TechSpot

PC rebooting randomly

By Denitorious
Sep 11, 2016
  1. Hello there and thanks for having me.

    My problem is the following, my computer has been powering off for a week now, it sounds like a poweroff and then instantly boots back up. I haven't been able to pin-point the cause yet, that is why I have registered here, as someone had a similar problem once and Broni helped him really well.

    I will include the latest errors that have been shown right at the time where the restart happened.


    After the latest reboot, my event viewer showed the following error log about a hundred times if not more:

    I really don't know if they are the cause or not, anyway, I will post the logs in the comments below.

    Thank you.
     
  2. Denitorious

    Denitorious TS Rookie Topic Starter

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
    Ran by Deni (administrator) on WINCTRL-5GC1BRK (11-09-2016 14:07:01)
    Running from E:\Users\Denitorious\Downloads
    Loaded Profiles: Deni (Available Profiles: Deni)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DTShellHlp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Corsair Components, Inc.) F:\Program Files (x86)\Corsair Link 4\CorsairLink4.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (EIZO Corporation) C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe
    (Creative Technology Ltd) F:\Program Files (x86)\Sound Blaster Z-Series Control Panel\SBZ.exe
    () C:\Program Files (x86)\EIZO\G-Ignition\QtWebProcess.exe
    (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
    (Corsair Components, Inc.) F:\Program Files (x86)\Corsair Link 4\CorsairLink4.Service.exe
    (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
    () C:\Program Files\RogueKiller\RogueKiller64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Microsoft Corporation) C:\Windows\regedit.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Microsoft Corporation) C:\Windows\System32\msconfig.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-09] (Intel Corporation)
    HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16286840 2016-08-30] (Logitech Inc.)
    HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3941528 2016-05-14] (Logitech, Inc.)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-26] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-08-26] (NVIDIA Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files\Acrobat\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
    HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => F:\Program Files (x86)\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\RK_Denitorious_ON_E_8401\...\Run: [EADM] => "D:\Programs\Origin\Origin.exe" -AutoStart
    HKU\RK_Denitorious_ON_E_8401\...\Run: [Steam] => "D:\Steam\steam.exe" -silent
    HKU\RK_Denitorious_ON_E_8401\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    HKU\RK_Denitorious_ON_E_8401\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKU\RK_Denitorious_ON_E_8401\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
    HKU\RK_Denitorious_ON_E_8401\...\Policies\Explorer: [NoResolveSearch] 1
    HKU\RK_Denitorious_ON_E_8401\...\Policies\Explorer: [NoInternetOpenWith] 1
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\Run: [CorsairLink4] => F:\Program Files (x86)\Corsair Link 4\CorsairLink4.exe [16918736 2016-06-10] (Corsair Components, Inc.)
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro Advanced\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {2136f6ec-645a-11e4-82d2-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {9516a4b4-df0e-11e3-8283-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {b2b21878-cc10-11e5-8395-bc5ff4f7d675} - "G:\setup.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {cda7be9d-f63b-11e3-8297-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {cda7bfa7-f63b-11e3-8297-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {e548d242-8eb1-11e4-82e1-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\MountPoints2: {e548d268-8eb1-11e4-82e1-bc5ff4f7d675} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
    IFEO\lifecam.exe: [Debugger] "A:\Program Files\TuneUp\TUAutoReactivator64.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk [2014-06-25]
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\G-Ignition Ver3.0.1.lnk [2016-06-10]
    ShortcutTarget: G-Ignition Ver3.0.1.lnk -> C:\Program Files (x86)\EIZO\G-Ignition\Gignition.exe (EIZO Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-05-10]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2016-06-10]
    ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico ()
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicyScripts: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
    Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{98A9D933-9FBB-47E4-AFC1-844420DD9AB4}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A81286F7-764F-486C-BA46-F1FF414822B0}: [DhcpNameServer] 198.18.0.1 198.18.0.2

    Internet Explorer:
    ==================
    HKU\RK_Denitorious_ON_E_8401\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-02-07] (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-02-07] (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default
    FF Session Restore: -> is enabled.
    FF NetworkProxy: "http", "180.251.162.191"
    FF NetworkProxy: "http_port", 80
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-09-09] ()
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-09-09] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
    FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-07] ()
    FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-07] ()
    FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-07] ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> E:\Program Files\Acrobat\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
    FF Plugin HKU\S-1-5-21-1733326516-725949756-2878381490-1001: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Deni\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
    FF user.js: detected! => C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\user.js [2016-01-14]
    FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-07] [not signed]
    FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-07] [not signed]
    FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-07] [not signed]
    FF Extension: (Anti-Banner) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-07] [not signed]
    FF Extension: (ADB Helper) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\adbhelper@mozilla.org [2016-02-05]
    FF Extension: (F.B. Purity - Cleans Up Facebook) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\fbp@fbpurity.com.xpi [2015-12-08] [not signed]
    FF Extension: (Steam Database) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\firefox-extension@steamdb.info.xpi [2016-06-26]
    FF Extension: (Firefox Hotfix) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
    FF Extension: (MEGA) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\firefox@mega.co.nz.xpi [2016-09-09]
    FF Extension: (Valence) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\fxdevtools-adapters@mozilla.org [2016-02-23]
    FF Extension: (Who Deleted Me) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\whodeletedme@deleted.io.xpi [2016-03-31]
    FF Extension: (ProxTube - Unblock YouTube) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2015-07-31]
    FF Extension: (Tamper Data) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2016-04-27]
    FF Extension: (Video DownloadHelper) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
    FF Extension: (Adblock Plus) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF Extension: (SourceEditor) - C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\Extensions\{ee6976bb-656b-45cf-b2b6-5c837ee59a96}.xpi [2016-04-27]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
    FF Extension: (Kaspersky URL Advisor) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-07] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Program Files\Acrobat\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files\Acrobat\Acrobat\Browser\WCFirefoxExtn [2015-03-20] [not signed]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Program Files\Acrobat\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
    R4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
    S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-08-04] ()
    R3 CLink4Service; F:\Program Files (x86)\Corsair Link 4\CorsairLink4.Service.exe [77008 2016-06-10] (Corsair Components, Inc.)
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
    R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [114176 2014-11-17] (Creative Technology Ltd)
    R4 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe [1291024 2015-02-27] (Disc Soft Ltd)
    S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-26] (NVIDIA Corporation)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
    R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
    R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
    S2 MBAMScheduler; F:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S4 MBAMService; F:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-09-05] (Nalpeiron Ltd.) [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-26] (NVIDIA Corporation)
    R4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-26] (NVIDIA Corporation)
    R4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-26] (NVIDIA Corporation)
    S4 Origin Client Service; F:\Programs\Origin\OriginClientService.exe [2122248 2016-08-30] (Electronic Arts)
    S4 PAExec; C:\Windows\PAExec.exe [189112 2016-09-11] (Power Admin LLC)
    R4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-10-27] ()
    S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-10-27] ()
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    S4 SkypeUpdate; E:\Program Files (x86)\Skype\Updater\Updater.exe [324224 2016-05-23] (Skype Technologies)
    R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
    S4 TuneUp.UtilitiesSvc; A:\Program Files\TuneUp\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
    S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
     
  3. Denitorious

    Denitorious TS Rookie Topic Starter

    S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
    S4 VPNccOpenVPNService; F:\Program Files (x86)\VPNCC\bin\openvpnserv.exe [36832 2014-12-09] (The OpenVPN Project)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel(R) Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 cthda; C:\Windows\system32\drivers\cthda.sys [1065728 2014-11-17] (Creative Technology Ltd)
    R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34048 2014-11-17] (Creative Technology Ltd)
    R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2016-02-05] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
    R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
    S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
    R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
    S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
    R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-07] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-07] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
    R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc.)
    R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
    R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-26] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56376 2016-08-26] (NVIDIA Corporation)
    R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
    S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2016-09-09] (Realsil Semiconductor Corporation)
    R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-09-09] (Realsil Semiconductor Corporation)
    S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
    S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 tap0901_openvpn_accl; C:\Windows\system32\DRIVERS\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-11] ()
    S3 TuneUpUtilitiesDrv; \??\A:\Program Files\TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] ()
    R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
    R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
    R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
    S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
    R3 cpuz139; \??\C:\Windows\TEMP\cpuz139\cpuz139_x64.sys [X]
    S3 DYRFFBPGJR; \??\C:\DYRFFBPG.sys [X]
    S3 FSNKGUOISE; \??\C:\FSNKG.sys [X]
    S3 HTFQXPSISX; \??\C:\HTFQXPS.sys [X]
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S3 KRYCUOSPBN; \??\C:\KRYCU.sys [X]
    S3 OCYLLBGLPQ; \??\C:\OCYLLBGLP.sys [X]
    S3 UJJUYEGQHE; \??\C:\UJJUYEGQHEKTIJO.sys [X]
    S3 YMBRYEGEEE; \??\C:\YMBRYEGEEEFCNE.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-09-11 14:06 - 2016-09-11 14:07 - 00000000 ____D C:\FRST
    2016-09-11 13:43 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-09-11 13:42 - 2016-09-11 14:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-09-11 13:42 - 2016-09-11 13:43 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-09-11 13:42 - 2016-09-11 13:42 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-09-11 13:42 - 2016-09-11 13:42 - 00001402 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-09-11 13:42 - 2016-09-11 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-09-11 13:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-09-11 13:37 - 2016-09-11 13:10 - 05658674 _____ (Swearware) C:\Users\Deni\Desktop\ComboFix.exe
    2016-09-11 13:06 - 2016-09-11 13:20 - 00000000 ____D C:\Users\Deni\Desktop\mbar
    2016-09-11 13:06 - 2016-09-11 13:06 - 00000881 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2016-09-11 13:06 - 2016-09-11 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2016-09-11 13:06 - 2016-09-11 13:06 - 00000000 ____D C:\Program Files\RogueKiller
    2016-09-11 12:41 - 2016-09-11 12:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-09-11 12:40 - 2016-09-11 13:06 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-09-11 12:40 - 2016-09-11 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-09-11 12:40 - 2016-09-11 12:40 - 00000625 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-09-11 12:40 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-09-11 12:40 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-09-11 12:32 - 2016-09-11 12:32 - 00000000 ____D C:\Users\Deni\Desktop\Malwarebytes Activator
    2016-09-11 00:20 - 2016-09-11 12:20 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-09-11 00:20 - 2016-09-11 00:20 - 00000000 ____D C:\Users\Deni\AppData\Local\NVIDIA Corporation
    2016-09-11 00:20 - 2016-09-11 00:20 - 00000000 ____D C:\Users\Deni\AppData\Local\NVIDIA
    2016-09-11 00:20 - 2016-09-11 00:20 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-09-11 00:20 - 2016-09-11 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-09-11 00:20 - 2016-09-11 00:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2016-09-11 00:20 - 2016-08-26 01:28 - 01767944 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 01377800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 06385720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 02475064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 01362368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2016-09-11 00:20 - 2016-08-25 23:10 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2016-09-11 00:20 - 2016-08-25 23:10 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2016-09-11 00:20 - 2016-08-25 22:50 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2016-09-11 00:20 - 2016-08-22 17:18 - 07320235 _____ C:\Windows\system32\nvcoproc.bin
    2016-09-11 00:20 - 2016-05-04 04:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
    2016-09-11 00:20 - 2016-05-04 04:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
    2016-09-11 00:20 - 2016-05-04 04:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
    2016-09-11 00:20 - 2016-05-04 04:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
    2016-09-11 00:19 - 2016-09-11 00:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2016-09-11 00:19 - 2016-08-26 01:28 - 40070200 _____ C:\Windows\system32\nvcompiler.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 35182648 _____ C:\Windows\SysWOW64\nvcompiler.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 34801088 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 28207672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 19848080 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 17463088 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 17263792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 14352816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 14093368 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2016-09-11 00:19 - 2016-08-26 01:28 - 10865704 _____ C:\Windows\system32\nvptxJitCompiler.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 10737632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 10278080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 09086856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 08875408 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 08680696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 03917512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 03594808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 03456888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 03160512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 01920960 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437270.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 01588688 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437270.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 01019960 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00956352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00941504 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00893712 _____ C:\Windows\system32\nvmcumd.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00892864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00686896 _____ C:\Windows\system32\nvfatbinaryLoader.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00575984 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00493608 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00437696 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00408784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00223304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2016-09-11 00:19 - 2016-08-26 01:28 - 00181488 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00159352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00113208 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00102968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00056376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2016-09-11 00:19 - 2016-08-26 01:28 - 00054728 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2016-09-11 00:19 - 2016-08-26 01:28 - 00039731 _____ C:\Windows\system32\nvinfo.pb
    2016-09-11 00:19 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
    2016-09-11 00:19 - 2016-08-26 01:28 - 00000669 _____ C:\Windows\system32\nv-vk64.json
    2016-09-11 00:18 - 2016-09-11 00:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-09-11 00:15 - 2016-09-11 00:12 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
    2016-09-11 00:12 - 2016-09-11 00:12 - 00000000 ____D C:\Users\Deni\Desktop\x64
    2016-09-11 00:12 - 2016-09-11 00:12 - 00000000 ____D C:\Users\Deni\Desktop\DDU Logs
    2016-09-11 00:12 - 2016-09-06 02:41 - 01432064 _____ C:\Users\Deni\Desktop\Display Driver Uninstaller.exe
    2016-09-11 00:12 - 2016-09-06 02:41 - 00546304 _____ C:\Users\Deni\Desktop\Display Driver Uninstaller.pdb
    2016-09-11 00:12 - 2015-09-06 13:26 - 00000224 _____ C:\Users\Deni\Desktop\Display Driver Uninstaller.exe.config
    2016-09-10 16:36 - 2016-09-10 16:36 - 00000000 ____D C:\NVIDIA
    2016-09-10 16:35 - 2016-09-10 16:32 - 363556792 _____ (NVIDIA Corporation) C:\Users\Deni\Desktop\372.70-desktop-win8-win7-64bit-international-whql.exe
    2016-09-10 16:31 - 2016-09-10 16:31 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-09-10 00:10 - 2016-09-10 00:10 - 00000000 ____D C:\Users\Deni\Documents\CPY_SAVES
    2016-09-10 00:01 - 2016-09-10 00:01 - 00035793 _____ C:\Users\Deni\Desktop\Mindfactory_Rechnung_4898136.pdf
    2016-09-09 18:31 - 2016-09-09 18:31 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
    2016-09-09 17:28 - 2016-09-09 17:28 - 00005220 _____ C:\Users\Deni\Desktop\bhop.xml
    2016-09-09 14:37 - 2016-09-09 14:37 - 00000000 ____D C:\Users\Deni\AppData\LocalLow\Intel
    2016-09-09 14:36 - 2016-09-09 14:37 - 00000000 ____D C:\Windows\SysWOW64\sda
    2016-09-09 14:36 - 2016-09-09 14:36 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
    2016-09-09 14:36 - 2016-09-09 14:36 - 00752856 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
    2016-09-09 14:36 - 2016-09-09 14:36 - 00402136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
    2016-09-09 14:36 - 2016-09-09 14:36 - 00365272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
    2016-09-09 14:36 - 2016-09-09 14:36 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
    2016-09-09 14:36 - 2016-09-09 14:36 - 00301784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
    2016-09-09 14:36 - 2016-09-09 14:36 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
    2016-09-09 14:36 - 2016-09-09 14:36 - 00000000 ____D C:\Users\Deni\Documents\Smart Driver Updater
    2016-09-09 14:36 - 2016-09-09 14:36 - 00000000 ____D C:\Program Files (x86)\Realtek
    2016-09-09 14:33 - 2016-09-09 14:33 - 00000000 ____D C:\Program Files (x86)\Smart PC Solutions
    2016-09-09 14:28 - 2016-09-09 14:31 - 00003038 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
    2016-09-09 14:28 - 2016-09-09 14:28 - 00001193 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.6.lnk
    2016-09-09 14:28 - 2016-09-09 14:28 - 00000000 ____D C:\Users\Deni\AppData\Local\Intel
    2016-09-09 14:28 - 2016-09-09 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
    2016-09-09 14:28 - 2016-09-09 14:28 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
    2016-09-09 14:28 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
    2016-09-09 14:25 - 2016-07-09 02:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-09-09 14:25 - 2016-07-09 02:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-09-09 14:25 - 2016-07-08 16:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2016-09-09 14:25 - 2016-07-08 16:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2016-09-09 14:25 - 2016-07-08 16:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-09-09 14:25 - 2016-07-08 16:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
    2016-09-09 14:25 - 2016-07-08 16:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-09-09 14:25 - 2016-07-08 16:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
    2016-09-09 14:25 - 2016-07-08 00:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-09-09 14:25 - 2016-07-07 23:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-09-09 14:25 - 2016-07-07 22:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-09-09 14:25 - 2016-07-06 16:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
    2016-09-09 14:25 - 2016-07-06 16:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
    2016-09-09 14:25 - 2016-07-06 16:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
    2016-09-09 14:25 - 2016-07-06 16:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
    2016-09-09 14:25 - 2016-06-25 20:13 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2016-09-09 14:25 - 2016-06-25 18:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2016-09-09 14:25 - 2016-06-25 18:15 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2016-09-09 14:25 - 2016-06-25 18:13 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2016-09-09 14:25 - 2016-06-25 18:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2016-09-09 14:25 - 2016-06-11 21:45 - 07445856 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-09-09 14:25 - 2016-05-19 01:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-09-09 14:25 - 2016-05-19 01:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2016-09-09 14:25 - 2016-05-19 01:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-09-09 14:25 - 2016-05-19 00:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2016-09-09 14:25 - 2016-05-18 07:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2016-09-09 14:25 - 2016-05-18 07:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2016-09-09 14:25 - 2016-05-14 01:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2016-09-09 14:25 - 2016-05-14 01:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2016-09-09 14:25 - 2016-05-14 01:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2016-09-09 14:25 - 2016-05-14 01:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2016-09-09 14:25 - 2016-05-14 00:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2016-09-09 14:25 - 2016-05-12 20:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
    2016-09-09 14:25 - 2016-05-12 19:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
    2016-09-09 14:25 - 2016-05-12 18:24 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
    2016-09-09 14:25 - 2016-05-12 18:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
    2016-09-09 14:25 - 2016-05-12 18:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
    2016-09-09 14:25 - 2016-05-12 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
    2016-09-09 14:25 - 2016-05-12 18:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2016-09-09 14:25 - 2016-05-12 17:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
    2016-09-09 14:25 - 2016-05-12 17:48 - 00580096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
    2016-09-09 14:25 - 2016-05-12 17:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
    2016-09-09 14:25 - 2016-05-12 17:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
    2016-09-09 14:25 - 2016-05-12 17:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
    2016-09-09 14:25 - 2016-05-06 17:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
    2016-09-09 14:25 - 2016-05-06 17:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
    2016-09-09 14:25 - 2016-01-30 21:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
    2016-09-09 14:25 - 2016-01-30 21:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
    2016-09-09 14:25 - 2016-01-30 20:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
    2016-09-09 14:25 - 2016-01-30 20:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
    2016-09-09 14:25 - 2016-01-30 19:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
    2016-09-09 14:25 - 2016-01-30 19:41 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
    2016-09-09 14:24 - 2016-06-21 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2016-09-09 14:24 - 2016-06-21 16:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2016-09-09 14:24 - 2016-05-19 01:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-09-09 14:24 - 2016-05-18 22:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-09-09 14:24 - 2016-05-14 22:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
    2016-09-09 14:24 - 2016-05-14 22:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
    2016-09-09 14:24 - 2016-05-14 01:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
    2016-09-09 14:24 - 2016-05-13 23:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2016-09-09 14:24 - 2016-05-13 23:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
    2016-09-09 14:24 - 2016-05-13 23:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2016-09-09 14:24 - 2016-05-13 23:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
    2016-09-09 09:31 - 2016-09-09 09:31 - 00000000 ____D C:\Users\Deni\Desktop\usb stick
    2016-09-08 19:56 - 2016-09-08 19:56 - 00000683 _____ C:\Users\Public\Desktop\Doom.lnk
    2016-09-08 19:56 - 2016-09-08 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom
    2016-09-08 17:20 - 2016-09-08 18:43 - 202440820 _____ C:\Users\Deni\Desktop\DSC03326.psd
    2016-09-07 21:18 - 2016-09-07 21:18 - 00000000 ____D C:\Users\Deni\Desktop\One_M8_All-In-One_Kit_v2.0
    2016-09-07 21:04 - 2016-09-07 21:04 - 00000178 _____ C:\Users\Deni\AppData\Local\uts.ini
    2016-09-07 21:04 - 2016-09-07 21:04 - 00000000 ____D C:\Users\Deni\AppData\Roaming\Kingosoft
    2016-09-07 21:04 - 2016-09-07 21:04 - 00000000 ____D C:\Users\Deni\AppData\Local\uts
    2016-09-07 21:04 - 2016-09-07 21:04 - 00000000 ____D C:\Users\Deni\AppData\Local\Kingosoft
    2016-09-07 21:03 - 2016-09-09 15:09 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT
    2016-09-07 20:50 - 2016-09-07 20:57 - 00000000 ____D C:\adb
    2016-09-06 19:03 - 2016-09-06 19:03 - 00000000 ____D C:\Users\Deni\Documents\HTC
    2016-09-06 15:48 - 2016-09-06 16:24 - 00000000 ____D C:\Users\Deni\Desktop\New folder (2)
    2016-08-30 20:55 - 2016-08-30 20:55 - 00000000 ____D C:\Users\Deni\Documents\Battlefield 1 Open Beta
    2016-08-30 20:46 - 2016-08-30 20:46 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
    2016-08-30 02:17 - 2016-08-30 02:17 - 00026008 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGVirHid.sys
    2016-08-27 23:55 - 2016-08-27 23:55 - 00000000 ____D C:\ProgramData\dbdata
    2016-08-27 13:36 - 2016-05-07 11:12 - 00121989 _____ C:\Users\Deni\Desktop\tv_channels_nunoo.m3u
    2016-08-22 21:00 - 2016-08-22 21:00 - 253104814 _____ C:\Users\Deni\Desktop\DSC02335.psd
    2016-08-18 21:50 - 2016-08-18 21:50 - 00000000 ____D C:\Program Files (x86)\Skype
    2016-08-15 21:19 - 2016-08-15 21:46 - 253100762 _____ C:\Users\Deni\Desktop\DSC02431.psd

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-19 04:15 - 2014-05-11 12:18 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F101BD4-00C8-456E-90DA-C17C0D9CD711}
    2016-09-11 13:52 - 2014-05-10 17:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1733326516-725949756-2878381490-1001
    2016-09-11 13:48 - 2015-01-29 20:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-09-11 13:43 - 2015-09-04 13:22 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-09-11 13:43 - 2014-05-27 23:57 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-09-11 13:37 - 2015-02-06 00:00 - 00000000 ____D C:\Users\Deni\AppData\Roaming\TS3Client
    2016-09-11 13:36 - 2014-05-13 20:53 - 00000000 ____D C:\Users\Deni\AppData\Local\Battle.net
    2016-09-11 13:20 - 2016-02-16 08:36 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-09-11 13:20 - 2014-07-03 13:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-09-11 12:27 - 2014-03-18 12:04 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-09-11 12:27 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
    2016-09-11 12:20 - 2015-07-01 02:45 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-11 12:20 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-09-11 12:19 - 2014-05-11 12:17 - 00000000 ____D C:\Users\Deni
    2016-09-11 12:17 - 2016-05-23 17:35 - 00000000 ____D C:\ProgramData\CLink4
    2016-09-11 12:05 - 2014-05-27 22:47 - 00000000 ____D C:\Users\Deni\AppData\Local\Adobe
    2016-09-11 00:20 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
    2016-09-10 17:12 - 2014-05-29 16:44 - 00000000 ____D C:\Users\Deni\AppData\Roaming\vlc
    2016-09-10 16:33 - 2016-05-11 00:20 - 00000000 ____D C:\Users\Deni\AppData\Roaming\uTorrent
    2016-09-10 16:33 - 2016-02-05 16:28 - 00000000 ____D C:\Users\Deni\AppData\Roaming\DAEMON Tools Pro
    2016-09-10 16:33 - 2016-01-30 02:02 - 00000000 ____D C:\Users\Deni\AppData\Roaming\TeamViewer
    2016-09-10 16:33 - 2014-07-05 01:23 - 00000000 ____D C:\Users\Deni\AppData\Local\CrashDumps
    2016-09-10 16:31 - 2016-01-11 14:36 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2016-09-10 15:45 - 2014-05-15 15:11 - 00000000 ____D C:\ProgramData\Origin
    2016-09-09 18:01 - 2014-12-12 02:08 - 00000000 ____D C:\Windows\system32\appraiser
    2016-09-09 18:01 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
    2016-09-09 18:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\setup
    2016-09-09 18:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\setup
    2016-09-09 17:47 - 2014-05-13 18:39 - 00000000 ____D C:\Windows\system32\MRT
    2016-09-09 17:47 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-09-09 17:44 - 2014-05-13 18:39 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-09-09 17:41 - 2013-08-22 16:44 - 05433616 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-09-09 17:30 - 2015-02-13 17:50 - 00000000 ____D C:\Program Files\Logitech Gaming Software
    2016-09-09 17:29 - 2016-01-26 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2016-09-09 17:29 - 2015-02-13 17:50 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
    2016-09-09 16:58 - 2015-01-29 20:18 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-09-09 15:03 - 2014-05-10 17:36 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
    2016-09-09 14:39 - 2014-05-15 14:33 - 00000000 ____D C:\ProgramData\Package Cache
    2016-09-09 14:39 - 2014-05-10 17:42 - 00000000 ____D C:\Program Files\Intel
    2016-09-09 14:38 - 2014-05-10 17:42 - 00000000 ____D C:\ProgramData\Intel
    2016-09-09 14:38 - 2014-05-10 17:36 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-09-09 14:36 - 2014-05-10 17:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-09-09 14:27 - 2016-03-02 21:14 - 00000000 ____D C:\Windows\System32\Tasks\Intel
    2016-09-09 09:39 - 2016-05-25 21:02 - 00000000 ____D C:\Users\Deni\AppData\Local\Deployment
    2016-09-08 19:42 - 2014-05-16 20:01 - 00001456 _____ C:\Users\Deni\AppData\Local\Adobe Save for Web 13.0 Prefs
    2016-09-07 21:24 - 2015-04-17 11:30 - 00000000 ____D C:\ruu_log
    2016-09-07 21:04 - 2014-06-24 01:07 - 00000000 ____D C:\Users\Deni\.android
    2016-09-07 13:53 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-09-07 13:52 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
    2016-09-07 13:48 - 2014-05-10 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-09-07 13:47 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-09-07 13:47 - 2013-08-22 15:25 - 00000076 _____ C:\Windows\win.ini
    2016-09-07 12:40 - 2014-05-11 12:17 - 00000000 ____D C:\ProgramData\KMSAutoS
    2016-09-06 22:56 - 2014-05-13 20:52 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
    2016-09-06 19:04 - 2016-01-13 02:27 - 00000000 ____D C:\Users\Deni\AppData\Local\Ubisoft Game Launcher
    2016-09-06 19:03 - 2014-06-24 03:42 - 00000005 _____ C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
    2016-09-06 19:03 - 2014-06-24 03:18 - 00000000 ____D C:\ProgramData\HTC
    2016-09-06 19:03 - 2014-06-24 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
    2016-09-06 19:03 - 2014-06-24 02:18 - 00000000 ____D C:\Program Files (x86)\HTC
    2016-09-06 19:02 - 2014-05-30 13:42 - 00000000 ____D C:\Users\Deni\AppData\Local\Downloaded Installations
    2016-09-06 02:44 - 2016-02-11 04:34 - 00000000 ____D C:\Users\Deni\Desktop\Settings
    2016-09-04 22:53 - 2016-02-23 17:27 - 00000000 ____D C:\Users\Deni\AppData\Roaming\discord
    2016-09-03 13:10 - 2016-02-23 17:27 - 00000000 ____D C:\Users\Deni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-09-03 13:10 - 2016-02-23 17:27 - 00000000 ____D C:\Users\Deni\AppData\Local\Discord
    2016-08-30 20:21 - 2014-05-15 15:12 - 00000000 ____D C:\Users\Deni\AppData\Roaming\Origin
    2016-08-30 02:17 - 2015-06-11 02:33 - 00067736 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGJoyXlCore.sys
    2016-08-30 02:17 - 2015-06-11 02:33 - 00036496 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LGBusEnum.sys
    2016-08-28 12:41 - 2014-05-10 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-08-27 23:55 - 2014-05-27 23:53 - 00000000 ____D C:\Users\Deni\Documents\My Games
    2016-08-24 21:21 - 2014-06-22 22:35 - 00000000 ____D C:\Users\Deni\AppData\Roaming\Skype
    2016-08-18 21:50 - 2014-06-22 22:35 - 00000000 ____D C:\ProgramData\Skype

    ==================== Files in the root of some directories =======

    2016-05-13 13:25 - 2016-05-13 13:25 - 0000132 _____ () C:\Users\Deni\AppData\Roaming\Adobe PNG Format CC Prefs
    2016-03-01 20:38 - 2016-03-01 20:38 - 0000033 _____ () C:\Users\Deni\AppData\Roaming\AdobeWLCMCache.dat
    2016-05-02 22:22 - 2016-05-02 22:22 - 0000046 _____ () C:\Users\Deni\AppData\Roaming\Camdata.ini
    2016-05-02 22:22 - 2016-05-02 22:22 - 0000408 _____ () C:\Users\Deni\AppData\Roaming\CamLayout.ini
    2016-05-02 22:22 - 2016-05-02 22:22 - 0000408 _____ () C:\Users\Deni\AppData\Roaming\CamShapes.ini
    2016-05-02 18:18 - 2016-05-02 18:18 - 0000096 _____ () C:\Users\Deni\AppData\Roaming\version2.xml
    2016-04-19 18:26 - 2016-04-19 18:26 - 0000600 _____ () C:\Users\Deni\AppData\Roaming\winscp.rnd
    2014-05-16 20:01 - 2016-09-08 19:42 - 0001456 _____ () C:\Users\Deni\AppData\Local\Adobe Save for Web 13.0 Prefs
    2014-05-11 12:21 - 2014-05-11 12:21 - 0000000 _____ () C:\Users\Deni\AppData\Local\Driver_LOM_8161Present.flag
    2016-04-19 16:35 - 2016-04-19 16:35 - 0000600 _____ () C:\Users\Deni\AppData\Local\PUTTY.RND
    2014-07-11 16:53 - 2014-07-11 16:53 - 0007605 _____ () C:\Users\Deni\AppData\Local\Resmon.ResmonCfg
    2015-08-20 20:47 - 2015-08-20 20:47 - 0000003 _____ () C:\Users\Deni\AppData\Local\updater.log
    2015-08-20 20:47 - 2015-08-20 20:58 - 0000059 _____ () C:\Users\Deni\AppData\Local\UserProducts.xml
    2016-09-07 21:04 - 2016-09-07 21:04 - 0000178 _____ () C:\Users\Deni\AppData\Local\uts.ini
    2014-05-10 17:41 - 2014-05-10 17:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Deni\AppData\Local\Temp\dllnt_dump.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-09-05 05:44

    ==================== End of FRST.txt ============================
     
  4. Denitorious

    Denitorious TS Rookie Topic Starter

    Additional.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
    Ran by Deni (11-09-2016 14:07:15)
    Running from E:\Users\Denitorious\Downloads
    Windows 8.1 Pro (Update) (X64) (2014-05-11 10:17:07)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1733326516-725949756-2878381490-500 - Administrator - Disabled)
    Deni (S-1-5-21-1733326516-725949756-2878381490-1001 - Administrator - Enabled) => C:\Users\Deni
    Guest (S-1-5-21-1733326516-725949756-2878381490-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    . . . (Version: 2.1.28.3 - Intel) Hidden
    . . . (x32 Version: 2.6.1.4 - Intel) Hidden
    µTorrent (HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\uTorrent) (Version: 3.4.8.42445 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
    Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.2.1 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.1 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Alien Skin Exposure 6 (HKLM\...\Alien Skin Exposure 6) (Version: - Alien Skin)
    Alien Skin Exposure 7 (HKLM\...\Alien Skin Exposure 7) (Version: - Alien Skin)
    Alien Skin Exposure X (HKLM\...\Alien Skin Exposure X) (Version: - Alien Skin)
    Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
    Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
    Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
    Apple Application Support (32-Bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
    Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
    Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
    CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
    CEVO CS:GO Client Beta version 2.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 2.0 - )
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version: 3.10.7525.4 - Sony Computer Entertainment Inc.)
    Core Temp 1.0 RC8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Corsair Link 4 (HKLM-x32\...\{ca37ff55-4f68-48ab-b12f-1c33e36c1410}) (Version: 4.2.4.25 - Corsair Components, Inc.)
    Corsair Link 4 (x32 Version: 4.2.4.25 - Corsair Components, Inc.) Hidden
    Corsair Link(TM) USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version: - Corsair Memory, Inc.)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    CronusPRO version 1.0 (HKLM-x32\...\{CCAB1B16-C07A-4ECB-97AA-FF8E791D63E2}_is1) (Version: 1.0 - CronusMAX Team)
    Curse Client (HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Demonbuddy (HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\{a1f54422-1ee1-4b54-94a1-fbc0f502f05c}) (Version: 1.0.2881.442 - Bossland GmbH)
    Demonbuddy (x32 Version: 1.0.2881.442 - Bossland GmbH) Hidden
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    Discord (HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
    Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
    Doom (HKLM-x32\...\{B6A2B3BA-C93E-4AEE-BBCF-BE91DDC84962}_is1) (Version: - id Software)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
    Duden Home (HKLM-x32\...\{288A423E-D6CA-47C3-B480-D1203EB08948}) (Version: 10.0.0 - Bibliographisches Institut GmbH)
    Dungeon Defenders II (HKLM\...\Steam App 236110) (Version: - Trendy Entertainment)
    DxO OpticsPro 10 (HKLM\...\{3C8B1595-47CD-4ACC-9844-A0E41FD21960}) (Version: 10.1.1 - DxO Labs)
    DxO OpticsPro 10 plug-in for Adobe Lightroom (HKLM-x32\...\{79C97462-1598-48CD-B597-8B3C3C5A20B8}) (Version: 1.0.23 - DxO Labs)
    Effects Suite 64-bit (HKLM-x32\...\InstallShield_{76D21FF6-B4B6-4BE1-A43D-AB01EA6A2B69}) (Version: 11.0.1 - Red Giant)
    Effects Suite 64-bit (Version: 11.0.1 - Red Giant) Hidden
    Effects Suite v11.1.6 (HKLM-x32\...\{4DD8EE5E-F571-4EC8-9526-E7C62FE39B19}_is1) (Version: 11.1.6 - Red Giant, LLC)
    Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
    Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
    Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    FaceFilter v3.02 PRO (HKLM-x32\...\{6020758E-57A9-41E3-AF20-8EE311EA6156}) (Version: 3.02.1506.1 - Reallusion Inc.)
    Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version: - Ubisoft)
    ForHonorTT (HKLM-x32\...\Uplay Install 2184) (Version: - Ubisoft)
    Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Free Mouse Auto Clicker 3.4.1 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version: - Advanced Mouse Auto Clicker ltd.)
    Genymotion version 2.6.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.6.0 - Genymobile)
    G-Ignition (HKLM-x32\...\{FDC4D293-2167-496B-945C-CE82E90C5E81}_is1) (Version: 3.0.1.12 - EIZO Corporation)
    go4drive 2014 (HKLM-x32\...\go4drive 2014) (Version: 2014.1.6 - Ingenieurbüro Saal)
    Google Update Helper (x32 Version: 1.3.25.3 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hearthbuddy (HKLM-x32\...\{1845fae1-a89e-45ff-b149-bfc8947d7ad3}) (Version: 0.3.1189.258 - Bossland GmbH)
    Hearthbuddy (x32 Version: 0.3.1189.258 - Bossland GmbH) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
    Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    Intel Extreme Tuning Utility (HKLM-x32\...\{e3931098-f44a-4c70-bf9c-f48d24bdd066}) (Version: 6.0.2.8 - Intel Corporation)
    Intel Extreme Tuning Utility (x32 Version: 6.0.2.8 - Intel Corporation) Hidden
    Intel Processor Diagnostic Tool 64bit (HKLM\...\{7DEAECAD-F239-49FF-A6D4-2B3E523A1CA3}) (Version: 3.0.0.23 - Intel Corporation)
    Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
    Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
    Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
    Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
    Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
    Logitech Gaming Software 8.87 (HKLM\...\Logitech Gaming Software) (Version: 8.87.116 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MiniTool Partition Wizard Professional Edition 9.0 (HKLM-x32\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
    New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
    New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
    New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
    New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
    New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
    Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
    Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.0.0 - Duodian Technology Co. Ltd.)
    NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
    NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
    NVIDIA Miracast Virtual Audio 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 372.70 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.14.2 - OBS Project)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Panoweaver 9.1 Professional Edition (HKLM-x32\...\Panoweaver910_pro_is1) (Version: - Easypano Holdings Inc.)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
    PortraitPro Studio 12.2 (HKLM\...\PortraitProStudio12_is1) (Version: 12.2 - Anthropics Technology Ltd.)
    Proxifier version 3.28 (HKLM-x32\...\Proxifier_is1) (Version: 3.28 - Initex)
    PTGui Pro 10.0.7 (HKLM-x32\...\PTGui) (Version: - New House Internet Services B.V.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
    Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
    QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.102 - Realtek Semiconductor Corp.)
    Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.6.0 - Red Giant, LLC)
    RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
    Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 3.9 - Saal Digital Fotoservice GmbH)
    Saal Design Software (x32 Version: 3.9 - Saal Digital Fotoservice GmbH) Hidden
    Sample Production Bit Checker x64 (HKLM\...\{1FFA19A6-D46D-4993-B39E-394EB92781A4}) (Version: 1.0.7.0 - Intel Corporation)
    Screencast-O-Matic (HKU\RK_Denitorious_ON_E_8401\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
    SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
    ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.1.0 - ShareX Developers)
    SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
    Simple Shutdown Timer (HKLM-x32\...\Simple Shutdown Timer1.1.2) (Version: 1.1.2 - PcWinTech.com)
    Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
    Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
    Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.20.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
    The Witness (HKLM-x32\...\The Witness_is1) (Version: - )
    Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft)
    Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
    TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
    TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
    UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)
    Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    VPN.cc (HKLM-x32\...\VPN.cc 2.0.2) (Version: 2.0.2 - VPN.cc)
    VPN.cc (Version: 2.0.2 - VPN.cc) Hidden
    Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
    Winamp Detector Plug-in (HKU\RK_Denitorious_ON_E_8401\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
    Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
    Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
    Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
    Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
    World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
    Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
    Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
    Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
    Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd.)
    Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1733326516-725949756-2878381490-1001_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> F:\Programs\Duden\adxloader64.dll ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2340C1FE-A439-494A-8925-D719D9D28C04} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {29539303-AED6-484B-8428-E1A6E41F2B65} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {383D2BC3-A97E-4E68-BC23-7EDCC10EAC94} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
    Task: {3F3CDD6A-1C9C-4154-BCE2-568194DF0AF2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
    Task: {455B0794-A7CA-41EC-A783-D02EA630EB2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-09] (Adobe Systems Incorporated)
    Task: {4665A98D-48FE-48BD-8061-B317CED41D72} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => A:\Program Files\TuneUp\OneClick.exe [2014-07-16] (TuneUp Software)
    Task: {50F23E64-601A-4513-B306-AC100AA580AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {5B3E881B-7371-4447-9A78-CA2048D1671F} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
    Task: {5D0AD2AE-39F1-4B0C-9893-3126D7DF8CD0} - System32\Tasks\AdobeAAMUpdater-1.0-WINCTRL-5GC1BRK-Deni => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
    Task: {72C1DEAE-F1CB-4BA4-841F-0688B504A860} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
    Task: {7F75036F-22E9-4EBF-8797-0CFCB7EF713A} - System32\Tasks\{78B3DD3C-B4A5-427C-B0D6-E7E214E7F22D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?page=tsMain
    Task: {800D8267-40D5-43D5-B831-108625BA2853} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2014-04-28] (MSfree Inc.)
    Task: {83FA1D19-109A-4817-B45E-F37510F9C48C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {92A303F4-7151-49E4-BC8C-811826A205A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {95C24717-ECAE-43B6-8908-6D93E117D316} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {A03632B3-B8A2-4701-8151-77B40541B0CA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {A15481E7-3806-42D0-BF53-36DEF9DC5F4D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-13] (AO Kaspersky Lab)
    Task: {B813C516-BCD8-44BC-A3CD-FE57AD48C802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {CC88BA7D-F367-4C70-9D2A-F2B0FA89AA0E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CD2FF6B0-F228-4CB4-8E4B-6B0D0D73D162} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {E3FFD5B9-F9F4-47BC-8FE7-17AD214DEC45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F7D3A7C9-CDC2-4799-930D-D7A6F611E84D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
    Task: {FAFC9AB7-A0E8-4EC5-9EFF-A107773B53E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
    Task: {FB06333E-10C1-416D-967F-775227AEFEC5} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-05-05] (Intel Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
  5. Denitorious

    Denitorious TS Rookie Topic Starter

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-09-11 00:20 - 2016-08-25 23:10 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-10-13 02:13 - 2015-03-28 15:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2014-06-24 02:18 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
    2016-09-11 00:20 - 2016-08-26 01:28 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
    2016-09-11 00:20 - 2016-08-26 01:28 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
    2016-06-10 15:23 - 2015-02-17 17:36 - 00013824 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtWebProcess.exe
    2016-09-11 13:06 - 2016-09-06 17:53 - 25199688 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe
    2016-09-11 00:20 - 2016-08-26 01:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00012288 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtQuick.2\qtquick2plugin.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00783872 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00012288 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtQuick\Window.2\windowplugin.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00055296 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtQuick\Layouts\qquicklayoutsplugin.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00026624 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtWebKit\qmlwebkitplugin.dll
    2016-06-10 15:23 - 2016-02-10 13:40 - 00037888 _____ () C:\Program Files (x86)\EIZO\G-Ignition\QtWebKit\experimental\qmlwebkitexperimentalplugin.dll
    2015-09-04 20:34 - 2015-09-04 20:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-04-20 02:42 - 2014-04-20 02:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
    2014-04-20 02:42 - 2014-04-20 02:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
    2014-04-20 02:42 - 2015-02-07 18:38 - 00642344 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
    2016-09-11 13:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-09-11 13:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-09-11 13:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-09-11 13:42 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
    2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
    2016-09-11 13:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation [63]
    AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2016-06-20 23:53 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\RK_Denitorious_ON_E_8401\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AeLookupSvc => 3
    MSCONFIG\Services: AGSService => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: BEService => 3
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: Disc Soft Pro Bus Service => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: Intel(R) ME Service => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: NvStreamNetworkSvc => 3
    MSCONFIG\Services: NvStreamSvc => 2
    MSCONFIG\Services: Origin Client Service => 3
    MSCONFIG\Services: PAExec => 3
    MSCONFIG\Services: PassThru Service => 2
    MSCONFIG\Services: PnkBstrA => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: Stereo Service => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
    MSCONFIG\Services: tvnserver => 2
    MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
    HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "Content Manager Assistant for PlayStation(R).lnk"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Launch LCore"
    HKLM\...\StartupApproved\Run: => "VX3000"
    HKLM\...\StartupApproved\Run: => "tvncontrol"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "BCSSync"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "LifeCam"
    HKLM\...\StartupApproved\Run32: => "UpdReg"
    HKU\S-1-5-21-1733326516-725949756-2878381490-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{060FBD34-E5DC-42AD-A6A4-867046884A60}] => (Allow) F:\Steam\Steam.exe
    FirewallRules: [{D464DF3A-D29C-41AE-A64F-1F2B07EDD007}] => (Allow) F:\Steam\Steam.exe
    FirewallRules: [{9C1E41BF-D0C1-4BFD-8C9F-CCDD7DD55574}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
    FirewallRules: [{BAEB396A-0B1C-4504-AEC4-E9A0B9E5D2FA}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
    FirewallRules: [{0007191A-AC8B-42DA-8A17-3F97E7D29E45}] => (Allow) F:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{FDC51EB2-25A0-41DE-98DA-BAAACED1819B}] => (Allow) F:\Steam\steamapps\common\insurgency2\insurgency.exe
    FirewallRules: [{14ED457B-79F4-4EF7-BF9E-2AA5AB895EA2}] => (Allow) E:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{B3D7750A-1342-4233-9634-9270D36D3EA8}] => (Allow) F:\Steam\steamapps\common\WormsGolf2010\WormsCrazyGolf.exe
    FirewallRules: [{8C2F2C63-CFE7-4136-8DEB-17464D7B70D3}] => (Allow) F:\Steam\steamapps\common\WormsGolf2010\WormsCrazyGolf.exe
    FirewallRules: [{A8C30B1D-ED9D-4742-881D-CDE3A27185C3}] => (Allow) F:\Steam\steamapps\common\WormsXHD\Launcher.exe
    FirewallRules: [{925D260F-B61D-4952-AF1A-92E0E9D2BBE6}] => (Allow) F:\Steam\steamapps\common\WormsXHD\Launcher.exe
    FirewallRules: [{18667E09-7641-48EB-A6F9-013B75E0A649}] => (Allow) F:\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
    FirewallRules: [{7DC3BB44-335C-4D6B-872F-12EEBD606797}] => (Allow) F:\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
    FirewallRules: [{4A0D0C41-2B42-4CC6-AD4C-E0CF9BA45AEE}] => (Allow) F:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{5ABE0D92-4E62-4B70-B025-87E4D4520ABB}] => (Allow) F:\Steam\steamapps\common\Worms Reloaded\WormsReloaded.exe
    FirewallRules: [{30617D6A-B678-47AC-9117-9BF713C83A75}] => (Allow) F:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
    FirewallRules: [{B8B066CA-F051-4970-A37B-10BE00A79DB0}] => (Allow) F:\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
    FirewallRules: [{23BF9076-73E4-4ED2-8063-2A2540FC9B4E}] => (Allow) F:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
    FirewallRules: [{34989F16-E10D-46FF-A7AA-D95E4129467D}] => (Allow) F:\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
    FirewallRules: [{87F2E02C-941E-44DE-AF37-40383D3F9B0E}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe
    FirewallRules: [{E339DE1C-5EE9-48D6-AA0C-3155DD8BD77F}] => (Allow) F:\Steam\steamapps\common\Half-Life\hl.exe
    FirewallRules: [{CA771553-A8C0-4AE9-AAA8-0545834B177B}] => (Allow) F:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CCE0C4A6-8E9D-4606-9908-A70FF3D7CFA4}] => (Allow) F:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{EB354F5C-6F4C-462F-A44D-6739541F5A38}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
    FirewallRules: [{5874C23B-E36F-4188-BE18-41F6F7FBFDE9}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
    FirewallRules: [{F565A70D-A209-4E1F-98DC-81784AA30688}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
    FirewallRules: [{8FBBAB86-6394-49F7-97C1-0AF236211240}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
    FirewallRules: [{60D2DC4F-2070-4E2D-8249-66DE70545679}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
    FirewallRules: [{FB2BF0F3-15E3-40BD-A11E-F7816391DA42}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
    FirewallRules: [{3C64D3C6-68F7-4CE8-A2FD-170D3C182D0A}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
    FirewallRules: [{7EDC7BBD-1A40-466A-A657-98B229595BB0}] => (Allow) F:\Steam\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
    FirewallRules: [{A6A25B8F-E1E9-4EA8-AC4B-4A64C1B111A0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{1BC7B1A5-BE56-48E6-9C4B-4ACBE8CE706C}] => (Allow) LPort=2869
    FirewallRules: [{629ACF60-493D-4484-A9FE-576A78874475}] => (Allow) LPort=1900
    FirewallRules: [{39A12CDE-7B6E-4C57-8475-3E78697C11B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3E2DA58E-7C18-4E17-BC7A-0B549427A42C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{87E5656C-265D-4E35-B54D-C9EE60FFEB06}] => (Allow) J:\Client\32.exe
    FirewallRules: [{EB1B54B2-4C5A-4F3A-93D8-332C8CA86D66}] => (Allow) J:\Client\32.exe
    FirewallRules: [{5B47B4F9-D8FB-408A-8BD6-9FAD333C9933}] => (Allow) LPort=1081
    FirewallRules: [{F38C8589-C753-49ED-9F0B-016CAD922E8B}] => (Allow) F:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{A2A7D8B8-083E-425D-A1B3-B268EE976E27}] => (Allow) F:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
    FirewallRules: [{F25A9BD1-A92C-427A-A668-55BF6DF14151}] => (Allow) F:\Steam\steamapps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{8F117FDE-8D5B-473F-A0A1-E9CBB1F55CDB}] => (Allow) F:\Steam\steamapps\common\Arma 3\arma3launcher.exe
    FirewallRules: [{BBEF8500-D113-42E0-B19D-DCFBA9527E38}] => (Allow) A:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{B63990CA-E813-4EE1-BBF4-A736CE8038AC}] => (Allow) A:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{DD5D1BEB-11A0-4C9B-B1CB-B3AF1F447F97}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{64B5F10D-C426-48CF-97C0-282AB3B60877}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{60EECB51-5482-4EBC-9E7C-E06242F85FF9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{0453B499-7279-416D-8BAA-F827E16DE0A7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{ABA28084-AF15-4B37-ADA4-5559879AB72C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A57DFE36-CF05-4377-AAF9-8B33728113B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A09CBD30-C1DA-4106-AA4E-5E9FBD9D1965}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{B3FAB68E-086C-4263-B983-1993345CF829}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{A4007648-EE46-4A33-812D-64DDF4C04D1B}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{FAB1FDEE-408A-49B4-978A-E37FCA3664E6}] => (Allow) A:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{E2025D0E-1EBE-4AD8-9ED4-C8B29162EC5B}] => (Allow) A:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{2B68BA6E-E869-42B0-83BA-CE46B93AA6BF}] => (Allow) A:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{F68D5984-AB1B-40C2-B708-3E21F3F589EC}] => (Allow) A:\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{B60EE973-669B-45CF-8E2D-1970F7DA720A}] => (Allow) A:\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{0F5F495D-DA2A-451D-9857-B64BC6BAB088}] => (Allow) A:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{E3CAD5AF-F28C-44C4-B8EE-9BBB50DA3845}] => (Allow) A:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{4F0C9FB8-4AE6-4237-B653-3838B352CB12}] => (Allow) F:\Programs\Winamp\winamp.exe
    FirewallRules: [{DFAFE125-9DB4-4E4C-B22B-814A266C6FB8}] => (Allow) F:\Programs\Winamp\winamp.exe
    FirewallRules: [{A0B743CC-277C-4AFF-9AEE-37C25B9E02B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{91CB1906-96D9-4708-AA2C-49FEC5ABD32E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D342DCCD-A445-4ECC-9FFF-B0AA7A76E35C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{12EBB50B-4912-40B8-A31E-4A5B9A09763E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{8491977E-4837-41F8-8D96-7E0530DDFB6C}] => (Allow) F:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{B3BE5696-348D-4CDA-B2FB-2873CE31A58B}] => (Allow) A:\SteamLibrary\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
    FirewallRules: [{C9BABD4D-9F76-4B86-9333-610E19E7AEA0}] => (Allow) A:\SteamLibrary\steamapps\common\Dungeon Defenders 2\DunDefLauncher.exe
    FirewallRules: [{AE701FAE-6D3F-4754-A053-32042CF3661C}] => (Allow) A:\Program Files\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{0536407E-FE90-4768-B658-633DCC531CCA}] => (Allow) A:\Program Files\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
    FirewallRules: [{0A298BD3-6B05-4DD7-A883-9368F15327FC}] => (Allow) A:\Program Files\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
    FirewallRules: [{0E3664BD-536A-42FC-A985-787E7C55909B}] => (Allow) A:\Program Files\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
    FirewallRules: [{2806D814-3F6A-43F2-B6CA-38E1CFA5CB28}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F60CE246-853A-478E-A907-C6A5CD69F045}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{47A9C3F3-0F7C-45B4-A902-FD5279FA7170}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{871A5DF7-2C0A-43C7-8E33-9CE07952CF43}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1AB67AFF-AF55-429D-98FC-507A5267A2F4}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{818763CE-2601-4CEC-A5CA-1144234F461F}] => (Allow) C:\Users\Deni\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{15868170-EC15-4977-8A00-23EE7691C294}] => (Allow) A:\Program Files\Ubisoft Game Launcher\games\Far Cry Primal\bin\FCPrimal.exe
    FirewallRules: [{144B46DF-F3E2-465A-A214-B34A910E113E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{083B3EC1-B47C-429C-A1D0-DB007DF8DBF7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{0FD12485-02B8-4315-94D5-E7B1109976FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{59899A54-5266-4AE0-A808-FD8DA01AB75F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{7A4AE0D4-0E5B-4222-9C05-3234271B78EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{15A5D813-9C0D-4D1B-AAA9-CF1743659794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{5E2AE028-BE29-477A-A4A4-D6C120DFFE83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    09-09-2016 14:27:47 Intel® Driver Update Utility
    11-09-2016 14:05:55 Cleaner (Spybot - Search & Destroy 2.6, administrator privileges

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/11/2016 02:05:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (09/11/2016 01:52:02 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (09/11/2016 01:34:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.18264, time stamp: 0x56e1bc63
    Faulting module name: ProtectionManagement.dll, version: 4.8.207.0, time stamp: 0x55933dc7
    Exception code: 0xc0000005
    Fault offset: 0x000000000000f674
    Faulting process id: 0x818
    Faulting application start time: 0x01d20c2076090568
    Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
    Faulting module path: C:\Program Files\Windows Defender\ProtectionManagement.dll
    Report Id: b3c02b61-7813-11e6-8424-bc5ff4f7d675
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (09/11/2016 01:34:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: wmiprvse.exe, version: 6.3.9600.18264, time stamp: 0x56e1bc63
    Faulting module name: ProtectionManagement.dll, version: 4.8.207.0, time stamp: 0x55933dc7
    Exception code: 0xc0000005
    Fault offset: 0x000000000000f674
    Faulting process id: 0x1778
    Faulting application start time: 0x01d20c206c871019
    Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
    Faulting module path: C:\Program Files\Windows Defender\ProtectionManagement.dll
    Report Id: b1b9e303-7813-11e6-8424-bc5ff4f7d675
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (09/10/2016 07:47:36 PM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Error: Failed to copy new service file to temp location

    Error: (09/10/2016 07:47:35 PM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Error: Failed to copy temp service file to final location

    Error: (09/10/2016 07:26:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (09/10/2016 06:52:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
    Description: The volume System Reserved was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

    Error: (09/10/2016 04:38:59 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
    Exception code: 0xc0000008
    Fault offset: 0x00000000000925fa
    Faulting process id: 0x360
    Faulting application start time: 0x01d20b70a781ac7b
    Faulting application path: C:\Windows\System32\svchost.exe
    Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report Id: 4ed17e19-7764-11e6-841e-bc5ff4f7d675
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (09/10/2016 02:59:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: nvcontainer.exe, version: 1.0.2111.5024, time stamp: 0x57c8586c
    Faulting module name: libprotobuf.dll, version: 0.0.0.0, time stamp: 0x56d8ba1e
    Exception code: 0xc0000005
    Fault offset: 0x00000000000479ab
    Faulting process id: 0x540
    Faulting application start time: 0x01d20b6326b604d4
    Faulting application path: C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    Faulting module path: C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    Report Id: 742311f3-7756-11e6-841d-bc5ff4f7d675
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (09/11/2016 01:53:02 PM) (Source: DCOM) (EventID: 10010) (User: WINCTRL-5GC1BRK)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

    Error: (09/11/2016 01:52:32 PM) (Source: DCOM) (EventID: 10010) (User: WINCTRL-5GC1BRK)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

    Error: (09/11/2016 12:20:30 PM) (Source: DCOM) (EventID: 10005) (User: WINCTRL-5GC1BRK)
    Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
    {9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (09/11/2016 12:20:30 PM) (Source: DCOM) (EventID: 10005) (User: WINCTRL-5GC1BRK)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (09/11/2016 12:20:29 PM) (Source: DCOM) (EventID: 10010) (User: WINCTRL-5GC1BRK)
    Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout.

    Error: (09/11/2016 12:20:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/11/2016 12:20:18 PM) (Source: DCOM) (EventID: 10005) (User: WINCTRL-5GC1BRK)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (09/11/2016 12:20:12 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service TermService with arguments "Unavailable" in order to run the server:
    {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

    Error: (09/11/2016 12:20:09 PM) (Source: DCOM) (EventID: 10005) (User: WINCTRL-5GC1BRK)
    Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
    {DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (09/11/2016 12:20:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: DCOM got error "1084" attempting to start the service TermService with arguments "Unavailable" in order to run the server:
    {F9A874B6-F8A8-4D73-B5A8-AB610816828B}


    CodeIntegrity:
    ===================================
    Date: 2015-02-07 18:29:24.314
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\FULITTAAUX.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-07 18:13:57.334
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\DMHYVNRPHABAT.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-07 18:12:48.357
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\YTYDWLWQB.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Percentage of memory in use: 26%
    Total physical RAM: 16314.53 MB
    Available physical RAM: 11937.16 MB
    Total Virtual: 21937.53 MB
    Available Virtual: 17211.92 MB

    ==================== Drives ================================

    Drive a: (New Volume) (Fixed) (Total:931.39 GB) (Free:171.4 GB) NTFS
    Drive c: (Windows 8.1) (Fixed) (Total:232.54 GB) (Free:86.65 GB) NTFS
    Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: () (Fixed) (Total:688.11 GB) (Free:213.08 GB) NTFS
    Drive f: (DATA) (Fixed) (Total:688.55 GB) (Free:348.82 GB) NTFS
    Drive g: (Doom) (CDROM) (Total:62.3 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ==================== End of Addition.txt ============================
     
  6. Denitorious

    Denitorious TS Rookie Topic Starter

    RKreport.txt

    RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software
    Mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 8.1 (6.3.9600) 64 bits version
    gestarted in : normaler Modus
    User : Deni [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Modus : Scannen -- Datum : 09/11/2016 14:15:13 (Duration : 00:11:42)

    ¤¤¤ Prozesse : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Gefunden
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Gefunden

    ¤¤¤ Aufgaben : 0 ¤¤¤

    ¤¤¤ Dateien : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Host Dateien : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: geladen) ¤¤¤

    ¤¤¤ Web Browser : 2 ¤¤¤
    [PUM.Proxy][FIREFX:Config] mbms34da.default : user_pref("network.proxy.http", "180.251.162.191"); -> Gefunden
    [PUM.Proxy][FIREFX:Config] mbms34da.default : user_pref("network.proxy.http_port", 80); -> Gefunden

    ¤¤¤ MBR Überprüfung : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
    --- User ---
    [MBR] 6254364dce6ded8c711880dca8cdb2dd
    [BSP] 3a49e283c573b93f3427a6a8a30ec203 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 238123 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD15EADS-22P8B0 +++++
    --- User ---
    [MBR] 8b4063b2f1fbb5c8564bf65a0a44d4a3
    [BSP] 8ab9d6cd027600875a2b26424ef19238 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 43010048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 43214848 | Size: 704622 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1486280704 | Size: 705074 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: ST1000DX001-1NS162 +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
    1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
    User = LL1 ... OK
    User = LL2 ... OK


    -
    -
    -
    -
    -
    -

    mbar-log

    Malwarebytes Anti-Rootkit BETA 1.9.3.1001
    www.malwarebytes.org

    Database version:
    main: v2016.09.11.05
    rootkit: v2016.08.15.01

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.18283
    Deni :: WINCTRL-5GC1BRK [administrator]

    11.09.2016 13:08:42
    mbar-log-2016-09-11 (13-08-42).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 368505
    Time elapsed: 11 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  7. Denitorious

    Denitorious TS Rookie Topic Starter

    system-log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.3.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.18283

    File system is: NTFS
    Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.499000 GHz
    Memory total: 17107021824, free: 12527595520

    Downloaded database version: v2016.09.11.05
    Downloaded database version: v2016.08.15.01
    Downloaded database version: v2016.08.31.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/11/2016 13:08:39
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\werkernel.sys
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Wof.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\pwdrvio.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\intelpep.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\system32\DRIVERS\klhk.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\klwfp.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\bwcW8x64.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
    \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\system32\DRIVERS\XQHDrv.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\system32\DRIVERS\klpd.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ahcache.sys
    \SystemRoot\system32\DRIVERS\tap0901.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\System32\drivers\USBXHCI.SYS
    \SystemRoot\System32\drivers\ucx01000.sys
    \SystemRoot\System32\drivers\TeeDriverW8x64.sys
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\e22w8x64.sys
    \SystemRoot\system32\DRIVERS\cthdb.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\drivers\ICCWDT.sys
    \SystemRoot\System32\drivers\serial.sys
    \SystemRoot\System32\drivers\serenum.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\System32\drivers\NdisVirtualBus.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\system32\drivers\LGBusEnum.sys
    \SystemRoot\system32\drivers\LGJoyXlCore.sys
    \SystemRoot\System32\drivers\dtproscsibus.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\USBD.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\System32\drivers\UsbHub3.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\cthda.sys
    \SystemRoot\system32\drivers\SiUSBXp.sys
    \SystemRoot\system32\drivers\SiLib.sys
    \SystemRoot\system32\Drivers\RtsUer.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
    \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\drivers\hidusb.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\Drivers\LGPBTDD.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\System32\drivers\monitor.sys
    \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
    \SystemRoot\System32\drivers\mouhid.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\mslldp.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\rdpvideominiport.sys
    \SystemRoot\System32\drivers\rdpdr.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\TEMP\cpuz139\cpuz139_x64.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \??\C:\Windows\system32\drivers\mwac.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2016.09.11.05
    rootkit: v2016.08.15.01

    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rndismpx.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usb8023x.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 7D0FB2F5

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 487675904
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Disk Size: 250059350016 bytes
    Sector size: 512 bytes

    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: C248CFE8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 43010048 Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 43214848 Numsec = 1443065856
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1486280704 Numsec = 1443991552
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition is not bootable

    Disk Size: 1500301910016 bytes
    Sector size: 512 bytes

    Done!
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 0

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2663166913
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34 LastUsableLba 1953525134
    GPT Header Guid 14f5e6f3-78de-400c-a34a-87ece92d688
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2663166913
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
    Backup GPT header Guid 14f5e6f3-78de-400c-a34a-87ece92d688
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 7b17c47a-e732-4b94-a529-979d7c6918a
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 1172b3c5-aa91-4332-b6fa-7838a441c72d
    FirstLBA 264192 Last LBA 1953523711
    Attributes 0
    Partition Name Basic data partition

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usb8023x.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
    File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
    File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
    File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
    File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
    File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
    File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
    File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
    File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\rndismpx.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
    File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-718848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-43010048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-43214848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-1486280704-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removal finished
     
  8. Denitorious

    Denitorious TS Rookie Topic Starter

    ADWcleaner log would be here but it found absolutely nothing.

    JRT.txt


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.7 (07.03.2016)
    Operating System: Windows 8.1 Pro x64
    Ran by Deni (Administrator) on 11.09.2016 at 14:38:02,64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 5

    Successfully deleted: C:\ProgramData\drivergenius (Folder)
    Successfully deleted: C:\ProgramData\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut)
    Successfully deleted: C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\user.js (File)
    Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
    Successfully deleted: C:\Program Files (x86)\innovative solutions (Folder)

    Deleted the following from C:\Users\Deni\AppData\Roaming\Mozilla\Firefox\Profiles\mbms34da.default\prefs.js
    user_pref(browser.urlbar.suggest.searches, true);



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11.09.2016 at 14:38:33,90
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    there you go. plenty of logs. I hope there is something useful in there!

    Deni
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    I don't see anything malicious there, so all I can suggest is a new topic in Windows forum.
    Good luck :)
     
  10. Denitorious

    Denitorious TS Rookie Topic Starter

    I guess that is good news nontheless.. thank you Broni!
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...