10-11 15:20 - 2017-09-18 03:27 - 000641024 _____ (Microsoft Corporation) C:\windows\system32\ngccredprov.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 000590336 _____ (Microsoft Corporation) C:\windows\system32\efswrt.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 000463360 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 000349184 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-10-11 15:20 - 2017-09-18 03:27 - 000326656 _____ (Microsoft Corporation) C:\windows\system32\domgmt.dll
2017-10-11 15:20 - 2017-09-18 03:27 - 000295424 _____ (Microsoft Corporation) C:\windows\system32\updatehandlers.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000805888 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPTpm12.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000431616 _____ (Microsoft Corporation) C:\windows\SysWOW64\efswrt.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000396800 _____ (Microsoft Corporation) C:\windows\system32\tpmvsc.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000384000 _____ (Microsoft Corporation) C:\windows\system32\cryptngc.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000298496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Internal.Management.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000284672 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2017-10-11 15:20 - 2017-09-18 03:26 - 000283136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-10-11 15:20 - 2017-09-18 03:26 - 000125952 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2017-10-11 15:20 - 2017-09-18 03:25 - 002333184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2017-10-11 15:20 - 2017-09-18 03:25 - 000461824 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2017-10-11 15:20 - 2017-09-18 03:25 - 000425984 _____ (Microsoft Corporation) C:\windows\system32\aadcloudap.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 013107712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 007626240 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 002103808 _____ (Microsoft Corporation) C:\windows\system32\wlidsvc.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 001589760 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 000819200 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppContracts.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 000755200 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-10-11 15:20 - 2017-09-18 03:24 - 000713216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2017-10-11 15:20 - 2017-09-18 03:24 - 000409600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2017-10-11 15:20 - 2017-09-18 03:23 - 000857600 _____ (Microsoft Corporation) C:\windows\SysWOW64\EmailApis.dll
2017-10-11 15:20 - 2017-09-18 03:23 - 000816640 _____ (Microsoft Corporation) C:\windows\SysWOW64\NaturalLanguage6.dll
2017-10-11 15:20 - 2017-09-18 03:23 - 000636928 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2017-10-11 15:20 - 2017-09-18 03:23 - 000442368 _____ (Microsoft Corporation) C:\windows\system32\PlayToDevice.dll
2017-10-11 15:20 - 2017-09-18 03:23 - 000297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-10-11 15:20 - 2017-09-18 03:23 - 000287744 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptngc.dll
2017-10-11 15:20 - 2017-09-18 03:23 - 000238080 _____ (Microsoft Corporation) C:\windows\SysWOW64\AboveLockAppHost.dll
2017-10-11 15:20 - 2017-09-18 03:22 - 001323008 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsp_fs.dll
2017-10-11 15:20 - 2017-09-18 03:22 - 001137664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsp_health.dll
2017-10-11 15:20 - 2017-09-18 03:21 - 018364928 _____ (Microsoft Corporation) C:\windows\SysWOW64\edgehtml.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 023677952 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 019414016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 002641920 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 000937984 _____ (Microsoft Corporation) C:\windows\system32\MCRecvSrc.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 000343040 _____ (Microsoft Corporation) C:\windows\SysWOW64\PlayToDevice.dll
2017-10-11 15:20 - 2017-09-18 03:20 - 000284160 _____ (Microsoft Corporation) C:\windows\system32\AboveLockAppHost.dll
2017-10-11 15:20 - 2017-09-18 03:19 - 002750976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2017-10-11 15:20 - 2017-09-18 03:19 - 000549376 _____ (Microsoft Corporation) C:\windows\system32\usocore.dll
2017-10-11 15:20 - 2017-09-18 03:19 - 000303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mcbuilder.exe
2017-10-11 15:20 - 2017-09-18 03:19 - 000161792 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 012204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 008114688 _____ (Microsoft Corporation) C:\windows\system32\Chakra.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 008077312 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 007470592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 001145344 _____ (Microsoft Corporation) C:\windows\system32\EmailApis.dll
2017-10-11 15:20 - 2017-09-18 03:18 - 000330752 _____ (Microsoft Corporation) C:\windows\system32\NgcCtnrSvc.dll
2017-10-11 15:20 - 2017-09-18 03:17 - 003401216 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-10-11 15:20 - 2017-09-18 03:17 - 001783296 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-10-11 15:20 - 2017-09-18 03:17 - 000641024 _____ (Microsoft Corporation) C:\windows\SysWOW64\MCRecvSrc.dll
2017-10-11 15:20 - 2017-09-18 03:16 - 004743168 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-10-11 15:20 - 2017-09-18 03:16 - 004596224 _____ (Microsoft Corporation) C:\windows\system32\xpsrchvw.exe
2017-10-11 15:20 - 2017-09-18 03:16 - 003520512 _____ (Microsoft Corporation) C:\windows\SysWOW64\xpsrchvw.exe
2017-10-11 15:20 - 2017-09-18 03:15 - 006065152 _____ (Microsoft Corporation) C:\windows\SysWOW64\Chakra.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 003202048 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 002800128 _____ (Microsoft Corporation) C:\windows\system32\netshell.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 002538496 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 002370048 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 001282048 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 001231360 _____ (Microsoft Corporation) C:\windows\system32\dosvc.dll
2017-10-11 15:20 - 2017-09-18 03:15 - 000701952 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Connectivity.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 006474752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspaint.exe
2017-10-11 15:20 - 2017-09-18 03:14 - 003663360 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002997760 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32kfull.sys
2017-10-11 15:20 - 2017-09-18 03:14 - 002897408 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002740224 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002682880 _____ (Microsoft Corporation) C:\windows\SysWOW64\netshell.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002649600 _____ (Microsoft Corporation) C:\windows\SysWOW64\CertEnroll.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 001988096 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 001599488 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 001556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 001518080 _____ (Microsoft Corporation) C:\windows\system32\win32kbase.sys
2017-10-11 15:20 - 2017-09-18 03:14 - 001328640 _____ (Microsoft Corporation) C:\windows\system32\Windows.Web.Http.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 001170944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.Speech.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000983552 _____ (Microsoft Corporation) C:\windows\system32\ngcsvc.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000971264 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000913920 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000908800 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000903680 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-10-11 15:20 - 2017-09-18 03:14 - 000827904 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000774656 _____ (Microsoft Corporation) C:\windows\system32\Windows.Web.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000765440 _____ (Microsoft Corporation) C:\windows\system32\Windows.Devices.Sensors.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000675840 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000657408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000650752 _____ (Microsoft Corporation) C:\windows\system32\RDXService.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000542208 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 000392192 _____ (Microsoft Corporation) C:\windows\system32\wuuhext.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 001121280 _____ (Microsoft Corporation) C:\windows\system32\aadtb.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 001013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Web.Http.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000924672 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000886272 _____ (Microsoft Corporation) C:\windows\SysWOW64\aadtb.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000773120 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-10-11 15:20 - 2017-09-18 03:13 - 000751104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000598528 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Web.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000589312 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Devices.Sensors.dll
2017-10-11 15:20 - 2017-09-18 03:13 - 000164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2017-10-11 15:20 - 2017-09-18 03:12 - 000998912 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2017-10-11 15:20 - 2017-09-18 03:12 - 000532992 _____ (Microsoft Corporation) C:\windows\system32\TpmCoreProvisioning.dll
2017-10-11 15:20 - 2017-09-18 03:12 - 000439296 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2017-10-11 15:20 - 2017-09-18 03:11 - 000783360 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2017-10-11 15:20 - 2017-09-18 03:11 - 000450048 _____ (Microsoft Corporation) C:\windows\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 15:20 - 2017-09-15 00:05 - 001302136 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2017-10-11 15:20 - 2017-09-14 23:59 - 000096064 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmcmnutils.dll
2017-10-11 15:20 - 2017-09-14 23:52 - 000136032 _____ (Microsoft Corporation) C:\windows\SysWOW64\CloudExperienceHostUser.dll
2017-10-11 15:20 - 2017-09-14 23:49 - 001202936 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2017-10-11 15:20 - 2017-09-14 23:34 - 000108544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2017-10-11 15:20 - 2017-09-14 23:32 - 000326144 _____ (Microsoft Corporation) C:\windows\system32\CertEnrollUI.dll
2017-10-11 15:20 - 2017-09-14 23:32 - 000127488 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 15:20 - 2017-09-14 23:31 - 000328192 _____ (Microsoft Corporation) C:\windows\SysWOW64\daxexec.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000456192 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000291840 _____ (Microsoft Corporation) C:\windows\SysWOW64\CertEnrollUI.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000194560 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSWB7.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\dinput8.dll
2017-10-11 15:20 - 2017-09-14 23:30 - 000098304 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-10-11 15:20 - 2017-09-14 23:28 - 000311296 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-10-11 15:20 - 2017-09-14 23:28 - 000136192 _____ (Microsoft Corporation) C:\windows\SysWOW64\dinput.dll
2017-10-11 15:20 - 2017-09-14 23:27 - 000662528 _____ (Microsoft Corporation) C:\windows\SysWOW64\netlogon.dll
2017-10-11 15:20 - 2017-09-14 23:26 - 001167360 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2017-10-11 15:20 - 2017-09-14 23:26 - 000636928 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2017-10-11 15:20 - 2017-09-14 23:26 - 000359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\certreq.exe
2017-10-11 15:20 - 2017-09-14 23:25 - 000529920 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2017-10-11 15:20 - 2017-09-14 23:24 - 000981504 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2017-10-11 15:20 - 2017-09-14 23:22 - 000987648 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2017-10-11 15:20 - 2017-09-14 23:22 - 000634368 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2017-10-11 15:20 - 2017-09-14 23:20 - 002852864 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-10-11 15:20 - 2017-09-14 23:18 - 003299840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2017-10-11 15:20 - 2017-09-14 23:18 - 000273920 _____ (Microsoft Corporation) C:\windows\system32\umrdp.dll
2017-10-11 15:20 - 2017-09-14 23:16 - 000068608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys
2017-10-11 15:20 - 2017-09-14 23:15 - 003106304 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2017-10-11 15:20 - 2017-09-14 03:04 - 000640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll
2017-10-11 15:20 - 2017-09-14 03:04 - 000345088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2017-10-11 15:20 - 2017-09-14 03:04 - 000008704 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll
2017-10-11 15:20 - 2017-03-04 08:10 - 000360040 _____ (Microsoft Corporation) C:\windows\system32\SystemSettingsAdminFlows.exe
2017-10-11 15:20 - 2017-03-04 07:28 - 000224256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExSMime.dll
2017-10-11 15:20 - 2017-03-04 07:25 - 000748544 _____ (Microsoft Corporation) C:\windows\system32\ChatApis.dll
2017-10-11 15:20 - 2017-03-04 07:24 - 000088576 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-10-11 15:20 - 2017-03-04 07:23 - 001184256 _____ (Microsoft Corporation) C:\windows\system32\Unistore.dll
2017-10-11 15:20 - 2017-03-04 07:23 - 000299520 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserDataAccountApis.dll
2017-10-11 15:20 - 2017-03-04 07:18 - 000567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ChatApis.dll
2017-10-11 15:20 - 2017-03-04 07:16 - 000368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2017-10-11 15:20 - 2017-03-04 07:00 - 000862208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2017-10-11 15:20 - 2017-03-04 07:00 - 000711680 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2017-10-11 15:19 - 2017-09-18 04:17 - 001564512 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-10-11 15:19 - 2017-09-18 04:17 - 000245600 _____ (Microsoft Corporation) C:\windows\system32\offlinesam.dll
2017-10-11 15:19 - 2017-09-18 04:17 - 000136032 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-10-11 15:19 - 2017-09-18 04:08 - 002253664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-10-11 15:19 - 2017-09-18 04:05 - 000168800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-10-11 15:19 - 2017-09-18 04:04 - 000404832 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-10-11 15:19 - 2017-09-18 04:01 - 002446704 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2017-10-11 15:19 - 2017-09-18 04:01 - 000624048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2017-10-11 15:19 - 2017-09-18 03:58 - 001600632 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2017-10-11 15:19 - 2017-09-18 03:58 - 000206688 _____ (Microsoft Corporation) C:\windows\system32\basecsp.dll
2017-10-11 15:19 - 2017-09-18 03:57 - 001566552 _____ (Microsoft Corporation) C:\windows\system32\gdi32full.dll
2017-10-11 15:19 - 2017-09-18 03:57 - 001460696 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2017-10-11 15:19 - 2017-09-18 03:57 - 001415712 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2017-10-11 15:19 - 2017-09-18 03:33 - 000057856 _____ (Microsoft Corporation) C:\windows\system32\TransliterationRanker.dll
2017-10-11 15:19 - 2017-09-18 03:32 - 000177152 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-10-11 15:19 - 2017-09-18 03:32 - 000054272 _____ (Microsoft Corporation) C:\windows\system32\jpninputrouter.dll
2017-10-11 15:19 - 2017-09-18 03:32 - 000054272 _____ (Microsoft Corporation) C:\windows\system32\EmojiDS.dll
2017-10-11 15:19 - 2017-09-18 03:31 - 000069120 _____ (Microsoft Corporation) C:\windows\system32\RuleBasedDS.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000262656 _____ (Microsoft Corporation) C:\windows\system32\jpnranker.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000257536 _____ (Microsoft Corporation) C:\windows\system32\scksp.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000196096 _____ (Microsoft Corporation) C:\windows\system32\UserDeviceRegistration.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000174592 _____ C:\windows\system32\IHDS.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000131584 _____ (Microsoft Corporation) C:\windows\system32\VocabRoamingHandler.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000117760 _____ (Microsoft Corporation) C:\windows\system32\StaticDictDS.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000101888 _____ (Microsoft Corporation) C:\windows\system32\UserDeviceRegistration.Ngc.dll
2017-10-11 15:19 - 2017-09-18 03:30 - 000095232 _____ (Microsoft Corporation) C:\windows\system32\chxranker.dll
2017-10-11 15:19 - 2017-09-18 03:29 - 009129984 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2017-10-11 15:19 - 2017-09-18 03:29 - 000414720 _____ (Microsoft Corporation) C:\windows\system32\ChsStrokeDS.dll
2017-10-11 15:19 - 2017-09-18 03:28 - 000414720 _____ (Microsoft Corporation) C:\windows\system32\ChtHkStrokeDS.dll
2017-10-11 15:19 - 2017-09-18 03:28 - 000335872 _____ (Microsoft Corporation) C:\windows\system32\ChsPinyinRanker.dll
2017-10-11 15:19 - 2017-09-18 03:28 - 000290816 _____ (Microsoft Corporation) C:\windows\system32\MtfDecoder.dll
2017-10-11 15:19 - 2017-09-18 03:28 - 000289792 _____ (Microsoft Corporation) C:\windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-10-11 15:19 - 2017-09-18 03:28 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\TpmTasks.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000626176 _____ (Microsoft Corporation) C:\windows\system32\PCPTpm12.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000525824 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000497152 _____ (Microsoft Corporation) C:\windows\system32\ChxAPDS.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000480768 _____ (Microsoft Corporation) C:\windows\system32\msimeChsPinyinMainDS.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000469504 _____ (Microsoft Corporation) C:\windows\system32\ChxHAPDS.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000422400 _____ (Microsoft Corporation) C:\windows\system32\ChtCangjieDS.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000410624 _____ (Microsoft Corporation) C:\windows\system32\ChtQuickDS.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000407552 _____ (Microsoft Corporation) C:\windows\system32\Windows.Internal.Management.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000379904 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000336384 _____ (Microsoft Corporation) C:\windows\system32\jpndecoder.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000329728 _____ (Microsoft Corporation) C:\windows\system32\chxinputrouter.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000310784 _____ (Microsoft Corporation) C:\windows\system32\SyncSettings.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000268800 _____ (Microsoft Corporation) C:\windows\system32\UserMgrProxy.dll
2017-10-11 15:19 - 2017-09-18 03:27 - 000147456 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-10-11 15:19 - 2017-09-18 03:26 - 002716672 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2017-10-11 15:19 - 2017-09-18 03:26 - 000686592 _____ (Microsoft Corporation) C:\windows\system32\dsregcmd.exe
2017-10-11 15:19 - 2017-09-18 03:26 - 000562176 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2017-10-11 15:19 - 2017-09-18 03:26 - 000481792 _____ (Microsoft Corporation) C:\windows\system32\dsreg.dll
2017-10-11 15:19 - 2017-09-18 03:26 - 000265216 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2017-10-11 15:19 - 2017-09-18 03:26 - 000176128 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2017-10-11 15:19 - 2017-09-18 03:25 - 001914368 _____ (Microsoft Corporation) C:\windows\system32\wsp_fs.dll
2017-10-11 15:19 - 2017-09-18 03:25 - 000148992 _____ (Microsoft Corporation) C:\windows\system32\TabSvc.dll
2017-10-11 15:19 - 2017-09-18 03:25 - 000105984 _____ (Microsoft Corporation) C:\windows\system32\RjvMDMConfig.dll
2017-10-11 15:19 - 2017-09-18 03:24 - 001584640 _____ (Microsoft Corporation) C:\windows\system32\wsp_health.dll
2017-10-11 15:19 - 2017-09-18 03:22 - 004749824 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers_nt.dll
2017-10-11 15:19 - 2017-09-18 03:22 - 003291648 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2017-10-11 15:19 - 2017-09-18 03:22 - 000883712 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2017-10-11 15:19 - 2017-09-18 03:22 - 000352256 _____ (Microsoft Corporation) C:\windows\system32\mcbuilder.exe
2017-10-11 15:19 - 2017-09-18 03:22 - 000198144 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-10-11 15:19 - 2017-09-18 03:19 - 001060352 _____ (Microsoft Corporation) C:\windows\system32\AppContracts.dll
2017-10-11 15:19 - 2017-09-18 03:19 - 000519168 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2017-10-11 15:19 - 2017-09-18 03:18 - 001010176 _____ (Microsoft Corporation) C:\windows\system32\enterprisecsps.dll
2017-10-11 15:19 - 2017-09-18 03:18 - 000956416 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 15:19 - 2017-09-18 03:18 - 000932864 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-10-11 15:19 - 2017-09-18 03:17 - 002279424 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2017-10-11 15:19 - 2017-09-18 03:16 - 001484800 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-10-11 15:19 - 2017-09-18 03:15 - 002919936 _____ (Microsoft Corporation) C:\windows\system32\CertEnroll.dll
2017-10-11 15:19 - 2017-09-18 03:15 - 001692160 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 15:19 - 2017-09-18 03:15 - 000893952 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2017-10-11 15:19 - 2017-09-18 03:14 - 003615744 _____ (Microsoft Corporation) C:\windows\system32\win32kfull.sys
2017-10-11 15:19 - 2017-09-18 03:14 - 002321408 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-10-11 15:19 - 2017-09-18 03:14 - 001040896 _____ (Microsoft Corporation) C:\windows\system32\NaturalLanguage6.dll
2017-10-11 15:19 - 2017-09-18 03:14 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2017-10-11 15:19 - 2017-09-18 03:14 - 000799744 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-10-11 15:19 - 2017-09-18 03:13 - 001726976 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2017-10-11 15:19 - 2017-09-18 03:13 - 000203264 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2017-10-11 15:19 - 2017-09-18 03:11 - 000151552 _____ (Microsoft Corporation) C:\windows\system32\trie.dll
2017-10-11 15:19 - 2017-09-18 03:11 - 000108032 _____ (Microsoft Corporation) C:\windows\system32\MTFFuzzyDS.dll
2017-10-11 15:19 - 2017-09-18 03:11 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\MTFSpellcheckDS.dll
2017-10-11 15:19 - 2017-09-15 00:14 - 000119328 _____ (Microsoft Corporation) C:\windows\system32\dmcmnutils.dll
2017-10-11 15:19 - 2017-09-14 23:32 - 000250880 _____ (Microsoft Corporation) C:\windows\system32\MSWB7.dll
2017-10-11 15:19 - 2017-09-14 23:32 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\dinput8.dll
2017-10-11 15:19 - 2017-09-14 23:32 - 000162304 _____ (Microsoft Corporation) C:\windows\system32\dinput.dll
2017-10-11 15:19 - 2017-09-14 23:31 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\daxexec.dll
2017-10-11 15:19 - 2017-09-14 23:31 - 000280576 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2017-10-11 15:19 - 2017-09-14 23:29 - 000352256 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-10-11 15:19 - 2017-09-14 23:25 - 000821248 _____ (Microsoft Corporation) C:\windows\system32\comuid.dll
2017-10-11 15:19 - 2017-09-14 23:24 - 000433152 _____ (Microsoft Corporation) C:\windows\system32\certreq.exe
2017-10-11 15:19 - 2017-09-14 23:23 - 000560128 _____ (Microsoft Corporation) C:\windows\system32\AppReadiness.dll
2017-10-11 15:19 - 2017-09-14 23:22 - 000820736 _____ (Microsoft Corporation) C:\windows\system32\netlogon.dll
2017-10-11 15:19 - 2017-09-14 23:19 - 001421824 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2017-10-11 15:19 - 2017-09-14 23:19 - 000928256 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2017-10-11 15:19 - 2017-03-04 07:11 - 001643008 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.Speech.dll
2017-10-11 15:19 - 2017-03-04 07:07 - 001064448 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-07 22:20 - 2017-02-16 18:59 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\Skype
2017-11-07 22:18 - 2016-11-22 10:23 - 002281672 _____ C:\windows\system32\perfh014.dat
2017-11-07 22:18 - 2016-11-22 10:23 - 000650044 _____ C:\windows\system32\perfc014.dat
2017-11-07 22:18 - 2016-07-29 13:37 - 005232904 _____ C:\windows\system32\PerfStringBackup.INI
2017-11-07 22:13 - 2017-01-21 22:32 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-07 22:11 - 2017-02-16 18:57 - 000000000 __SHD C:\Users\Bjørn\IntelGraphicsProfiles
2017-11-07 22:11 - 2016-07-29 13:32 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-11-07 22:11 - 2016-07-16 07:04 - 000524288 _____ C:\windows\system32\config\BBI
2017-11-07 22:04 - 2017-02-16 18:57 - 000000000 ____D C:\Users\Bjørn
2017-11-07 22:02 - 2017-02-17 16:21 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-11-07 21:59 - 2017-02-17 16:21 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-07 21:57 - 2017-09-15 13:01 - 000000364 _____ C:\windows\Tasks\HPCeeScheduleForBjørn.job
2017-11-07 21:52 - 2017-02-16 19:03 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-07 21:50 - 2016-07-16 12:47 - 000000000 ____D C:\windows\AppReadiness
2017-11-07 21:40 - 2017-02-16 21:40 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\Spotify
2017-11-07 21:40 - 2016-07-29 13:32 - 000000000 ____D C:\windows\system32\SleepStudy
2017-11-07 21:08 - 2017-02-16 20:40 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\uTorrent
2017-11-07 19:13 - 2017-10-01 19:57 - 000000000 ____D C:\Program Files (x86)\Blizzard App
2017-11-07 16:41 - 2017-02-16 21:44 - 000000000 ____D C:\Users\Bjørn\AppData\Local\Spotify
2017-11-07 15:21 - 2017-02-17 13:50 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-11-07 15:21 - 2017-02-17 13:50 - 000000000 ____D C:\Games
2017-11-07 15:17 - 2017-02-17 13:51 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\DAEMON Tools Lite
2017-11-07 13:26 - 2017-09-15 13:01 - 000003256 _____ C:\windows\System32\Tasks\HPCeeScheduleForBjørn
2017-11-07 07:16 - 2017-02-16 18:59 - 000002380 _____ C:\Users\Bjørn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 07:16 - 2017-02-16 18:59 - 000000000 ___RD C:\Users\Bjørn\OneDrive
2017-11-06 02:33 - 2017-02-16 18:57 - 000000000 ____D C:\Users\Bjørn\AppData\Local\Packages
2017-11-06 01:12 - 2017-05-03 18:42 - 000000000 ___HD C:\windows\msdownld.tmp
2017-11-06 01:12 - 2017-05-03 18:42 - 000000000 ____D C:\Program Files (x86)\Mr DJ
2017-11-06 01:12 - 2017-05-03 18:41 - 000000000 ____D C:\windows\SysWOW64\directx
2017-11-06 01:12 - 2016-11-22 03:37 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-05 22:17 - 2017-02-19 23:19 - 000000000 ____D C:\Users\Bjørn\AppData\Local\CrashDumps
2017-11-05 22:17 - 2016-07-16 12:45 - 000000000 ____D C:\windows\INF
2017-11-05 11:46 - 2017-08-16 18:02 - 000000000 ____D C:\Users\Bjørn\AppData\Roaming\vlc
2017-11-04 07:35 - 2017-02-16 18:59 - 000000000 ____D C:\Users\Bjørn\AppData\Local\NVIDIA
2017-11-03 13:28 - 2017-01-21 22:30 - 000000000 ____D C:\Program Files\Intel
2017-11-03 13:22 - 2017-10-01 12:22 - 000000000 ____D C:\Program Files\rempl
2017-11-01 15:24 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-28 01:28 - 2016-07-16 12:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-28 01:27 - 2016-11-22 03:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-10-22 11:12 - 2017-08-17 00:08 - 000000000 ____D C:\Program Files (x86)\Popcorn Time
2017-10-22 11:11 - 2017-02-26 17:02 - 000000000 ____D C:\Users\Bjørn\AppData\Local\My Games
2017-10-19 19:52 - 2017-02-17 13:56 - 000000000 ____D C:\Users\Bjørn\Documents\My Games
2017-10-18 15:04 - 2016-07-16 12:36 - 000000000 ____D C:\windows\CbsTemp
2017-10-13 19:56 - 2016-11-22 09:53 - 000000000 ____D C:\SWSetup
2017-10-13 19:56 - 2016-11-22 03:34 - 000000000 ____D C:\Program Files (x86)\HP
2017-10-13 12:17 - 2016-07-16 12:47 - 000000000 ____D C:\windows\LiveKernelReports
2017-10-12 23:27 - 2017-03-17 00:40 - 000835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-10-12 23:27 - 2017-03-17 00:40 - 000177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 15:10 - 2016-07-16 12:47 - 000000000 ____D C:\windows\rescache
2017-10-12 14:17 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 14:17 - 2016-07-29 13:32 - 000294632 _____ C:\windows\system32\FNTCACHE.DAT
2017-10-12 00:02 - 2016-07-16 12:47 - 000000000 ___RD C:\windows\ImmersiveControlPanel
2017-10-12 00:02 - 2016-07-16 12:47 - 000000000 ____D C:\windows\system32\oobe
2017-10-12 00:02 - 2016-07-16 12:47 - 000000000 ____D C:\windows\ShellExperiences
2017-10-11 23:21 - 2017-02-16 18:58 - 000000000 ____D C:\Users\Bjørn\AppData\Local\Hewlett-Packard
2017-10-11 21:46 - 2017-06-12 14:17 - 000004308 _____ C:\windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000004000 _____ C:\windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003994 _____ C:\windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003894 _____ C:\windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003866 _____ C:\windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003858 _____ C:\windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003696 _____ C:\windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-06-12 14:17 - 000003654 _____ C:\windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-10-11 21:46 - 2017-01-21 22:32 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-10-11 21:46 - 2017-01-21 22:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-10-11 21:46 - 2017-01-21 22:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-10-11 15:23 - 2017-02-17 17:03 - 000000000 ____D C:\windows\system32\MRT
2017-10-11 15:22 - 2017-02-17 17:03 - 126925120 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-10-11 14:26 - 2016-11-22 11:02 - 000244816 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2017-10-11 14:26 - 2016-11-22 11:01 - 001081856 _____ (Microsoft Corporation) C:\windows\system32\Chakradiag.dll
2017-10-11 14:26 - 2016-11-22 11:01 - 000026408 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
 
Files to move or delete:
====================
C:\Users\Public\ASR.dat
C:\Users\Public\VOIP.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-05 14:01
 
==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Bjørn (07-11-2017 22:21:11)
Running from C:\Users\Bjørn\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2017-02-16 17:56:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2005289373-1912076802-1295118333-500 - Administrator - Disabled)
Bjørn (S-1-5-21-2005289373-1912076802-1295118333-1001 - Administrator - Enabled) => C:\Users\Bjørn
defaultuser0 (S-1-5-21-2005289373-1912076802-1295118333-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gjest (S-1-5-21-2005289373-1912076802-1295118333-501 - Limited - Disabled)
Standardkonto (S-1-5-21-2005289373-1912076802-1295118333-503 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
A Hat in Time (HKLM-x32\...\A Hat in Time_is1) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 387.92 - NVIDIA Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3426 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
DXGL 0.5.11 (HKLM-x32\...\DXGL) (Version: 0.5.11 - William Feely)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.332.0 - International GeoGebra Institute)
GOG.com The Settlers 4 GOLD (HKLM\...\{ff2cad6c-eb68-4e98-88d7-49887440affb}.sdb) (Version:  - )
Google Chrome (HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{1E7D6A6F-E28B-4057-BD4F-9989C1F5353D}) (Version: 1.3.0.423 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{4380D813-39E5-46FD-AC23-FC9A1A8B98AA}) (Version: 1.3.423.0 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8361.5688 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{DFBDDDB3-D753-4454-84E9-2D3D96E89EFF}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.8.37.11 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1035 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4749 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7FADF1ED-241A-4F82-B8FD-19BD0A82FFA0}) (Version: 19.11.1639.0649 - Intel Corporation)
Intel® PROSet/Wireless-programvare (HKLM-x32\...\{ed5cef80-a339-45bd-8c06-514eaf785ca8}) (Version: 19.71.0 - Intel Corporation)
Malwarebytes versjon 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft Office 365 ProPlus - fi-fi (HKLM\...\O365ProPlusRetail - fi-fi) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft Office 365 ProPlus - nb-no (HKLM\...\O365ProPlusRetail - nb-no) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft Office 365 ProPlus - sv-se (HKLM\...\O365ProPlusRetail - sv-se) (Version: 16.0.8528.2147 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA Driver for HD-lyd 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Grafikkdriver 387.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 387.92 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvare 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0406-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040B-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0414-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-041D-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\Spotify) (Version: 1.0.67.582.g19436fa3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2017-10-06] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10DB4070-D6EC-4DCE-8642-5B2057112548} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2005289373-1912076802-1295118333-1001UA => C:\Users\Bjørn\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {19827ECD-24CE-434C-A0E0-095A35E33F67} - System32\Tasks\HPCeeScheduleForBjørn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {24D09968-8302-4EC3-8A67-AC701D269B3F} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
Task: {3C79C503-9779-4537-AF87-087DB1670030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {41F3C6AD-3E6D-4197-BA4F-5381052D7EF3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-06] (NVIDIA Corporation)
Task: {42121CEF-AACD-4924-BD5B-668B20738C27} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {461F15D8-C29A-47BC-AD9C-E570E100BDEA} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {5066E99F-7F58-4A80-B12B-DAD5E2F2076A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-06] (NVIDIA Corporation)
Task: {5087D109-D142-44C5-8B68-EF0B978AB75C} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [2017-07-28] ()
Task: {681A8742-C4B2-4B69-87EC-C1564869CA03} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-06] (NVIDIA Corporation)
Task: {68B54467-3217-4F3C-B78E-27B7B8920619} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {72863795-78F1-4678-93B3-3EBE910452F5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {779B3488-894F-4529-998C-F6E91938A1BB} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {78C65E71-4E33-47E0-A94C-ABF9638FFCC3} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {7DFEAF70-4BDD-4137-82AC-0B37DD5619EC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
Task: {7EEB7C42-E4AB-403A-A0C3-DF676587BD6A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-06] (NVIDIA Corporation)
Task: {8357B39D-CF71-4988-888C-F51750961DB5} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {8DB96F70-C9CA-4DE6-9DE3-704493225726} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {930EF31B-B8A6-4A2D-9322-2EE191946AF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {9405C3F7-13D6-42DB-867E-CDF9BEA0F587} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {94772ADD-2B5D-4879-9561-1265FEAF6BF5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2005289373-1912076802-1295118333-1001Core => C:\Users\Bjørn\AppData\Local\Google\Update\GoogleUpdate.exe [2017-02-16] (Google Inc.)
Task: {981CD9D3-2C4C-4753-9951-2934C0622705} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-06] (NVIDIA Corporation)
Task: {AE0CD005-3309-4F44-AEF4-4B55BC9FFD3E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {B16BADB7-2E2A-4342-A91C-29B177C7E516} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-28] (Microsoft Corporation)
Task: {BFB193F8-AD4A-45D8-844C-D8FF5937E1F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {CAE67CE5-A8FD-4DA4-86A3-641BF780822C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-08-08] (Microsoft Corporation)
Task: {CF50EFE9-312E-43C1-A806-57464E1EB548} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-06] (NVIDIA Corporation)
Task: {D5421DB9-0113-4BBD-97BF-FDED2AA3E0A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-10-28] (Microsoft Corporation)
Task: {DDFA4E4F-88DB-4E96-8328-AEB39478CF6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {EAE53328-9656-4E9F-A758-782A6DBCD231} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {EC57FBA2-66B4-4504-ABF8-CB6FC7523BD4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-06] (NVIDIA Corporation)
Task: {EE223E30-72D0-4587-94AB-66D528E7BC92} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {EE46D4F2-413A-4839-9706-6E66F4917A71} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-28] (Microsoft Corporation)
Task: {F409DE8D-EB20-4A12-B44B-F642C4CCAF3F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-06] (NVIDIA Corporation)
Task: {F5FEFD17-EC09-46B2-87AF-7E235ABB757E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-23] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\HPCeeScheduleForBjørn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 000231424 _____ () C:\windows\SYSTEM32\ism32k.dll
2017-09-13 15:08 - 2017-09-07 07:01 - 002681200 _____ () C:\windows\system32\CoreUIComponents.dll
2017-06-12 14:17 - 2017-10-06 14:35 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-17 16:21 - 2017-11-07 22:02 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-17 16:21 - 2017-11-07 22:02 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-07-28 09:52 - 2017-07-28 09:52 - 000459680 _____ () C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
2016-11-22 11:01 - 2016-11-22 11:01 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 23:38 - 2017-03-04 07:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-11-01 15:17 - 2017-11-01 15:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-01 15:17 - 2017-11-01 15:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-01 15:17 - 2017-11-01 15:18 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-01 15:17 - 2017-11-01 15:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-27 14:03 - 2017-09-21 08:29 - 004022616 _____ () C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-27 14:03 - 2017-09-21 08:29 - 000100184 _____ () C:\Users\Bjørn\AppData\Local\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-03-15 23:39 - 2017-03-04 07:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 23:39 - 2017-03-04 07:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 23:39 - 2017-03-04 07:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-10-11 15:20 - 2017-09-18 03:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-10-11 15:20 - 2017-09-18 03:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-10-12 14:30 - 2017-10-12 14:30 - 000156672 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\280af400314b38f0c32e1d081f5c33e4\BRIDGECommon.ni.dll
2017-10-06 13:29 - 2017-10-06 13:29 - 000331776 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\CleanStartController\e5a58c9238ba85e0502c8b7ed5aceeb2\CleanStartController.ni.dll
2017-10-06 13:29 - 2017-10-06 13:29 - 000116736 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BridgeExtension\c96ec5c41d0c114ce434f1d3acd7eb9f\BridgeExtension.ni.dll
2017-06-12 14:17 - 2017-10-06 14:35 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\sharepoint.com -> hxxps://ostfoldfk-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\skype.com -> hxxps://apps.skype.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bjørn\Downloads\22425841_1464241746978426_415495578_o.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\StartupFolder: => "Send til OneNote.lnk"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "Gaijin.Net Agent"
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\StartupApproved\Run: => "World of Tanks"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AAB8C120-F400-4A36-97C0-3FEAF0A7DD59}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [{135C2001-CD7B-4CF9-A83D-A7EF08931ADF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE8F7088-BB41-4B2E-BAC3-FB8C4C7C6409}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A83A1E62-AD45-4011-A5C0-3AFA3D016CAC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{18ADF77D-9ED6-45B6-A73A-C16ED98C15DB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6C037553-27A2-4013-8DAE-B6573C852D8C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5FEF8AAE-4E53-4A97-980C-841C4C4AC863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{6BE84839-38F0-4D78-8EA5-4353502E86E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe
FirewallRules: [{3F04843B-785C-478B-8FE1-9083038953E4}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{26E4F7DE-DF19-41CC-A11E-158C317ADB67}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5B4776F5-FB51-437C-957E-E07987C5C365}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52DA22AA-692B-4306-B725-7AC5B965FAB8}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B4C3D656-46E8-4E6D-A619-7CADEC63ED9E}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3726259D-DB53-4B96-9EC3-5A20ADAF9238}] => (Allow) C:\Users\Bjørn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{EB0C0957-BCD2-4D0D-8068-9064FD9A200A}C:\users\bjørn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bjørn\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9700EC53-8C6B-449E-9E26-1192F1A078E7}C:\users\bjørn\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bjørn\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{70B70ADE-BCF6-45BD-85FE-AE409ED69444}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{70F300DC-6FF4-48AB-B143-17F056285F68}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{00CB9FD2-644A-44C3-B531-7C33A56BED5E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BA1B0EA6-3C66-42A7-80EE-E8AD73A96634}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{302ED329-B914-44AE-89F8-D3BF565006C0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4C0F695B-2931-44D8-9654-B05BEFB61DF5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4288620C-59E4-4EB9-BEDA-57E42D46C66E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{23F5395C-18B2-429D-8A0F-18B4EFF47D96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [TCP Query User{3848B5AF-F231-4F9E-B66C-AF0FE7ADA861}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{63807DFD-4E34-4933-AE57-7D66BF0365C7}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{840762AD-6E7B-4593-BBF9-93567297C61F}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{3C9342D6-ED5A-4903-B44C-0B205A2D1482}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D0F9455D-C5FB-412B-AF12-1C0651E51BA4}C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AA867A9E-A06B-4FBD-AFA2-18106F002627}C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{E3CAAB80-27DD-4747-86EF-A8BD348A17AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EC6ED124-EF8A-40AF-8CF7-7A020A3EF5EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4468F3F0-B91D-4B1B-995A-B89297E190B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7D9FEE82-A22D-4A0E-B77D-A3E4F6B9458A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{3FB84222-0386-4964-9EA9-E8BAB83E5BA5}C:\users\bjørn\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\bjørn\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [UDP Query User{4CBFFB05-81B0-4692-8948-F72D81601978}C:\users\bjørn\appdata\roaming\utorrent\updates\3.4.9_43388.exe] => (Allow) C:\users\bjørn\appdata\roaming\utorrent\updates\3.4.9_43388.exe
FirewallRules: [TCP Query User{8EFD63D1-B43C-4861-9777-D18D61E9CBF5}C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{E01C0F44-89A5-4187-87DE-B082E65739A6}C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\bjørn\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{DA4B0647-4AD7-4C81-9ADC-04B5FB840A37}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{27FF58C2-B718-4349-9BBB-1422CBC3F8F0}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{D3268FA8-7D12-4705-97F3-EB6F6F3E44AA}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [UDP Query User{F3469A72-9489-4DF6-8CA2-ADD520311437}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe
FirewallRules: [TCP Query User{2DABE64D-A6F6-4BD0-AF5C-ED8C7A008193}C:\users\bjørn\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\bjørn\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [UDP Query User{037E69DF-61BD-4629-833E-A32CE57F7063}C:\users\bjørn\appdata\roaming\utorrent\updates\3.5.0_43580.exe] => (Allow) C:\users\bjørn\appdata\roaming\utorrent\updates\3.5.0_43580.exe
FirewallRules: [TCP Query User{34D54BF0-86BC-411F-B071-FE416C58F0BE}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [UDP Query User{CDB60BEC-9D1B-4C70-9A8E-6C2B671683A3}C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe
FirewallRules: [TCP Query User{B04E1C9E-A428-47BA-A4E3-35959813E8E3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{E99C7D72-4AB9-43F4-8DCC-7BDA9423BA7A}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{E5397918-81C1-4B24-BB57-78432CBDDE12}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{C7BA4686-B67C-45A2-9005-8308B46EADF8}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [TCP Query User{6CEB56C5-C5CF-43D5-9124-D8958D1C1C09}C:\users\bjørn\appdata\local\crossout\launcher.exe] => (Allow) C:\users\bjørn\appdata\local\crossout\launcher.exe
FirewallRules: [UDP Query User{93861FA1-2188-4C93-AFE8-03EAD7AC3527}C:\users\bjørn\appdata\local\crossout\launcher.exe] => (Allow) C:\users\bjørn\appdata\local\crossout\launcher.exe
FirewallRules: [{94C92239-36C6-49B0-B139-FA5CB0389EB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9D530FE5-BA2E-4E0E-AF92-84F0CF5BD24D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2E0C6A1A-694D-44BD-A107-DEF75BF4170D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{25FE871F-B180-4C69-934C-18BE60EDED3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BAC22FE9-0F95-4929-9BB8-CB1B724DE9EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF441CF6-5F41-4E78-91C2-4E320ED88D18}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{6ADB3F21-ED4A-4621-A2C7-971D72916DC8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{54585777-0E47-41D4-A836-F2AFDF635768}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{E1FF9D07-8AB7-45CA-BCDA-B2A88C1E3FF6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{AE8470E9-1182-409B-BC1F-E9CD8CDEDB5D}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E69F4B7A-7251-4B44-869F-9AE665DBCA07}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [TCP Query User{23D491B1-B141-4F33-B63E-55C2CD0F4581}C:\users\bjørn\documents\my games\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\bjørn\documents\my games\astroneer\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [UDP Query User{2CB1DA17-A90A-45F7-9E83-5261C39E7D75}C:\users\bjørn\documents\my games\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) C:\users\bjørn\documents\my games\astroneer\astro\binaries\win64\astro-win64-shipping.exe
FirewallRules: [{779428EA-06C4-4F65-AC58-E31039AD9B2C}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{16F3B622-CD04-47C0-B792-5E1A73F3EBF1}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{065CFC52-126E-468D-ABC7-508CB4671182}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{4433E1E8-658B-475C-AC9B-321C5AA676C7}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{715A2BFB-469F-414F-9ADB-CB49FC7307E4}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe
FirewallRules: [{1F0F2728-F80F-4715-8653-49CA14E6AB2C}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe
FirewallRules: [{9D3E20AE-AD7A-4B9D-9C06-4042552A053F}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe
FirewallRules: [{9D6F8EE2-989D-48AF-8F92-4F9AED9FDEF8}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe
FirewallRules: [TCP Query User{99D422BD-0CC6-41CB-B553-4527D1FC6EBF}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [UDP Query User{538DC6EF-E7A4-42F4-A84D-CBD12CCD93DD}C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe
FirewallRules: [TCP Query User{D198B6D5-7889-47A7-8AE2-511A64664F03}C:\games\firewatch\firewatch.exe] => (Allow) C:\games\firewatch\firewatch.exe
FirewallRules: [UDP Query User{5B9BFD9C-BD97-4BEB-B0F6-C25A1063005B}C:\games\firewatch\firewatch.exe] => (Allow) C:\games\firewatch\firewatch.exe
FirewallRules: [TCP Query User{DEDB1DF4-A1D0-46F1-80E6-4C36F761DD95}C:\program files (x86)\r.g. mechanics\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\r.g. mechanics\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{8D62DB22-268C-4DAF-AEF3-30F8408ED630}C:\program files (x86)\r.g. mechanics\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Allow) C:\program files (x86)\r.g. mechanics\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [{984969F2-0708-4B1B-BB16-21B714F14BE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{B11197E4-4A1E-48BA-ADC7-0E31E5E13063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{9D35222F-DA41-4836-8102-4612C1DC71CB}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{237C8C4C-58A3-4916-9040-4F204F34D930}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{18E28C96-69B6-48DF-8456-29D256A8AC35}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F7C6EC95-7FE9-4668-86B9-F63BDFBC7315}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{78C32B95-C5C1-4BA8-BF21-ECE538CB57C0}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B370D049-2F61-4CD1-A078-D5930A67C038}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{BAE28DF2-FA15-46CD-9C64-EA14E781A838}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe
FirewallRules: [{6C54CD58-BFCF-4341-838F-517059545F6A}] => (Allow) C:\Games\World_of_Tanks_SB\WoTLauncher.exe
FirewallRules: [{D781F0A8-A383-4947-97C0-29546D5B7C2F}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe
FirewallRules: [{C5C304C6-31CE-414C-8308-5B8275AA9C29}] => (Allow) C:\Games\World_of_Tanks_SB\worldoftanks.exe
FirewallRules: [{B22BBDD1-0908-44A2-B500-E9BC6BCF95B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{966DE6E2-147A-4D79-A456-6BF9B79D9DE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{28E180D0-C644-4AF5-B3E3-F50E7604250F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D1D19E2C-3879-42D1-A70E-4A8DFD98DADB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{63BF30F5-476D-4C53-B192-A6388AF0C5E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6B66500A-1EB3-431B-956B-83F662F13B3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{855D9528-8470-4A66-9F4D-999317E65F1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [TCP Query User{2D8EA61B-A5C1-4265-8D25-8804F3ADAB36}C:\users\bjørn\downloads\spintires.mudrunner\spintiresmudrunner\spintires mudrunner\mudrunner.exe] => (Block) C:\users\bjørn\downloads\spintires.mudrunner\spintiresmudrunner\spintires mudrunner\mudrunner.exe
FirewallRules: [UDP Query User{BB20C7CC-88C6-4653-9C82-12DE4C7EEB9F}C:\users\bjørn\downloads\spintires.mudrunner\spintiresmudrunner\spintires mudrunner\mudrunner.exe] => (Block) C:\users\bjørn\downloads\spintires.mudrunner\spintiresmudrunner\spintires mudrunner\mudrunner.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PLK-L01
Description: PLK-L01
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2017 10:04:10 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Feil i manifest- eller policyfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL i linje 1.
Komponentidentiteten i manifestet stemmer ikke overens med den forespurte komponenten.
Referansen er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definisjonen er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Bruk sxstrace.exe for detaljert diagnostisering.
 
Error: (11/07/2017 10:02:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generering av aktiveringskontekst mislyktes for c:\program files (x86)\microsoft office\root\office16\odbc drivers\salesforce\lib\libcurl32.dlla\libcurl.dll.
Finner ikke den avhengige samlingen OpenSSL.DllA,processorArchitecture="*",type="win32",version="1.0.0.4".
Bruk sxstrace.exe for detaljert diagnostisering.
 
Error: (11/07/2017 10:02:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Åpningsprosedyren for tjenesten BITS i DLL-filen C:\Windows\System32\bitsperf.dll mislyktes. Ytelsesdata for denne tjenesten vil ikke bli tilgjengelig. De fire første bytene (DWORD) i Data-avsnittet innholder feilkoden.
 
Error: (11/07/2017 10:01:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generering av aktiveringskontekst mislyktes for c:\program files (x86)\microsoft office\root\office16\lync.exe.Manifest. Feil i manifest- eller policyfilen c:\program files (x86)\microsoft office\root\office16\UccApi.DLL i linje 1.
Komponentidentiteten i manifestet stemmer ikke overens med den forespurte komponenten.
Referansen er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definisjonen er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Bruk sxstrace.exe for detaljert diagnostisering.
 
Error: (11/07/2017 09:48:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Feil i manifest- eller policyfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL i linje 1.
Komponentidentiteten i manifestet stemmer ikke overens med den forespurte komponenten.
Referansen er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definisjonen er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Bruk sxstrace.exe for detaljert diagnostisering.
 
Error: (11/07/2017 06:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet data5.tmp versjon 51.1052.0.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, åpner du problemloggen i kontrollpanelet for Sikkerhet og vedlikehold.
 
Prosess-ID: 2538
 
Starttidspunkt: 01d357ef17f28d17
 
Avslutningstidspunkt: 4294967295
 
Programbane: C:\Users\BJRN~1\AppData\Local\Temp\is-2JBJD.tmp\data5.tmp
 
Rapport-ID: 8b48f8aa-c3e2-11e7-9481-d0577bf2baf6
 
Fullstendig navn på feilpakke: 
 
Relativ program-ID for feilpakke:
 
Error: (11/07/2017 06:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet data5.tmp versjon 51.1052.0.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, åpner du problemloggen i kontrollpanelet for Sikkerhet og vedlikehold.
 
Prosess-ID: 3720
 
Starttidspunkt: 01d357d39cb7584f
 
Avslutningstidspunkt: 4294967295
 
Programbane: C:\Users\BJRN~1\AppData\Local\Temp\is-QPM74.tmp\data5.tmp
 
Rapport-ID: 4f4caea2-c3e2-11e7-9481-d0577bf2baf6
 
Fullstendig navn på feilpakke: 
 
Relativ program-ID for feilpakke:
 
Error: (11/07/2017 03:51:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Feil i manifest- eller policyfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL i linje 1.
Komponentidentiteten i manifestet stemmer ikke overens med den forespurte komponenten.
Referansen er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definisjonen er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Bruk sxstrace.exe for detaljert diagnostisering.
 
Error: (11/06/2017 03:22:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-SFP0AOIS)
Description: Aktiveringen av appen Microsoft.Windows.Photos_8wekyb3d8bbwe!App mislyktes med feilen: -2147417836 Se loggen for Microsoft-Windows-TWinUI/Operational hvis du vil ha mer informasjon.
 
Error: (11/06/2017 01:44:32 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generering av aktiveringskontekst mislyktes for C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest. Feil i manifest- eller policyfilen C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL i linje 1.
Komponentidentiteten i manifestet stemmer ikke overens med den forespurte komponenten.
Referansen er UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definisjonen er UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Bruk sxstrace.exe for detaljert diagnostisering.
 
 
System errors:
=============
Error: (11/07/2017 10:11:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 og APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 til brukeren NT-MYNDIGHET\LOKAL TJENESTE SID (S-1-5-19) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
Error: (11/07/2017 10:11:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 og APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 til brukeren NT-MYNDIGHET\LOKAL TJENESTE SID (S-1-5-19) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
Error: (11/07/2017 10:11:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten CDPUserSvc_66d1b terminerte med følgende feil: 
Uspesifisert feil
 
Error: (11/07/2017 10:11:23 PM) (Source: hpdskflt) (EventID: 1001) (User: )
Description: Event-ID 1001
 
Error: (11/07/2017 10:11:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 og APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 til brukeren NT-MYNDIGHET\SYSTEM SID (S-1-5-18) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
Error: (11/07/2017 10:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 og APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 til brukeren NT-MYNDIGHET\LOKAL TJENESTE SID (S-1-5-19) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
Error: (11/07/2017 10:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 og APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 til brukeren NT-MYNDIGHET\LOKAL TJENESTE SID (S-1-5-19) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
Error: (11/07/2017 10:07:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjenesten CDPUserSvc_83c23 terminerte med følgende feil: 
Uspesifisert feil
 
Error: (11/07/2017 10:07:27 PM) (Source: hpdskflt) (EventID: 1001) (User: )
Description: Event-ID 1001
 
Error: (11/07/2017 10:07:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: Innstillingene for programspesifikk-tillatelse gir ikke Lokal Aktivering-tillatelse til COM Server-programmet med CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 og APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 til brukeren NT-MYNDIGHET\SYSTEM SID (S-1-5-18) fra adressen LocalHost (bruker LRPC) som kjører i programbeholderen Ikke tilgjengelig SID (Ikke tilgjengelig). Denne sikkerhetstillatelsen kan endres med det administrative verktøyet Komponenttjenester.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-01 15:14:14.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl2d1eafea.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-11-01 15:14:13.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{183AA958-0A9F-4D7F-BF85-9B0AF4ADFECB}\MpKsl8407de73.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 22:48:59.966
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl924a54c3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 22:03:41.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl924a54c3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 22:03:39.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DD223FC-8190-4C07-B825-FE0C42F719CC}\MpKsl0ef8321f.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 15:36:34.105
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl5fbb64e2.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 15:36:33.043
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA135313-B907-4F6A-84AF-D3F01251964F}\MpKslbb331e49.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 03:09:18.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKsl63896d9d.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-31 03:09:17.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD2C26DF-E7D2-4CB3-BC80-71BE548C41D9}\MpKsl40c3543a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-10-30 10:15:42.651
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MpEngineStore\MpKslae668ec5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8077.22 MB
Available physical RAM: 4759.43 MB
Total Virtual: 9357.22 MB
Available Virtual: 5955.59 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:224.34 GB) (Free:104.72 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.57 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 8AAEC713)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 07 November 2017 - 07:10 PM

Greetings Lord_Link and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#3 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 07 November 2017 - 08:32 PM

Hey Gary! Thanks for wanting to help me out, and you can address me by my name, Bjørn, but it might be difficult without the 'ø' :P



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 07 November 2017 - 08:53 PM

Greetings Bjørn. My pleasure to work together on this.

Can you tell me the files names that reappear?

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\MountPoints2: {69dafa4f-c2c0-11e7-9481-d0577bf2baf6} - "F:\setup.exe" 
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\VOIP.dat
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\ASR.dat
2017-11-06 01:12 - 2017-05-03 18:42 - 000000000 ___HD C:\windows\msdownld.tmp
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • File names
  • Fixlog
  • RogueKiller log
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#5 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 07 November 2017 - 10:23 PM

Removed Utorrent as I didn't realize the harm it could cause my computer, lesson learned there.

Files:
 

Adware.Elex.ShrtCln
PUP.Optional.Softonic
PUP.Optional.Softonic
Pup.Optional.Softonic
Adware.Elex.ShrtCln
PUP.Optional.Softenic
 
Fixlog: 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by Bjørn (08-11-2017 03:39:55) Run:1
Running from C:\Users\Bjørn\Downloads
Loaded Profiles: Bjørn (Available Profiles: defaultuser0 & Bjørn)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\...\MountPoints2: {69dafa4f-c2c0-11e7-9481-d0577bf2baf6} - "F:\setup.exe" 
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\VOIP.dat
2017-11-07 21:57 - 2017-11-07 22:12 - 001388448 _____ C:\Users\Public\ASR.dat
2017-11-06 01:12 - 2017-05-03 18:42 - 000000000 ___HD C:\windows\msdownld.tmp
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Bjørn\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69dafa4f-c2c0-11e7-9481-d0577bf2baf6} => key removed successfully
HKLM\Software\Classes\CLSID\{69dafa4f-c2c0-11e7-9481-d0577bf2baf6} => key not found. 
"C:\Users\Public\VOIP.dat" => not found.
"C:\Users\Public\ASR.dat" => not found.
C:\windows\msdownld.tmp => moved successfully
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => key removed successfully
HKU\S-1-5-21-2005289373-1912076802-1295118333-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 845269 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31855220 B
Java, Flash, Steam htmlcache => 257042221 B
Windows/system/drivers => 4004646 B
Edge => 421 B
Chrome => 593832709 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => -662 B
defaultuser0 => 0 B
Bjørn => 205106346 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 03:40:14 ====

RogueKiller log:

RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Bjørn [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/08/2017 03:47:34 (Duration : 00:18:35)
Switches : -refid
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6CEB56C5-C5CF-43D5-9124-D8958D1C1C09}C:\users\bjørn\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\bjørn\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{93861FA1-2188-4C93-AFE8-03EAD7AC3527}C:\users\bjørn\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\bjørn\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Edge=TRUE|Defer=App| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 7 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Popcorn Time -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZVLW256HEHP-000H1 +++++
--- User ---
[MBR] f00f15be81cb773ecbb8278b85805526
[BSP] b0b541b0d47f1072879bb62291186f5b : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 229729 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 471052288 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 473059328 | Size: 13207 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Feil funksjon. )

AdwCleaner log:

# AdwCleaner 7.0.4.0 - Logfile created on Wed Nov 08 03:17:27 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: Update service
 
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vshare.eu
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vshare.eu
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1526 B] - [2017/11/8 3:14:19]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 08 November 2017 - 11:43 AM

Thank you for the information.

Did you install Gaijin Smart?

===================================================

RogueKiller Selecting Deletions

--------------------
  • Close any open programs
  • Please disconnect any USB or external drives from the computer before you run the scan
  • Right click on the RogueKiller icon and select Run as Administrator
  • Click Scan
  • When the Status box shows Scan Finished place a check mark in the following and select Delete
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Popcorn Time -> Found
  • Click Report
  • Copy and paste the contents of the report in your reply
===================================================

Please follow the instructions here to reset Chrome Sync.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Did you reset Chrome Sync?
  • Update on computer/behavior performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#7 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 08 November 2017 - 11:49 PM

RogueKiller log:
 

RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Bjørn [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/09/2017 05:17:08 (Duration : 00:17:27)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 18 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2005289373-1912076802-1295118333-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6CEB56C5-C5CF-43D5-9124-D8958D1C1C09}C:\users\bjørn\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\bjørn\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Edge=TRUE|Defer=App| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{93861FA1-2188-4C93-AFE8-03EAD7AC3527}C:\users\bjørn\appdata\local\crossout\launcher.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\bjørn\appdata\local\crossout\launcher.exe|Name=Gaijin Smart Launcher|Desc=Gaijin Smart Launcher|Edge=TRUE|Defer=App| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9D35222F-DA41-4836-8102-4612C1DC71CB} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {237C8C4C-58A3-4916-9040-4F204F34D930} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 6 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Bjørn\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZVLW256HEHP-000H1 +++++
--- User ---
[MBR] f00f15be81cb773ecbb8278b85805526
[BSP] b0b541b0d47f1072879bb62291186f5b : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 229729 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 471052288 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 473059328 | Size: 13207 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Feil funksjon. )

Yes, I followed your provided link and reset Chrome Sync

Not entirely sure what you mean with the last point, but I have noticed slower loading time for some programs, but other than that I've not noticed too much of a different in my computers performance


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 09 November 2017 - 10:08 AM

Greetings,

After running RogueKiller you need to select the identified entries to delete. Did you do that?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#9 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 09 November 2017 - 11:09 AM

Yes, also did another run of malwarebytes, and 4/6 dangers are removed



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 09 November 2017 - 06:34 PM

Greetings,

Please include the Malwarebytes detection information in your reply.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit and save it to your desktop
  • Right click on the mbar icon then select Run as administrator
  • Click OK to install it on your desktop
  • Click Next, then Update Database
  • When completed click Next
  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete
  • Click the Exit button not Cleanup then click Yes on the warning screen
  • A system-log.txt report will be created in the mbar folder on your Desktop, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes detections
  • ESET report
  • system-log report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#11 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 10 November 2017 - 10:10 AM

Malware found 2x Adware.Elex.ShrtCln

ESET came back clean

System-log report
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.1770.14393.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.496000 GHz
Memory total: 8469581824, free: 3957690368
 
Downloaded database version: v2017.11.10.03
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     11/10/2017 14:36:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_37a8c95c43198f03\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igdkmd64.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\WirelessButtonDriver64.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_stornvme.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A633BE01-8948-4F76-8F60-5F3240854D80}\MpKsl02b01c18.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\System32\drivers\usbser.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\windows\system32\drivers\5711074B.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.11.10.03
  rootkit: v2017.10.14.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd20df4bcd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd20df4bcdae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd20df4bcd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffd20df4b4cc60, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffd20df406e060, DeviceName: \Device\00000037\, DriverName: \Driver\stornvme\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8AAEC713
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 800710284
    GPT Header CurrentLba = 1 BackupLba 500118191
    GPT Header FirstUsableLba 34  LastUsableLba 500118158
    GPT Header Guid 969e31b6-158d-40b5-911b-b0efd319f411
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 800710284
    Backup GPT header CurrentLba = 500118191 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 500118158
    Backup GPT header Guid 969e31b6-158d-40b5-911b-b0efd319f411
    Backup GPT header Contains 128 partition entries starting at LBA 500118159
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 573f5d37-1dfd-42f5-89b2-b944bfea2691
    FirstLBA 2048  Last LBA 534527
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID c0d30942-b043-4e43-94e2-e7c4a4e3ca
    FirstLBA 534528  Last LBA 567295
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 48a3ed2b-64b9-49e1-a61-e3f9d9ba1fab
    FirstLBA 567296  Last LBA 471052287
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f0d0b5dd-c636-40ef-8d97-6d817f6fe41b
    FirstLBA 471052288  Last LBA 473059327
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d1de7417-c0f4-4aea-8c8-79ee1c976e
    FirstLBA 473059328  Last LBA 500107263
    Attributes 1
    Partition Name                 Basic data partition
 
Disk Size: 256060514304 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffd20e097b8610, DeviceName: \Device\Harddisk1\DR10\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd20e0052c7e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd20e097b8610, DeviceName: \Device\Harddisk1\DR10\, DriverName: \Driver\disk\
DevicePointer: 0xffffd20e08e872b0, DeviceName: \Device\000000d6\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-327D77EA5B374231D9C8A2CCBDA6B39CEA74C6F3.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-327D77EA5B374231D9C8A2CCBDA6B39CEA74C6F3.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-327D77EA5B374231D9C8A2CCBDA6B39CEA74C6F3.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 10 November 2017 - 02:05 PM

Do you have other devices besides this computer that sync your Chrome account?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#13 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 10 November 2017 - 02:19 PM

Possibly my phone and school laptop?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 34,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 PM

Posted 10 November 2017 - 02:32 PM

This is most likely a Chrome sync issue. When you have multiple devices syncing to the same Chrome account you can clean one device and the second device can cross-contaminate the first via the sync function. We need to reset Chrome on both computers as instructed here. Let's hold off on the phone for right now since I am not sure it utilizes the same sync function.

Disable the sync function on both devices. Download the newest version of Malwarebytes and run it on each computer. Once Malwarebytes has removed what it finds then you can sync the devices with the clean information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."

#15 Lord_Link

Lord_Link
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 12 November 2017 - 09:55 AM

Doesn't look like I have my school laptop connected to my google account after all 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users