Solved What is ilhdxm.exe?

[raqulka]

Hey everybody!

So I was scanning through my startup programs because W10 told me that there are few programs that slow it down and I found ilhdxm.exe among it. It has no publisher and the icon is a small lock and the location of the "file" is C:\ProgramData\ilhdxm, but it does not contain any files inside so I assume it is a virus. I tried googling it, but it gave me only one result https://malwr.com/analysis/NDIwN2I0ZDkyNjcyNDBkN2E3ZjhiMzg3NTJiODJmYjY/



Have any of you guys heard of it or what to do? It got me really worried.

Cheers!

 

[Broni]

Welcome aboard

Normally there should be any ".exe" files in ProgramData folder.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[raqulka]

Thank you for your answer. So here are the logs. (Sorry for a long response- I live in Europe)

Addiotion.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by user (2016-04-11 09:03:34)
Running from D:\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-29 19:04:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2707210134-101100643-1977969362-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2707210134-101100643-1977969362-503 - Limited - Disabled)
Guest (S-1-5-21-2707210134-101100643-1977969362-501 - Limited - Disabled)
user (S-1-5-21-2707210134-101100643-1977969362-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Age of Empires II HD Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Age of Empires II HD Edition_is1) (Version: 1.0.0.0 - )
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0183 - Disc Soft Ltd)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AudioFXSetup (Version: 1.2.201 - Nahimic) Hidden
AVerMedia C875 Live Gamer Portable 3.7.64.37 (HKLM-x32\...\AVerMedia C875 Live Gamer Portable) (Version: 3.7.64.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1505.1901 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CheckDevicesConfigurator (Version: 1.2.201 - Nahimic) Hidden
Chrome Token Signing (x32 Version: 1.0.3.413 - RIA) Hidden
ChromecastApp (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DigiDoc3 Client (x32 Version: 3.12.0.1448 - RIA) Hidden
DirectWave (HKLM-x32\...\DirectWave) (Version: - Image-Line)
DiRT Rally (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.) Hidden
DreadOut (HKLM-x32\...\Steam App 269790) (Version: - Digital Happiness)
Drumaxx (HKLM-x32\...\Drumaxx) (Version: - Image-Line)
Dual Package (HKLM-x32\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
DX10 (HKLM-x32\...\DX10) (Version: - Image-Line)
Dying Light: The Following - Enhanced Edition (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Edison (HKLM-x32\...\Edison) (Version: - Image-Line)
eID software (HKLM-x32\...\{8e3f1ff5-86c3-4054-8cab-bba92838d4a6}) (Version: 3.12.2.1653 - RIA)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.0 - )
ESET Endpoint Antivirus (HKLM\...\{13189425-6C52-490A-9E5A-3B66DB545629}) (Version: 6.2.2033.0 - ESET, spol. s r.o.)
eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version: - )
EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden
EstEID Shell Extension (Version: 3.12.0.1448 - RIA) Hidden
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Firefox PKCS11 Loader (Version: 3.11.0.1064 - RIA) Hidden
Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
FonePaw Android Data Recovery 1.3.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.3.0 - FonePaw)
Formoid (HKLM-x32\...\Formoid_is1) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 3 (HKLM-x32\...\Steam App 436150) (Version: - OrangeGames)
Groove Machine (HKLM-x32\...\Groove Machine) (Version: - Image-Line)
Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.)
Hardcore (HKLM-x32\...\Hardcore) (Version: - Image-Line bvba)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
ID-card utility (x32 Version: 3.12.2.1206 - RIA) Hidden
IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version: - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version: - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version: - Image-Line)
IL Ogun (HKLM-x32\...\IL Ogun) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version: - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version: - Image-Line)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LauncherSetup (Version: 1.2.201 - Nahimic) Hidden
Layers of Fear (HKLM-x32\...\Layers of Fear_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maximus (HKLM-x32\...\Maximus) (Version: - Image-Line)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.0 Security Update (KB2992080) (HKLM-x32\...\{3EC4A844-24F2-46DA-AEFB-FC3080C1BDB9}) (Version: 5.0.20821 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.1 Security Update (KB2994397) (HKLM-x32\...\{94F716A3-CBBA-4005-9516-1C4267DDB824}) (Version: 5.1.20821 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Morphine (HKLM-x32\...\Morphine) (Version: - Image-Line bvba)
Mount and Blade Warband 1.166 version 1.166 (HKLM-x32\...\{E1404855-C907-47CE-A52E-F6894F889872}_is1) (Version: 1.166 - )
MySQL Installer - Community (HKLM-x32\...\{A0DFC91F-FBB5-4C4F-B1B6-D5B26BD24FB6}) (Version: 1.4.13.0 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
Nahimic for MSI (HKLM-x32\...\{1fd8e4b4-0aa8-4ade-afb4-b4ea2cbd6179}) (Version: 1.2.2 - Nahimic)
NahimicSettingsConfigurator (Version: 1.2.201 - Nahimic) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.1.211 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic) (Version: 1.0.0.8 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.1.0.0 - Electronic Arts)
Node.js (HKLM-x32\...\{C848DE51-4473-40F8-9786-31798AF9CE4F}) (Version: 4.3.0 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA CUDA Samples 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.5.0.15036 (HKLM\...\{DA371382-CABC-44B3-9BB4-14B5081B6446}) (Version: 4.5.0.15036 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Oh...Sir! (HKLM-x32\...\Steam App 416690) (Version: - Vile Monarch)
Open-EID Metapackage (x32 Version: 3.12.2.1653 - RIA) Hidden
Open-EID Uninstaller (x32 Version: 3.12.2.1653 - RIA) Hidden
Open-EID Updater (x32 Version: 3.12.0.1007 - RIA) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Oxygen XML Editor 17.0 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 17.0 - SyncRO Soft)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PHP Tools for Visual Studio (HKLM-x32\...\{D0CBFFDD-DFB4-4DDC-8634-013AE940FEA3}) (Version: 1.15.5962 - DEVSENSE)
PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
ProductDaemonSetup (Version: 1.2.201 - Nahimic) Hidden
Project CARS (HKLM-x32\...\Steam App 234630) (Version: - Slightly Mad Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
Qualcomm Atheros 11AC Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7622 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sakura (HKLM-x32\...\Sakura) (Version: - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version: - Image-Line)
SCM (HKLM\...\{EC3EEFE5-DFBE-4535-8A2A-CAEC82A9BB83}) (Version: 13.015.04213 - Application)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Serato DJ (HKLM-x32\...\{cc7a67f5-1d2a-431a-841c-511575e9c851}) (Version: 1.8.1.8994 - )
Serato DJ (x32 Version: 1.8.1.8994 - Serato) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SimSynth (HKLM-x32\...\SimSynth) (Version: - Image-Line)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.7.0.32509) (Version: 1.7.0.32509 - Atlassian)
SourceTree (x32 Version: 1.7.0.32509 - Atlassian) Hidden
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Stardew Valley (HKLM-x32\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
Sytrus (HKLM-x32\...\Sytrus) (Version: - Image-Line)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
The Elder Scrolls V: Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V: Skyrim - Legendary Edition_is1) (Version: - )
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Trine 3 - The Artifacts of Power (HKLM-x32\...\Trine 3 - The Artifacts of Power_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
TrueColorFinder Software (HKLM-x32\...\{3F15DF4D-DCA2-4995-BD65-4A56322C180B}) (Version: 1.8.5 - LG Soft India Pvt Ltd)
Twixtor 5, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 5, After Effects-compatible plugin set) (Version: - )
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UIInstallUpgrade (Version: 1.2.201 - Nahimic) Hidden
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Wampserver64 3.0.0 (HKLM\...\{5C1D66DE-19D8-487B-860D-2BDB4F19B0D3}_is1) (Version: 3.0.0 - Dominique Ottello aka Otomatic)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xamarin (HKLM-x32\...\{23E7ED39-4A6E-4FC5-A507-1A17349358A5}) (Version: 3.9.289.0 - Xamarin)
Xamarin Studio 5.7.1 (HKLM-x32\...\{C0015978-FD2F-4EBB-984B-2D7B5416F426}) (Version: 5.7.1.17 - Xamarin)
Xamarin Universal Installer (HKLM-x32\...\{54bdf5f2-3292-4077-bcd8-b6fc0ed63cd4}) (Version: 3.5.0.0 - Xamarin, Inc)
XSplit Gamecaster (HKLM-x32\...\{9F9A13D5-D72F-4531-AEE9-F5EAFFD9B902}) (Version: 1.9.1409.0112 - SplitmediaLabs)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D085BDB-C062-4031-A8E7-CD8B3D0CBB3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {142AD3B5-37B5-4723-8664-20184FE3C53A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {147189FC-676C-476F-B8D2-58117AE42014} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25969F9F-620C-4535-8130-A8B98A7F889F} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-11-28] (Oracle Corporation)
Task: {408CC19F-9D04-4291-8AC0-F289C648A29E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4809D986-F5FB-47C4-9F27-3F8A62251ACB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {489DE231-D2CD-4C21-949C-C59744862ECC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D473D9D-2136-44DF-8A27-D536ECD332AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {58ABFCD3-D97C-47F3-9E1F-E45A2EEE9DF6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5BC60527-FC22-4A9E-8714-9FFEB9BA0C39} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF278-193C-4E4E-937B-C321AC6A3B33} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ed55629019 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {74D1077E-ED70-4A2F-96B9-9B8FE6BB0318} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {79FDE01E-24A1-4219-A2AC-CF16FCAA97DC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-31] (Synaptics Incorporated)
Task: {80F77DD8-FD8B-4B8B-955F-FE4A4E3D68B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {834615E4-55C3-4597-90FD-4B6943539F46} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-06-23] ()
Task: {88586C25-30B7-4655-96CC-F57E270495CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {896781D8-DBAF-483B-9CFD-96E1C60C06BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {90DB4D5B-6875-4892-8088-C03C68B7F313} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {91503AA2-6AFD-4B1D-A4C7-4871A6B25D64} - System32\Tasks\cron => D:\Programs\EasyPHP\binaries\php\php_runningversion\php.exe [2014-01-09] (The PHP Group)
Task: {91EE783B-F01A-47C0-84DA-ABB415AE6E1E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9E304B2F-12BD-49BC-A961-F786F4F4522F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A6047373-4A2B-41C1-A8D6-FAEC455B9181} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA)
Task: {AB936D19-F5E4-4DD8-A009-1A0A7330B6AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1155B86-8475-428F-B3CD-F5E6259F2C7A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0424c815c768d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B52157A3-AFF4-434A-AE84-C9132F93699F} - System32\Tasks\{033A8F2C-7F97-4B30-AB79-53182B2221D1} => pcalua.exe -a E:\LGE.EXE -d E:\
Task: {B847A2BC-2CAC-4D47-AA2B-13CAC8E42757} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {BAAC7BCF-77DE-4C30-9E82-11A25FF37ECC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {D1732D4C-FB87-4388-8CEB-B194D394D2F7} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-06-23] ()
Task: {D77431A5-5895-42D3-B2C0-5C0A3D94AF60} - System32\Tasks\{B6E213CE-DB0B-4156-8825-74C1D61960D5} => pcalua.exe -a D:\Games\Vampires\vampire.exe -d D:\Games\Vampires
Task: {D8F8C499-BB34-4F9A-AEA8-EFA2474A264A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {F4D87D46-6A84-425F-82D5-F74F8A3CF1DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FCB51023-C126-4072-8970-5BB7C3E7CE81} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-06-23] ()
Task: {FE251E8A-A349-4A26-9421-176F553B12A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0424c815c768d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ed55629019.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

 

[raqulka]

ADDITION.txt continuing


==================== Loaded Modules (Whitelisted) ==============

2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-08 15:45 - 2015-10-14 10:27 - 01942856 _____ () C:\WINDOWS\system32\esteidcm64.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-12 19:24 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-02-08 18:42 - 2015-12-18 20:53 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-12-10 01:22 - 2014-12-10 01:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-06-23 15:19 - 2015-06-23 15:19 - 00198112 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2015-06-23 15:19 - 2015-06-23 15:19 - 00290272 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIOSD.dll
2016-03-02 16:28 - 2016-02-23 14:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-02 16:28 - 2016-02-23 14:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-29 08:47 - 2015-09-01 19:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 22:29 - 2014-05-01 22:29 - 00098304 _____ () D:\Programs\FileZilla FTP Client\fzshellext_64.dll
2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-13 10:19 - 2016-01-05 04:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 09:15 - 2016-01-16 08:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-22 10:44 - 2016-01-22 10:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 17:21 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 16:28 - 2016-02-23 11:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-02 16:28 - 2016-02-23 11:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-06-23 15:15 - 2015-06-23 15:15 - 00532448 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
2015-06-23 15:15 - 2015-06-23 15:15 - 00813568 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
2015-06-23 15:20 - 2015-06-23 15:20 - 00272384 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
2014-06-26 21:39 - 2014-06-26 21:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 18:57 - 2014-05-16 18:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 18:57 - 2014-05-16 18:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 21:39 - 2014-06-26 21:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-09-20 03:15 - 2014-09-20 03:15 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-01-22 21:44 - 2014-01-22 21:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2016-03-31 14:50 - 2015-07-22 11:31 - 00489472 _____ () D:\Programs\wamp\bin\apache\apache2.4.17\bin\pcre.dll
2016-03-31 14:50 - 2015-07-22 11:38 - 00081920 _____ () D:\Programs\wamp\bin\apache\apache2.4.17\bin\zlib1.dll
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____L () D:\Programs\wamp\bin\apache\apache2.4.17\bin\libssh2.dll
2016-03-31 14:49 - 2015-10-12 08:34 - 38587904 _____ () D:\Programs\wamp\bin\mysql\mysql5.7.9\bin\mysqld.exe
2016-04-05 07:41 - 2016-04-05 07:41 - 00011776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
2016-04-05 07:41 - 2016-04-05 07:41 - 09355776 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.dll
2016-04-05 07:41 - 2016-04-05 07:41 - 00123904 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-04-05 07:41 - 2016-04-05 07:41 - 03691520 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleShared.dll
2016-04-05 07:41 - 2016-04-05 07:41 - 01506304 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2015-12-15 01:53 - 2015-12-15 01:53 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-05 07:41 - 2016-04-05 07:41 - 00334848 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PersonPicture.UAP.dll
2016-01-13 10:19 - 2016-01-05 04:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 10:19 - 2016-01-05 04:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-28 09:15 - 2016-01-16 08:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-03 11:35 - 2015-11-22 12:18 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 10:18 - 2015-10-30 12:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 10:18 - 2015-10-30 12:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 10:18 - 2015-10-30 12:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 10:18 - 2015-10-30 12:06 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-01-22 10:44 - 2016-01-22 10:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 10:44 - 2016-01-22 10:48 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-06-23 15:14 - 2015-06-23 15:14 - 00167904 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIDevProps.dll
2015-06-23 15:15 - 2015-06-23 15:15 - 00258016 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIOSD.dll
2016-03-31 07:40 - 2016-03-27 10:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-03-31 07:40 - 2016-03-27 10:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2016-02-23 08:57 - 2016-02-23 08:57 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-02-23 08:59 - 2016-02-23 08:59 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-01-15 12:01 - 2013-12-10 02:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-03-29 15:13 - 2016-03-11 03:56 - 00783360 _____ () D:\Programs\Steam\SDL2.dll
2016-02-04 11:51 - 2015-07-03 19:12 - 04962816 _____ () D:\Programs\Steam\v8.dll
2016-04-01 09:17 - 2016-03-31 23:55 - 02549840 _____ () D:\Programs\Steam\video.dll
2016-03-09 13:16 - 2016-02-09 02:14 - 02549760 _____ () D:\Programs\Steam\libavcodec-56.dll
2016-03-09 13:16 - 2016-02-09 02:14 - 00491008 _____ () D:\Programs\Steam\libavformat-56.dll
2016-03-09 13:16 - 2016-02-09 02:14 - 00332800 _____ () D:\Programs\Steam\libavresample-2.dll
2016-03-09 13:16 - 2016-02-09 02:14 - 00442880 _____ () D:\Programs\Steam\libavutil-54.dll
2016-03-09 13:16 - 2016-02-09 02:14 - 00485888 _____ () D:\Programs\Steam\libswscale-3.dll
2016-02-04 11:51 - 2015-07-03 19:12 - 01556992 _____ () D:\Programs\Steam\icui18n.dll
2016-02-04 11:51 - 2015-07-03 19:12 - 01187840 _____ () D:\Programs\Steam\icuuc.dll
2016-04-01 09:17 - 2016-03-31 23:55 - 00829008 _____ () D:\Programs\Steam\bin\chromehtml.DLL
2016-03-09 13:16 - 2016-02-18 01:25 - 00281088 _____ () D:\Programs\Steam\openvr_api.dll
2016-03-09 13:17 - 2016-02-09 04:33 - 48400672 _____ () D:\Programs\Steam\bin\libcef.dll
2016-02-04 11:51 - 2015-09-25 02:56 - 00119208 _____ () D:\Programs\Steam\winh264.dll
2016-04-09 18:16 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
2013-02-11 16:08 - 2013-02-11 16:08 - 18722816 _____ () C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll
2013-04-11 03:18 - 2013-04-11 03:18 - 00509440 _____ () C:\Program Files (x86)\Image-Line\Shared\QuickFontCache.dll
2012-08-15 13:01 - 2012-08-15 13:01 - 00483328 _____ () C:\Program Files (x86)\Image-Line\Shared\freetype.dll
2012-09-25 13:14 - 2012-09-25 13:14 - 00667648 _____ () C:\Program Files (x86)\Image-Line\Shared\Elastique.dll
2011-03-10 19:45 - 2011-03-10 19:45 - 00364544 _____ () C:\Program Files (x86)\Image-Line\Shared\LAMEEnc.dll
2009-03-23 13:57 - 2009-03-23 13:57 - 00176128 _____ () D:\Programs\FL Studio\Plugins\Fruity\Effects\Fruity Multiband Compressor\Comp_Eng.dll
2013-10-31 17:10 - 2013-10-31 17:10 - 01522688 _____ () D:\Programs\FL Studio\Plugins\Fruity\Effects\Fruity Limiter\Fruity Limiter.dll
2013-10-31 17:11 - 2013-10-31 17:11 - 01474048 _____ () D:\Programs\FL Studio\Plugins\Fruity\Effects\Fruity Parametric EQ 2\Fruity Parametric EQ 2.dll
2009-03-02 16:17 - 2009-03-02 16:17 - 00159744 _____ () D:\Programs\FL Studio\Plugins\VST\Fruity Reeverb.dll
2013-10-31 17:10 - 2013-10-31 17:10 - 02617344 _____ () D:\Programs\FL Studio\Plugins\Fruity\Effects\Fruity Love Philter\Fruity Love Philter.dll
2016-02-23 08:57 - 2016-02-23 08:57 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2015-11-14 10:27 - 00001054 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2707210134-101100643-1977969362-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Wallpapers\sand_beach7680.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Dual Package.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TrueColorFinder.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\StartupApproved\StartupFolder: => "user.lnk"
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\StartupApproved\Run: => "Steam"

 

[raqulka]

ADDITION.txt continuing


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1B2BD5C8-A44A-43F7-B39D-72668A7055A7}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [TCP Query User{EB47924A-7564-42C6-BF3C-9EA8BF647A35}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [UDP Query User{1E433E80-5D80-41EB-9F55-2116F27F7AE9}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [TCP Query User{24CA2A03-5E8E-45C7-BDAB-ABB1DFA72D97}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [{2CCD4E51-3F30-4FB7-B640-AA7243A10E7D}] => (Allow) D:\Programs\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4FBF97EE-BB74-4FBD-A40B-687294577197}] => (Allow) D:\Programs\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{C74B4036-51DB-4E47-830B-42FFC8BF5143}D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe] => (Allow) D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe
FirewallRules: [TCP Query User{DD59D396-E916-4419-86FA-54BDA6F96D68}D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe] => (Allow) D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe
FirewallRules: [UDP Query User{D5765D63-71F1-4288-AAE5-732CAEA3BB61}D:\games\terraria\terrariaserver.exe] => (Allow) D:\games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{39E585F8-4FE1-41C4-8957-A1FE1EFA25CF}D:\games\terraria\terrariaserver.exe] => (Allow) D:\games\terraria\terrariaserver.exe
FirewallRules: [{9C97520B-0A96-44FD-851F-E1BDB6D7DA7E}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4DAD197D-C7AA-496C-B449-53AD141EB144}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F89D8ABD-065D-4A94-8F47-7BBDD2CC1251}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{0C6451DB-E8FB-4CAD-98B4-D22EA9645C7C}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [UDP Query User{6CFF7120-16C8-4DA7-B994-02CD18E40C2E}D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{BD467B25-4015-42CC-BBA9-F466722BFDD8}D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{B137DBDF-497A-48F1-BF8A-BD3EAF240BD0}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [TCP Query User{5FFC9F9B-EC85-4D55-B24C-FEF9FEEC9088}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{65A52CC9-91E6-4157-BB22-68A4B5AB4CFE}D:\programs\vlc\vlc.exe] => (Allow) D:\programs\vlc\vlc.exe
FirewallRules: [TCP Query User{245C8C8A-4C9D-4354-8734-31EF77A49633}D:\programs\vlc\vlc.exe] => (Allow) D:\programs\vlc\vlc.exe
FirewallRules: [UDP Query User{19AC739C-38C7-44FF-A90B-7F5BB6F6258A}D:\programs\android\androidstudio\bin\studio64.exe] => (Allow) D:\programs\android\androidstudio\bin\studio64.exe
FirewallRules: [TCP Query User{A9890890-6C1F-4435-9DDA-FEF3005C0828}D:\programs\android\androidstudio\bin\studio64.exe] => (Allow) D:\programs\android\androidstudio\bin\studio64.exe
FirewallRules: [{EDE4A0BA-AC54-459A-A329-474CC0866628}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{E44F8992-DB8A-4617-99D2-E180535D79AF}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{8920CEF1-04A8-46D6-91B8-75B46556244A}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F83DFD8-9AF9-4E21-9F27-8ABBA2CA62B3}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{984CE370-379D-432D-A7B0-4606E52D28E2}D:\programs\skype\phone\skype.exe] => (Allow) D:\programs\skype\phone\skype.exe
FirewallRules: [UDP Query User{42B976ED-8DA6-4178-9B89-32D60080C6CA}D:\programs\skype\phone\skype.exe] => (Allow) D:\programs\skype\phone\skype.exe
FirewallRules: [{2D465B4D-03D8-4B23-9F88-FC3BB594308B}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58F1F9FC-8A48-4ED3-A915-C4077A4222D4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C64F973-BE88-408E-AB84-9BECB58CDBD4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0507C4A6-06D7-40E7-93C2-1BD2CB6BEFB4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E6A56B0-9CA4-413A-9D3D-57D085537A05}] => (Allow) D:\Programs\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D94F6013-7573-488F-9ADA-530F643F9242}] => (Allow) D:\Programs\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5A946862-C008-4EF3-801F-316213572E28}] => (Allow) D:\Programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0C029F25-1058-4D9A-A12A-C2EBBFD9F59B}] => (Allow) D:\Programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{9C64FD13-97F5-4063-A93C-520726DB880C}D:\programs\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programs\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{6448F50C-E25A-4066-A830-D1D90C672A41}D:\programs\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programs\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{6ABAB39F-2061-4A7B-A0CE-8AF3DEB47BDA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3AEE67F6-34F4-400C-9D54-199E492782C6}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{07798E08-8133-44E7-ACA9-9A986EBC9CED}] => (Allow) D:\Programs\Visual Studio\Common7\IDE\devenv.exe
FirewallRules: [{33D6DEAD-CAD3-4C09-A12C-EE05BDD4FCA9}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
FirewallRules: [{05AA15E6-5CA4-4FC2-B491-2FF85617B8C9}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{2535E956-928A-4DD4-BCE2-B2E77A67AB9B}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{ADB7D9A4-A043-4FBF-94C5-859BCE18AB7C}] => (Allow) D:\Programs\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{A3E91C3F-F737-4031-8F38-8F21F6AA8BBE}] => (Allow) D:\Programs\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{73BA3213-A0FB-46B3-9BB1-243F8EFC0C81}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{FE656AD3-5326-40C6-ABD5-96B429CCCEFF}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{153D143F-0AD3-4E62-B851-5F9EBD38DC33}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A27D3990-A01B-4AC4-B9A1-3612C3DB5D19}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{E76370B6-2356-4134-A1A8-5C93BCFBA227}D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{822D99BF-C1F6-4FBF-B676-1ABA5F253D7F}D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{107A07F5-DE69-49FD-8947-C761FECE4CAD}D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{59F489CF-7C8D-47DA-BB81-3C8A7418D554}D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{05F900A0-CB8F-4AB1-B5BC-EF84464D48FF}] => (Allow) D:\Programs\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{F70BDF1F-5CF7-4627-BED5-BF5CA86A20DB}] => (Allow) D:\Programs\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{CDEDF84B-38A2-4ABB-9D71-E0951E7CD72F}] => (Allow) D:\Games\Battle.net\Battle.net\Battle.net.exe
FirewallRules: [{F7ABC951-01EE-4403-9C7E-53C41C6BE6F3}] => (Allow) D:\Games\Battle.net\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{7B7248BF-18BE-4208-9198-733867EE037B}D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5E7A467D-BCE1-4E14-93FA-4B3D26AA6E77}D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{70E8D6BA-BA88-4624-ADBB-6FFC6E8EC985}] => (Allow) D:\Programs\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{DA5E338D-A360-4975-9D57-41E51B5C8742}] => (Allow) D:\Programs\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{78266B93-ED54-415A-B23A-7AB53CA593A9}] => (Allow) D:\Programs\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{7F191D95-F5E8-41A6-BA22-C565CF524E87}] => (Allow) D:\Programs\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{0D8900E3-0B4E-4AC3-8AE7-A4091BC11027}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{69FD1B55-AD00-40A1-9F42-15763A14B895}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E803EB22-DA6C-4641-A7B0-8F3CA77CF4E7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{02E10589-0E17-45A4-81D2-D756F2A44D93}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4FBD3AFC-2A72-4A38-9CD4-A87E76648807}] => (Allow) D:\Programs\Steam\steamapps\common\Oh Sir\ohsir.exe
FirewallRules: [{5A33C085-1EC0-4806-AA0B-D4D8FBDC8F40}] => (Allow) D:\Programs\Steam\steamapps\common\Oh Sir\ohsir.exe
FirewallRules: [{4098D48A-36AA-45A8-B17B-20F049DBC1F0}] => (Allow) D:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{5E45CD23-6FC1-443B-8E7C-3726C81E90AF}] => (Allow) D:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{049DAE18-5A23-4754-840D-257D08629117}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout.exe
FirewallRules: [{4D110642-2A4E-469A-B5BD-71BDE8083432}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout.exe
FirewallRules: [{48972A69-AEF3-4B02-A191-60FE813EB5D4}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout32.exe
FirewallRules: [{A4FB2328-0AF4-4E77-9555-A04D4E45F0D0}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout32.exe
FirewallRules: [{CDE299EA-FB84-480B-B863-39263665CF93}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{CAE7C7FB-143C-4325-A7B6-154507DE07D3}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{D4216EB8-EDD8-46EA-9C51-4835912E1B75}] => (Allow) D:\Programs\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{87106B15-DD3B-47CA-A786-F7191EEDF599}] => (Allow) D:\Programs\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{BB38ABD7-EBC1-480B-8C16-E0F52E57D1D4}D:\games\diablo iii\diablo iii.exe] => (Block) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{AE65380C-3D57-4376-A539-5C64818ED923}D:\games\diablo iii\diablo iii.exe] => (Block) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{9E13BE44-0375-41FD-8399-9934F2CDE504}] => (Allow) D:\Programs\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{1BCA0056-9897-43E1-BD49-017B5388EF8B}] => (Allow) D:\Programs\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [TCP Query User{1828032E-3A05-4D81-BBC1-687E0D013C11}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{65D29E2A-076D-46E5-A071-44F851B2D559}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{A91DDD23-1A87-47C0-A390-F16A72465840}D:\games\layers of fear\layers of fear.exe] => (Allow) D:\games\layers of fear\layers of fear.exe
FirewallRules: [UDP Query User{8245635C-FE5A-4474-A3BF-C635F9B06E64}D:\games\layers of fear\layers of fear.exe] => (Allow) D:\games\layers of fear\layers of fear.exe
FirewallRules: [{28A45371-1722-4D9B-8C64-E98CEC9ABCCE}] => (Allow) D:\Programs\Steam\steamapps\common\Governor of poker 3\GOP3.exe
FirewallRules: [{F8C45980-5E30-45BD-9CF2-96772FD78BFD}] => (Allow) D:\Programs\Steam\steamapps\common\Governor of poker 3\GOP3.exe
FirewallRules: [{F93269EB-EDAE-45BB-99DF-BF3485875994}] => (Allow) D:\Programs\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{45852C8A-760D-486B-B24F-BB5F0636595F}] => (Allow) D:\Programs\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{A7DF7B90-AB03-482A-A9AC-C2752D6FF340}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{FF5E0F81-3469-4D08-94AB-4A5EFEE7B62E}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{551E9B75-9E50-4A27-A044-740178CA1FD1}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{D4D6317E-1752-4BA8-BEF6-006486521FAD}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{7977B47A-D132-4F17-AD8A-75C91984AA90}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{EE16E900-537F-469A-859A-C05998F8A183}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{51216567-62A8-452E-83B1-EE779D868519}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD459380-3F81-4F6F-A9A9-5583F6DD44CC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0EE9326B-E12F-458D-AE55-65BEDF7554F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7398B542-16AE-403E-9866-2E897CD8F993}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{48944A02-7932-44F5-BA4C-9838E5026705}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DECCE931-775E-4D09-8949-956635A92F5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B29403CC-C5C5-4508-9EAE-D25084077F66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2846BBFD-8F31-4296-94F3-85AF1FE0D0DB}D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [UDP Query User{BF27E7AE-7B9B-4DAC-B9FE-18978C0915E8}D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [{6AA27707-0681-49B4-AD53-38AEDB2F9E95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-03-2016 08:12:17 Scheduled Checkpoint
31-03-2016 07:40:38 Scheduled Checkpoint
04-04-2016 13:13:21 Installed Eesti ID-kaardi tarkvara 3.11.2.1617 (64 bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2016 09:45:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2328

Error: (04/10/2016 09:45:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2328

Error: (04/10/2016 09:45:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2016 09:45:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (04/10/2016 09:45:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (04/10/2016 09:45:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/10/2016 11:10:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL.exe version 1.1.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 148a0

Start Time: 01d193002569b977

Termination Time: 15

Application Path: D:\Programs\FL Studio\FL.exe

Report Id: 986c36e0-fef3-11e5-82f5-000000005aad

Faulting package full name:

Faulting package-relative application ID:

Error: (04/09/2016 09:44:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2187

Error: (04/09/2016 09:44:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2187

Error: (04/09/2016 09:44:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/10/2016 09:45:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/10/2016 12:01:26 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:05:29 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:05:29 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:05:29 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:05:29 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:05:29 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/10/2016 11:03:41 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/09/2016 09:44:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/08/2016 10:05:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-03-23 08:25:21.620
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 08:14:00.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 07:51:55.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-06 10:13:39.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 18:18:49.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 21:45:32.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 21:11:25.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 11:35:05.433
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-02 08:26:56.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-15 18:04:51.212
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 24528.83 MB
Available physical RAM: 13040.88 MB
Total Virtual: 28112.83 MB
Available Virtual: 13867.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.17 GB) (Free:96.33 GB) NTFS
Drive d: (Main Disc) (Fixed) (Total:931.51 GB) (Free:464.35 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:298.06 GB) (Free:105.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E2BDF9CD)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00028ACA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[raqulka]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by user (administrator) on MSI (11-04-2016 09:03:08)
Running from D:\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Scarlet.Crush Productions) D:\Programs\Scarlet.Crush Productions\bin\ScpService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\nacl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Aestan Software) D:\Programs\wamp\wampmanager.exe
(Apache Software Foundation) D:\Programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
() D:\Programs\wamp\bin\mysql\mysql5.7.9\bin\mysqld.exe
(Apache Software Foundation) D:\Programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Valve Corporation) D:\Programs\Steam\Steam.exe
(Valve Corporation) D:\Programs\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Programs\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6769.57631.0_x64__8wekyb3d8bbwe\onenoteim.exe
() C:\Program Files\WindowsApps\Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe\PeopleApp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Programs\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Image-Line) D:\Programs\FL Studio\FL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8530176 2015-11-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-23] ()
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299008 2015-04-21] (MSI)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3929288 2015-07-31] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-18] (Google Inc.)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {7ad50740-f567-11e5-82f3-000000005aad} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {92d3c816-82b7-11e5-82b8-000000005aad} - "F:\OnePlus_setup.exe" /s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-02-12]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk [2015-03-31]
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-01-15]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrueColorFinder.lnk [2015-03-31]
ShortcutTarget: TrueColorFinder.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\TrueColorFinder Software\bin\TrueColorFinder.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [2016-03-25]
ShortcutTarget: user.lnk -> C:\ProgramData\ilhdxm\ilhdxm.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ca9775cb-157d-4442-805e-36afc51d5fb9}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2015-12-16] (RIA)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-21] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Open-EID\npesteid-firefox-plugin.dll [2016-01-31] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2707210134-101100643-1977969362-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2707210134-101100643-1977969362-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: Estonian ID Card authentication module - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\Eset\Mozilla Thunderbird => not found

 

[raqulka]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (WhatsChrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-03-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-29]
CHR Extension: (Token signing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2015-06-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Cast (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-03-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-29]
CHR Extension: (Page Ruler) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-01-20]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Messenger (Unofficial)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-08-05]
CHR Extension: (YSlow) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2015-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Google Tone) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-10-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Inbox by Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-02-22]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-19] (Qualcomm Atheros) [File not signed]
S2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1924608 2014-10-15] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-06] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2015-01-24] (Apple Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 Ds3Service; D:\Programs\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Users\user\Desktop\Games\OriginClientService.exe [2104840 2016-03-16] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-18] ()
S2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-20] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 SkypeUpdate; D:\Programs\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 wampapache64; D:\Programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe [29184 2015-10-11] (Apache Software Foundation) [File not signed]
R3 wampmysqld64; D:\Programs\wamp\bin\mysql\mysql5.7.9\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows (R) Win 7 DDK provider)
S3 AVer330USB; C:\Windows\system32\DRIVERS\AVer330USB.sys [1550464 2014-11-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-12] (Qualcomm Atheros, Inc.)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2015-08-30] (HID Global Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-23] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255272 2015-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186272 2015-07-24] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [169744 2015-07-24] (ESET)
S3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-10-26] (LogMeIn Inc.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2356184 2015-10-25] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-06] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-31] (Synaptics Incorporated)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51392 2015-10-04] (SteelSeries ApS)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 09:02 - 2016-04-11 09:03 - 00000000 ____D C:\FRST
2016-04-10 11:05 - 2016-04-10 11:05 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-10 11:05 - 2016-04-10 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 11:05 - 2016-04-10 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Roaming\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Local\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Program Files (x86)\FonePaw
2016-04-04 16:25 - 2016-04-04 16:25 - 00000000 ____D C:\WINDOWS\LastGood
2016-04-04 13:14 - 2016-04-04 16:40 - 00000000 ____D C:\Users\user\AppData\Roaming\RIA
2016-04-04 13:14 - 2016-04-04 13:14 - 00001998 _____ C:\Users\Public\Desktop\DigiDoc3 crypto.lnk
2016-04-04 13:14 - 2016-04-04 13:14 - 00001036 _____ C:\Users\Public\Desktop\DigiDoc3 client.lnk
2016-04-04 13:14 - 2016-04-04 13:14 - 00001021 _____ C:\Users\Public\Desktop\ID-card utility.lnk
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-card
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\Program Files\Open-EID
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\Program Files (x86)\Open-EID
2016-03-31 14:50 - 2016-03-31 14:51 - 00000760 _____ C:\Users\Public\Desktop\Wampserver64.lnk
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2016-03-31 14:37 - 2016-03-31 14:42 - 00000000 ____D C:\Users\user\Desktop\www
2016-03-31 14:11 - 2016-03-31 14:11 - 00000000 ___HD C:\OneDriveTemp
2016-03-30 15:32 - 2016-03-30 15:41 - 00000000 ____D C:\Users\user\Desktop\urmur2_AME
2016-03-30 15:27 - 2016-03-31 08:33 - 00479056 _____ C:\Users\user\Desktop\urmur2.aep
2016-03-30 11:10 - 2016-03-30 15:10 - 00448700 _____ C:\Users\user\Desktop\urmur.aep
2016-03-30 10:34 - 2016-03-30 10:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-03-28 18:42 - 2016-03-29 09:02 - 00000000 ____D C:\Users\user\AppData\Local\Skyrim
2016-03-25 16:34 - 2016-03-30 21:27 - 00000000 __SHD C:\ProgramData\Unknown
2016-03-25 16:03 - 2016-03-29 07:36 - 00000000 __SHD C:\ProgramData\ilhdxm
2016-03-22 19:15 - 2016-03-22 19:15 - 00000000 ____D C:\Users\user\AppData\Roaming\DS4Windows
2016-03-18 13:05 - 2016-03-18 13:05 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2016-03-17 20:26 - 2016-03-31 14:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-17 20:26 - 2016-03-08 13:27 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-17 20:26 - 2016-03-08 09:42 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-17 20:26 - 2016-03-08 09:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-17 20:26 - 2016-03-07 07:22 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-17 20:26 - 2016-02-14 04:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-17 20:26 - 2016-02-14 04:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-17 20:26 - 2016-02-14 04:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-17 20:26 - 2016-02-14 04:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-17 20:24 - 2016-03-10 06:19 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-17 20:24 - 2016-03-08 13:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-17 20:24 - 2016-03-08 13:27 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-17 20:24 - 2016-03-08 13:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-17 20:24 - 2016-03-08 13:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-17 09:28 - 2016-03-17 09:30 - 00000000 ____D C:\Users\user\Documents\Need For Speed
2016-03-16 11:48 - 2016-03-16 11:48 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-03-15 15:18 - 2016-03-15 15:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Xfer
2016-03-15 15:16 - 2016-03-15 15:16 - 00000000 ____D C:\Users\user\Documents\Xfer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 09:02 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-11 08:50 - 2015-07-16 09:40 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b.job
2016-04-11 08:45 - 2015-01-15 11:29 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-11 08:40 - 2015-01-20 21:30 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-11 08:19 - 2015-08-18 09:52 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA.job
2016-04-11 08:19 - 2015-01-15 12:59 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE494239-FD0C-4259-8F7F-302738D33E3B}
2016-04-10 20:18 - 2015-08-18 09:52 - 00000860 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core.job
2016-04-10 14:42 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 11:11 - 2015-10-25 15:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 10:12 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-09 12:40 - 2015-01-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 17:57 - 2016-02-29 21:24 - 00000000 ____D C:\Users\user\AppData\Roaming\qBittorrent
2016-04-07 07:50 - 2015-01-20 21:30 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 16:25 - 2015-06-22 09:47 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2016-04-06 15:27 - 2015-01-21 18:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-04-05 19:58 - 2015-07-20 19:18 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-04-05 08:49 - 2015-02-10 22:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-04 13:15 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-04 13:14 - 2015-06-07 21:04 - 00003442 _____ C:\WINDOWS\System32\Tasks\id updater task
2016-04-04 13:14 - 2015-01-21 17:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-31 14:16 - 2015-11-29 21:52 - 00973920 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-31 14:11 - 2015-01-23 15:38 - 00000000 __RDO C:\Users\user\OneDrive
2016-03-31 14:10 - 2015-11-29 22:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-31 14:10 - 2015-10-30 09:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-03-31 14:10 - 2015-08-18 11:02 - 00000091 _____ C:\HaxLogs.txt
2016-03-30 21:27 - 2015-11-29 21:50 - 05104592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-30 21:27 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-03-29 09:02 - 2015-09-23 07:05 - 00000000 ____D C:\ProgramData\Steam
2016-03-29 07:35 - 2015-01-21 18:19 - 00000000 ___RD C:\Users\user\Desktop\Games
2016-03-28 18:42 - 2015-03-26 17:08 - 00000000 ____D C:\Users\user\Documents\My Games
2016-03-27 10:48 - 2015-01-24 11:10 - 00000000 ____D C:\ProgramData\Origin
2016-03-26 15:27 - 2016-02-27 12:46 - 00000000 ____D C:\Users\user\AppData\Roaming\StardewValley
2016-03-26 14:17 - 2015-10-17 12:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-24 11:29 - 2015-08-17 10:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-23 08:35 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-18 11:30 - 2015-01-24 11:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin
2016-03-17 20:29 - 2015-01-15 12:10 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2016-03-17 20:28 - 2015-11-29 21:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-17 20:26 - 2015-11-29 21:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-17 20:26 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-17 20:26 - 2015-06-30 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-17 20:26 - 2015-03-31 20:34 - 00000000 ____D C:\Temp
2016-03-17 20:26 - 2015-01-15 12:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-15 08:50 - 2015-10-30 10:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 08:50 - 2015-02-12 19:24 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-03-07 14:04 - 2015-10-23 16:39 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-06 19:50 - 2015-07-06 19:50 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-12 14:31 - 2015-08-12 14:31 - 0000000 ___SH () C:\Users\user\AppData\Local\LumaEmu
2015-01-23 15:21 - 2015-03-14 16:30 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-11-29 21:51 - 2015-11-29 21:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Open-EID-3.12.2.1653_x86.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-04 07:39

==================== End of FRST.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[raqulka]

RKREPORT.txt


RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : D:\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/12/2016 09:25:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[Suspicious.Path][File] C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\user.lnk [LNK@] C:\PROGRA~3\ilhdxm\ilhdxm.exe -> Deleted
[PUP][Folder] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7} -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\Service Center Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\Service Center Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\Service Center Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\Service Center Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}\Service Center Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F} -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\Controller Editor Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\Controller Editor Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\Controller Editor Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\Controller Editor Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\Controller Editor Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{DEB7EC0A-2CAA-4D3F-980F-EFEF8157E3FA} -> Deleted
[PUP][Folder] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5} -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\Session Guitarist - Strummed Acoustic Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\Session Guitarist - Strummed Acoustic Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\Session Guitarist - Strummed Acoustic Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\Session Guitarist - Strummed Acoustic Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}\Session Guitarist - Strummed Acoustic Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD} -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E} -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\Traktor 2 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\Traktor 2 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\Traktor 2 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\Traktor 2 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}\Traktor 2 Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4} -> Removed at reboot [91]
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\Kontakt 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\Kontakt 5 Setup PC.exe -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\Kontakt 5 Setup PC.msi -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\Kontakt 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\Kontakt 5 Setup PC.res -> Removed at reboot [5]
[PUP][File] C:\ProgramData\{E9F5F26E-A23D-4A16-BC5C-82B3C1A469F4}\mia.lib -> Removed at reboot [5]

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Intel Raid 0 Volume +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 99 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 819200 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1081344 | Size: 242865 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 498470912 | Size: 809 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] 43abba80e2d3e263720ebeaf4568c241
[BSP] 2599b89fe746ddf6659bca3028385389 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WD My Passport 0740 USB Device +++++
--- User ---
[MBR] 480d975b53f0275b79231b7e775aa8d6
[BSP] 697d5fbb79ce5d9ba0b3e80919b10b4c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305212 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

[raqulka]

ADW


# AdwCleaner v5.110 - Logfile created 13/04/2016 at 12:37:45
# Updated 10/04/2016 by Xplode
# Database : 2016-04-11.4 [Server]
# Operating system : Windows 10 Home (X64)
# Username : user - MSI
# Running from : D:\Downloads\adwcleaner_5.110.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Unknown
[#] Folder Deleted : C:\ProgramData\Application Data\Unknown

***** [ Files ] *****

[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d16fk4ms6rqz1v.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d30ke5tqu2tkyx.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d30ke5tqu2tkyx.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3b3ehuo35wzeh.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.yourtango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAKURA

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2889 bytes] - [13/04/2016 12:37:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [2850 bytes] - [13/04/2016 12:36:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3035 bytes] ##########

 

[raqulka]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by user (Administrator) on Wed 04/13/2016 at 15:00:15.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Users\user\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xpgamesaves.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.xpgamesaves.com_0.localstorage (File)
Successfully deleted: C:\Users\user\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Users\user\Start Menu\Programs\free window registry repair (Folder)
Successfully deleted: C:\WINDOWS\SysWOW64\RENC007.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/13/2016 at 15:01:33.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[raqulka]

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 4/13/2016 3:14 PM, SYSTEM, MSI, Manual, Remediation Database, 2016.4.5.1, 2016.4.12.1,
Update, 4/13/2016 3:14 PM, SYSTEM, MSI, Manual, Domain Database, 2016.4.10.2, 2016.4.13.2,
Update, 4/13/2016 3:14 PM, SYSTEM, MSI, Manual, Malware Database, 2016.4.9.5, 2016.4.13.3,
Scan, 4/13/2016 3:17 PM, SYSTEM, MSI, Manual, Start:4/13/2016 3:14 PM, Duration:3 min 10 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[raqulka]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by user (2016-04-14 08:13:33)
Running from D:\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-29 19:04:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2707210134-101100643-1977969362-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2707210134-101100643-1977969362-503 - Limited - Disabled)
Guest (S-1-5-21-2707210134-101100643-1977969362-501 - Limited - Disabled)
user (S-1-5-21-2707210134-101100643-1977969362-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 6.2.2033.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12 - Adobe Systems Incorporated)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Age of Empires II HD Edition, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Age of Empires II HD Edition_is1) (Version: 1.0.0.0 - )
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0183 - Disc Soft Ltd)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AudioFXSetup (Version: 1.2.201 - Nahimic) Hidden
AVerMedia C875 Live Gamer Portable 3.7.64.37 (HKLM-x32\...\AVerMedia C875 Live Gamer Portable) (Version: 3.7.64.37 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (HKLM-x32\...\InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}) (Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.89.14101501 - AVerMedia Technologies, Inc.) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1505.1901 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Brackets (HKLM-x32\...\{0DA290D2-0583-4967-9EC0-93C1F603DD13}) (Version: 1.6 - brackets.io)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
CheckDevicesConfigurator (Version: 1.2.201 - Nahimic) Hidden
Chrome Token Signing (x32 Version: 1.0.3.413 - RIA) Hidden
ChromecastApp (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DigiDoc3 Client (x32 Version: 3.12.0.1448 - RIA) Hidden
DirectWave (HKLM-x32\...\DirectWave) (Version: - Image-Line)
DiRT Rally (HKLM\...\ZGlydHJhbGx5_is1) (Version: 1 - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.) Hidden
DreadOut (HKLM-x32\...\Steam App 269790) (Version: - Digital Happiness)
Drumaxx (HKLM-x32\...\Drumaxx) (Version: - Image-Line)
Dual Package (HKLM-x32\...\{37365259-9D37-4FBE-9204-08B4034623B6}) (Version: 2.9 - LG Soft India Pvt Ltd)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
DX10 (HKLM-x32\...\DX10) (Version: - Image-Line)
Dying Light: The Following - Enhanced Edition (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Edison (HKLM-x32\...\Edison) (Version: - Image-Line)
eID software (HKLM-x32\...\{8e3f1ff5-86c3-4054-8cab-bba92838d4a6}) (Version: 3.12.2.1653 - RIA)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.0 - )
ESET Endpoint Antivirus (HKLM\...\{13189425-6C52-490A-9E5A-3B66DB545629}) (Version: 6.2.2033.0 - ESET, spol. s r.o.)
eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version: - )
EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden
EstEID Shell Extension (Version: 3.12.0.1448 - RIA) Hidden
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Firefox PKCS11 Loader (Version: 3.11.0.1064 - RIA) Hidden
Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
FonePaw Android Data Recovery 1.3.0 (HKLM-x32\...\{10E7BD57-C5FE-484f-A3F2-A1755286C0A7}_is1) (Version: 1.3.0 - FonePaw)
Formoid (HKLM-x32\...\Formoid_is1) (Version: - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 3 (HKLM-x32\...\Steam App 436150) (Version: - OrangeGames)
Groove Machine (HKLM-x32\...\Groove Machine) (Version: - Image-Line)
Gtk# for .Net 2.12.25 (HKLM-x32\...\{889E7D77-2A98-4020-83B1-0296FA1BDE8A}) (Version: 2.12.25 - Xamarin, Inc.)
Hardcore (HKLM-x32\...\Hardcore) (Version: - Image-Line bvba)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
ID-card utility (x32 Version: 3.12.2.1206 - RIA) Hidden
IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL DrumSynth Live (HKLM-x32\...\IL DrumSynth Live) (Version: - Image-Line)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line)
IL Harmless (HKLM-x32\...\IL Harmless) (Version: - Image-Line)
IL Harmor (HKLM-x32\...\IL Harmor) (Version: - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line)
IL MiniHost (HKLM-x32\...\IL MiniHost) (Version: - Image-Line)
IL Ogun (HKLM-x32\...\IL Ogun) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
IL Slicex (HKLM-x32\...\IL Slicex) (Version: - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version: - Image-Line)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LauncherSetup (Version: 1.2.201 - Nahimic) Hidden
Layers of Fear (HKLM-x32\...\Layers of Fear_is1) (Version: - )
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maximus (HKLM-x32\...\Maximus) (Version: - Image-Line)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.0 Security Update (KB2992080) (HKLM-x32\...\{3EC4A844-24F2-46DA-AEFB-FC3080C1BDB9}) (Version: 5.0.20821 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.1 Security Update (KB2994397) (HKLM-x32\...\{94F716A3-CBBA-4005-9516-1C4267DDB824}) (Version: 5.1.20821 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Morphine (HKLM-x32\...\Morphine) (Version: - Image-Line bvba)
Mount and Blade Warband 1.166 version 1.166 (HKLM-x32\...\{E1404855-C907-47CE-A52E-F6894F889872}_is1) (Version: 1.166 - )
MySQL Installer - Community (HKLM-x32\...\{A0DFC91F-FBB5-4C4F-B1B6-D5B26BD24FB6}) (Version: 1.4.13.0 - Oracle Corporation)
MySQL Workbench 6.3 CE (HKLM\...\{59958BAC-A61D-4A23-8082-CC2FDF17937F}) (Version: 6.3.6 - Oracle Corporation)
Nahimic for MSI (HKLM-x32\...\{1fd8e4b4-0aa8-4ade-afb4-b4ea2cbd6179}) (Version: 1.2.2 - Nahimic)
NahimicSettingsConfigurator (Version: 1.2.201 - Nahimic) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.2.189 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.1.211 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.5.9.132 - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic) (Version: 1.0.0.8 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.7.1.854 - Native Instruments)
Need for Speed™ (HKLM-x32\...\{F8643E83-A868-4EE8-A0B9-389386830453}) (Version: 1.1.0.0 - Electronic Arts)
Node.js (HKLM-x32\...\{C848DE51-4473-40F8-9786-31798AF9CE4F}) (Version: 4.3.0 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA CUDA Samples 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 7.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_7.0) (Version: 7.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.5.0.15036 (HKLM\...\{DA371382-CABC-44B3-9BB4-14B5081B6446}) (Version: 4.5.0.15036 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Oh...Sir! (HKLM-x32\...\Steam App 416690) (Version: - Vile Monarch)
Open-EID Metapackage (x32 Version: 3.12.2.1653 - RIA) Hidden
Open-EID Uninstaller (x32 Version: 3.12.2.1653 - RIA) Hidden
Open-EID Updater (x32 Version: 3.12.0.1007 - RIA) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Oxygen XML Editor 17.0 (64-bit) (HKLM\...\8531-1278-6363-8538) (Version: 17.0 - SyncRO Soft)
PC Remote (HKLM-x32\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
PHP Tools for Visual Studio (HKLM-x32\...\{D0CBFFDD-DFB4-4DDC-8634-013AE940FEA3}) (Version: 1.15.5962 - DEVSENSE)
PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
ProductDaemonSetup (Version: 1.2.201 - Nahimic) Hidden
Project CARS (HKLM-x32\...\Steam App 234630) (Version: - Slightly Mad Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
Qualcomm Atheros 11AC Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.400 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7622 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Sawer (HKLM-x32\...\Sawer) (Version: - Image-Line)
SCM (HKLM\...\{EC3EEFE5-DFBE-4535-8A2A-CAEC82A9BB83}) (Version: 13.015.04213 - Application)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Serato DJ (HKLM-x32\...\{cc7a67f5-1d2a-431a-841c-511575e9c851}) (Version: 1.8.1.8994 - )
Serato DJ (x32 Version: 1.8.1.8994 - Serato) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SimSynth (HKLM-x32\...\SimSynth) (Version: - Image-Line)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.7.0.32509) (Version: 1.7.0.32509 - Atlassian)
SourceTree (x32 Version: 1.7.0.32509 - Atlassian) Hidden
STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Stardew Valley (HKLM-x32\...\Steam App 413150) (Version: - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
Sytrus (HKLM-x32\...\Sytrus) (Version: - Image-Line)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.7.0.9 - GOG.com)
The Elder Scrolls V: Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V: Skyrim - Legendary Edition_is1) (Version: - )
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Trine 3 - The Artifacts of Power (HKLM-x32\...\Trine 3 - The Artifacts of Power_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
TrueColorFinder Software (HKLM-x32\...\{3F15DF4D-DCA2-4995-BD65-4A56322C180B}) (Version: 1.8.5 - LG Soft India Pvt Ltd)
Twixtor 5, After Effects-compatible plugin set (HKLM-x32\...\Twixtor 5, After Effects-compatible plugin set) (Version: - )
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UIInstallUpgrade (Version: 1.2.201 - Nahimic) Hidden
Undertale (HKLM-x32\...\Steam App 391540) (Version: - tobyfox)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Wampserver64 3.0.0 (HKLM\...\{5C1D66DE-19D8-487B-860D-2BDB4F19B0D3}_is1) (Version: 3.0.0 - Dominique Ottello aka Otomatic)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xamarin (HKLM-x32\...\{23E7ED39-4A6E-4FC5-A507-1A17349358A5}) (Version: 3.9.289.0 - Xamarin)
Xamarin Studio 5.7.1 (HKLM-x32\...\{C0015978-FD2F-4EBB-984B-2D7B5416F426}) (Version: 5.7.1.17 - Xamarin)
Xamarin Universal Installer (HKLM-x32\...\{54bdf5f2-3292-4077-bcd8-b6fc0ed63cd4}) (Version: 3.5.0.0 - Xamarin, Inc)
XSplit Gamecaster (HKLM-x32\...\{9F9A13D5-D72F-4531-AEE9-F5EAFFD9B902}) (Version: 1.9.1409.0112 - SplitmediaLabs)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden

 

[raqulka]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D085BDB-C062-4031-A8E7-CD8B3D0CBB3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {142AD3B5-37B5-4723-8664-20184FE3C53A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {147189FC-676C-476F-B8D2-58117AE42014} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {25969F9F-620C-4535-8130-A8B98A7F889F} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-11-28] (Oracle Corporation)
Task: {408CC19F-9D04-4291-8AC0-F289C648A29E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4809D986-F5FB-47C4-9F27-3F8A62251ACB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {489DE231-D2CD-4C21-949C-C59744862ECC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4D473D9D-2136-44DF-8A27-D536ECD332AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {58ABFCD3-D97C-47F3-9E1F-E45A2EEE9DF6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5BC60527-FC22-4A9E-8714-9FFEB9BA0C39} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {638FF278-193C-4E4E-937B-C321AC6A3B33} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ed55629019 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {74D1077E-ED70-4A2F-96B9-9B8FE6BB0318} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {79FDE01E-24A1-4219-A2AC-CF16FCAA97DC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-31] (Synaptics Incorporated)
Task: {80F77DD8-FD8B-4B8B-955F-FE4A4E3D68B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {834615E4-55C3-4597-90FD-4B6943539F46} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe [2015-06-23] ()
Task: {88586C25-30B7-4655-96CC-F57E270495CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {896781D8-DBAF-483B-9CFD-96E1C60C06BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {90DB4D5B-6875-4892-8088-C03C68B7F313} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {91503AA2-6AFD-4B1D-A4C7-4871A6B25D64} - System32\Tasks\cron => D:\Programs\EasyPHP\binaries\php\php_runningversion\php.exe [2014-01-09] (The PHP Group)
Task: {91EE783B-F01A-47C0-84DA-ABB415AE6E1E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9E304B2F-12BD-49BC-A961-F786F4F4522F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A6047373-4A2B-41C1-A8D6-FAEC455B9181} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA)
Task: {AB936D19-F5E4-4DD8-A009-1A0A7330B6AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B1155B86-8475-428F-B3CD-F5E6259F2C7A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0424c815c768d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B52157A3-AFF4-434A-AE84-C9132F93699F} - System32\Tasks\{033A8F2C-7F97-4B30-AB79-53182B2221D1} => pcalua.exe -a E:\LGE.EXE -d E:\
Task: {B847A2BC-2CAC-4D47-AA2B-13CAC8E42757} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {BAAC7BCF-77DE-4C30-9E82-11A25FF37ECC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {D1732D4C-FB87-4388-8CEB-B194D394D2F7} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe [2015-06-23] ()
Task: {D77431A5-5895-42D3-B2C0-5C0A3D94AF60} - System32\Tasks\{B6E213CE-DB0B-4156-8825-74C1D61960D5} => pcalua.exe -a D:\Games\Vampires\vampire.exe -d D:\Games\Vampires
Task: {D8F8C499-BB34-4F9A-AEA8-EFA2474A264A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {F4D87D46-6A84-425F-82D5-F74F8A3CF1DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FCB51023-C126-4072-8970-5BB7C3E7CE81} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [2015-06-23] ()
Task: {FE251E8A-A349-4A26-9421-176F553B12A4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0424c815c768d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ed55629019.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-08 15:45 - 2015-10-14 10:27 - 01942856 _____ () C:\WINDOWS\system32\esteidcm64.dll
2015-02-12 19:24 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-02-08 18:42 - 2015-12-18 20:53 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-12-10 01:22 - 2014-12-10 01:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-06-23 15:19 - 2015-06-23 15:19 - 00198112 _____ () C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIDevProps.dll
2016-04-13 10:09 - 2016-03-29 13:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:09 - 2016-03-29 13:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-29 08:47 - 2015-09-01 19:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-22 10:44 - 2016-01-22 10:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-13 10:08 - 2016-04-02 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 17:21 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 10:08 - 2016-04-02 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 10:08 - 2016-04-02 06:26 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-04-13 10:09 - 2016-04-02 06:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 10:08 - 2016-04-02 06:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-13 10:09 - 2016-04-02 05:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 10:09 - 2016-04-02 06:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-01-15 12:01 - 2013-12-10 02:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-01-22 10:44 - 2016-01-22 10:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 10:44 - 2016-01-22 10:48 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-04-09 12:40 - 2016-04-06 13:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-09 12:40 - 2016-04-06 13:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-04-09 18:16 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2015-11-14 10:27 - 00001054 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2707210134-101100643-1977969362-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Wallpapers\sand_beach7680.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Dual Package.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TrueColorFinder.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\StartupApproved\StartupFolder: => "user.lnk"
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\StartupApproved\Run: => "Steam"

 

[raqulka]

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{1B2BD5C8-A44A-43F7-B39D-72668A7055A7}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [TCP Query User{EB47924A-7564-42C6-BF3C-9EA8BF647A35}D:\games\overwatch\gameclientapp.exe] => (Allow) D:\games\overwatch\gameclientapp.exe
FirewallRules: [UDP Query User{1E433E80-5D80-41EB-9F55-2116F27F7AE9}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [TCP Query User{24CA2A03-5E8E-45C7-BDAB-ABB1DFA72D97}D:\programs\brackets\node.exe] => (Allow) D:\programs\brackets\node.exe
FirewallRules: [{2CCD4E51-3F30-4FB7-B640-AA7243A10E7D}] => (Allow) D:\Programs\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4FBF97EE-BB74-4FBD-A40B-687294577197}] => (Allow) D:\Programs\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{C74B4036-51DB-4E47-830B-42FFC8BF5143}D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe] => (Allow) D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe
FirewallRules: [TCP Query User{DD59D396-E916-4419-86FA-54BDA6F96D68}D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe] => (Allow) D:\downloads\terraria-server-windows-1308\windows\terrariaserver.exe
FirewallRules: [UDP Query User{D5765D63-71F1-4288-AAE5-732CAEA3BB61}D:\games\terraria\terrariaserver.exe] => (Allow) D:\games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{39E585F8-4FE1-41C4-8957-A1FE1EFA25CF}D:\games\terraria\terrariaserver.exe] => (Allow) D:\games\terraria\terrariaserver.exe
FirewallRules: [{9C97520B-0A96-44FD-851F-E1BDB6D7DA7E}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4DAD197D-C7AA-496C-B449-53AD141EB144}] => (Allow) D:\Programs\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F89D8ABD-065D-4A94-8F47-7BBDD2CC1251}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{0C6451DB-E8FB-4CAD-98B4-D22EA9645C7C}] => (Allow) D:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [UDP Query User{6CFF7120-16C8-4DA7-B994-02CD18E40C2E}D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [TCP Query User{BD467B25-4015-42CC-BBA9-F466722BFDD8}D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{B137DBDF-497A-48F1-BF8A-BD3EAF240BD0}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [TCP Query User{5FFC9F9B-EC85-4D55-B24C-FEF9FEEC9088}C:\program files (x86)\pc remote\pc remote\pcremote.exe] => (Allow) C:\program files (x86)\pc remote\pc remote\pcremote.exe
FirewallRules: [UDP Query User{65A52CC9-91E6-4157-BB22-68A4B5AB4CFE}D:\programs\vlc\vlc.exe] => (Allow) D:\programs\vlc\vlc.exe
FirewallRules: [TCP Query User{245C8C8A-4C9D-4354-8734-31EF77A49633}D:\programs\vlc\vlc.exe] => (Allow) D:\programs\vlc\vlc.exe
FirewallRules: [UDP Query User{19AC739C-38C7-44FF-A90B-7F5BB6F6258A}D:\programs\android\androidstudio\bin\studio64.exe] => (Allow) D:\programs\android\androidstudio\bin\studio64.exe
FirewallRules: [TCP Query User{A9890890-6C1F-4435-9DDA-FEF3005C0828}D:\programs\android\androidstudio\bin\studio64.exe] => (Allow) D:\programs\android\androidstudio\bin\studio64.exe
FirewallRules: [{EDE4A0BA-AC54-459A-A329-474CC0866628}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{E44F8992-DB8A-4617-99D2-E180535D79AF}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{8920CEF1-04A8-46D6-91B8-75B46556244A}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F83DFD8-9AF9-4E21-9F27-8ABBA2CA62B3}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{984CE370-379D-432D-A7B0-4606E52D28E2}D:\programs\skype\phone\skype.exe] => (Allow) D:\programs\skype\phone\skype.exe
FirewallRules: [UDP Query User{42B976ED-8DA6-4178-9B89-32D60080C6CA}D:\programs\skype\phone\skype.exe] => (Allow) D:\programs\skype\phone\skype.exe
FirewallRules: [{2D465B4D-03D8-4B23-9F88-FC3BB594308B}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{58F1F9FC-8A48-4ED3-A915-C4077A4222D4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C64F973-BE88-408E-AB84-9BECB58CDBD4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0507C4A6-06D7-40E7-93C2-1BD2CB6BEFB4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3E6A56B0-9CA4-413A-9D3D-57D085537A05}] => (Allow) D:\Programs\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D94F6013-7573-488F-9ADA-530F643F9242}] => (Allow) D:\Programs\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5A946862-C008-4EF3-801F-316213572E28}] => (Allow) D:\Programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{0C029F25-1058-4D9A-A12A-C2EBBFD9F59B}] => (Allow) D:\Programs\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{9C64FD13-97F5-4063-A93C-520726DB880C}D:\programs\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programs\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{6448F50C-E25A-4066-A830-D1D90C672A41}D:\programs\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programs\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{6ABAB39F-2061-4A7B-A0CE-8AF3DEB47BDA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{3AEE67F6-34F4-400C-9D54-199E492782C6}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{07798E08-8133-44E7-ACA9-9A986EBC9CED}] => (Allow) D:\Programs\Visual Studio\Common7\IDE\devenv.exe
FirewallRules: [{33D6DEAD-CAD3-4C09-A12C-EE05BDD4FCA9}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
FirewallRules: [{05AA15E6-5CA4-4FC2-B491-2FF85617B8C9}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{2535E956-928A-4DD4-BCE2-B2E77A67AB9B}] => (Allow) D:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{ADB7D9A4-A043-4FBF-94C5-859BCE18AB7C}] => (Allow) D:\Programs\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{A3E91C3F-F737-4031-8F38-8F21F6AA8BBE}] => (Allow) D:\Programs\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{73BA3213-A0FB-46B3-9BB1-243F8EFC0C81}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{FE656AD3-5326-40C6-ABD5-96B429CCCEFF}] => (Allow) D:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{153D143F-0AD3-4E62-B851-5F9EBD38DC33}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A27D3990-A01B-4AC4-B9A1-3612C3DB5D19}] => (Allow) D:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{E76370B6-2356-4134-A1A8-5C93BCFBA227}D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [UDP Query User{822D99BF-C1F6-4FBF-B676-1ABA5F253D7F}D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Allow) D:\programs\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{107A07F5-DE69-49FD-8947-C761FECE4CAD}D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{59F489CF-7C8D-47DA-BB81-3C8A7418D554}D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\programs\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{05F900A0-CB8F-4AB1-B5BC-EF84464D48FF}] => (Allow) D:\Programs\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{F70BDF1F-5CF7-4627-BED5-BF5CA86A20DB}] => (Allow) D:\Programs\Steam\steamapps\common\pCars\pCARS64.exe
FirewallRules: [{CDEDF84B-38A2-4ABB-9D71-E0951E7CD72F}] => (Allow) D:\Games\Battle.net\Battle.net\Battle.net.exe
FirewallRules: [{F7ABC951-01EE-4403-9C7E-53C41C6BE6F3}] => (Allow) D:\Games\Battle.net\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{7B7248BF-18BE-4208-9198-733867EE037B}D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5E7A467D-BCE1-4E14-93FA-4B3D26AA6E77}D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{70E8D6BA-BA88-4624-ADBB-6FFC6E8EC985}] => (Allow) D:\Programs\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{DA5E338D-A360-4975-9D57-41E51B5C8742}] => (Allow) D:\Programs\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{78266B93-ED54-415A-B23A-7AB53CA593A9}] => (Allow) D:\Programs\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{7F191D95-F5E8-41A6-BA22-C565CF524E87}] => (Allow) D:\Programs\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{0D8900E3-0B4E-4AC3-8AE7-A4091BC11027}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{69FD1B55-AD00-40A1-9F42-15763A14B895}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E803EB22-DA6C-4641-A7B0-8F3CA77CF4E7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{02E10589-0E17-45A4-81D2-D756F2A44D93}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4FBD3AFC-2A72-4A38-9CD4-A87E76648807}] => (Allow) D:\Programs\Steam\steamapps\common\Oh Sir\ohsir.exe
FirewallRules: [{5A33C085-1EC0-4806-AA0B-D4D8FBDC8F40}] => (Allow) D:\Programs\Steam\steamapps\common\Oh Sir\ohsir.exe
FirewallRules: [{4098D48A-36AA-45A8-B17B-20F049DBC1F0}] => (Allow) D:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{5E45CD23-6FC1-443B-8E7C-3726C81E90AF}] => (Allow) D:\Programs\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{049DAE18-5A23-4754-840D-257D08629117}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout.exe
FirewallRules: [{4D110642-2A4E-469A-B5BD-71BDE8083432}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout.exe
FirewallRules: [{48972A69-AEF3-4B02-A191-60FE813EB5D4}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout32.exe
FirewallRules: [{A4FB2328-0AF4-4E77-9555-A04D4E45F0D0}] => (Allow) D:\Programs\Steam\steamapps\common\DreadOut\dreadout32.exe
FirewallRules: [{CDE299EA-FB84-480B-B863-39263665CF93}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{CAE7C7FB-143C-4325-A7B6-154507DE07D3}] => (Allow) D:\Programs\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{D4216EB8-EDD8-46EA-9C51-4835912E1B75}] => (Allow) D:\Programs\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [{87106B15-DD3B-47CA-A786-F7191EEDF599}] => (Allow) D:\Programs\Steam\steamapps\common\Undertale\UNDERTALE.exe
FirewallRules: [TCP Query User{BB38ABD7-EBC1-480B-8C16-E0F52E57D1D4}D:\games\diablo iii\diablo iii.exe] => (Block) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{AE65380C-3D57-4376-A539-5C64818ED923}D:\games\diablo iii\diablo iii.exe] => (Block) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{9E13BE44-0375-41FD-8399-9934F2CDE504}] => (Allow) D:\Programs\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{1BCA0056-9897-43E1-BD49-017B5388EF8B}] => (Allow) D:\Programs\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [TCP Query User{1828032E-3A05-4D81-BBC1-687E0D013C11}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{65D29E2A-076D-46E5-A071-44F851B2D559}D:\games\dying light\dyinglightgame.exe] => (Allow) D:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{A91DDD23-1A87-47C0-A390-F16A72465840}D:\games\layers of fear\layers of fear.exe] => (Allow) D:\games\layers of fear\layers of fear.exe
FirewallRules: [UDP Query User{8245635C-FE5A-4474-A3BF-C635F9B06E64}D:\games\layers of fear\layers of fear.exe] => (Allow) D:\games\layers of fear\layers of fear.exe
FirewallRules: [{28A45371-1722-4D9B-8C64-E98CEC9ABCCE}] => (Allow) D:\Programs\Steam\steamapps\common\Governor of poker 3\GOP3.exe
FirewallRules: [{F8C45980-5E30-45BD-9CF2-96772FD78BFD}] => (Allow) D:\Programs\Steam\steamapps\common\Governor of poker 3\GOP3.exe
FirewallRules: [{F93269EB-EDAE-45BB-99DF-BF3485875994}] => (Allow) D:\Programs\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{45852C8A-760D-486B-B24F-BB5F0636595F}] => (Allow) D:\Programs\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{A7DF7B90-AB03-482A-A9AC-C2752D6FF340}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{FF5E0F81-3469-4D08-94AB-4A5EFEE7B62E}] => (Allow) D:\Programs\qBittorrent\qbittorrent.exe
FirewallRules: [{551E9B75-9E50-4A27-A044-740178CA1FD1}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{D4D6317E-1752-4BA8-BEF6-006486521FAD}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16.exe
FirewallRules: [{7977B47A-D132-4F17-AD8A-75C91984AA90}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{EE16E900-537F-469A-859A-C05998F8A183}] => (Allow) D:\Program Files (x86)\Origin Games\Need for Speed\NFS16_trial.exe
FirewallRules: [{51216567-62A8-452E-83B1-EE779D868519}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FD459380-3F81-4F6F-A9A9-5583F6DD44CC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0EE9326B-E12F-458D-AE55-65BEDF7554F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7398B542-16AE-403E-9866-2E897CD8F993}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{48944A02-7932-44F5-BA4C-9838E5026705}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{DECCE931-775E-4D09-8949-956635A92F5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B29403CC-C5C5-4508-9EAE-D25084077F66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{2846BBFD-8F31-4296-94F3-85AF1FE0D0DB}D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [UDP Query User{BF27E7AE-7B9B-4DAC-B9FE-18978C0915E8}D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) D:\programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [{6AA27707-0681-49B4-AD53-38AEDB2F9E95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-03-2016 08:12:17 Scheduled Checkpoint
31-03-2016 07:40:38 Scheduled Checkpoint
04-04-2016 13:13:21 Installed Eesti ID-kaardi tarkvara 3.11.2.1617 (64 bit)
12-04-2016 09:48:40 Scheduled Checkpoint
13-04-2016 15:00:15 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2016 10:42:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2344

Error: (04/13/2016 10:42:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2344

Error: (04/13/2016 10:42:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2016 10:42:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1204

Error: (04/13/2016 10:42:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1204

Error: (04/13/2016 10:42:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/13/2016 05:35:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/13/2016 03:00:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/13/2016 12:55:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x1524
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (04/12/2016 08:54:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2391


System errors:
=============
Error: (04/13/2016 10:42:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/13/2016 05:16:52 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}MSIuserS-1-5-21-2707210134-101100643-1977969362-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (04/13/2016 03:00:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/13/2016 12:39:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIInfo service failed to start due to the following error:
%%3

Error: (04/13/2016 12:37:57 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/13/2016 12:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5396f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/13/2016 12:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5396f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/13/2016 12:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5396f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/13/2016 12:37:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5396f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/13/2016 12:37:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-04-13 12:39:14.312
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-23 08:25:21.620
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 08:14:00.598
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 07:51:55.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-06 10:13:39.926
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-02 18:18:49.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 21:45:32.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 21:11:25.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 11:35:05.433
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-02 08:26:56.368
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 24528.83 MB
Available physical RAM: 18613.46 MB
Total Virtual: 28112.83 MB
Available Virtual: 21615.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.17 GB) (Free:94.24 GB) NTFS
Drive d: (Main Disc) (Fixed) (Total:931.51 GB) (Free:464.01 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:298.06 GB) (Free:105.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E2BDF9CD)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00028ACA)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[raqulka]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by user (administrator) on MSI (14-04-2016 08:13:06)
Running from D:\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Scarlet.Crush Productions) D:\Programs\Scarlet.Crush Productions\bin\ScpService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8530176 2015-11-21] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-08-04] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-23] ()
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [299008 2015-04-21] (MSI)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3929288 2015-07-31] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-03-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-18] (Google Inc.)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\system32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {7ad50740-f567-11e5-82f3-000000005aad} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {92d3c816-82b7-11e5-82b8-000000005aad} - "F:\OnePlus_setup.exe" /s
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-02-12]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnk [2015-03-31]
ShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (LG Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-01-15]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrueColorFinder.lnk [2015-03-31]
ShortcutTarget: TrueColorFinder.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\TrueColorFinder Software\bin\TrueColorFinder.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ca9775cb-157d-4442-805e-36afc51d5fb9}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2015-12-16] (RIA)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-21] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-21] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Open-EID\npesteid-firefox-plugin.dll [2016-01-31] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2707210134-101100643-1977969362-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2707210134-101100643-1977969362-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: Estonian ID Card authentication module - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\Eset\Mozilla Thunderbird => not found

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxps://www.facebook.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (WhatsChrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-03-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-29]
CHR Extension: (Token signing) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2015-06-07]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Cast (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dliochdbjfkdbacpmhlcpmleaejidimm [2016-04-14]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-29]
CHR Extension: (Page Ruler) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-01-20]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Messenger (Unofficial)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2015-08-05]
CHR Extension: (YSlow) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2015-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Google Tone) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnckehldicaciogcbchegobnafnjkcne [2015-10-03]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Inbox by Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2016-02-22]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [1924608 2014-10-15] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-06] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2015-01-24] (Apple Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 Ds3Service; D:\Programs\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EHttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\ehttpsrv.exe [41160 2015-10-02] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1576712 2015-10-02] (ESET)
S3 eshasrv; C:\Program Files\ESET\ESET Endpoint Antivirus\eshasrv.exe [182984 2015-10-02] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-03-08] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-08-04] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-03-08] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-03-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-03-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Users\user\Desktop\Games\OriginClientService.exe [2104840 2016-03-16] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-12-18] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-20] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S2 SkypeUpdate; D:\Programs\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 wampapache64; D:\Programs\wamp\bin\apache\apache2.4.17\bin\httpd.exe [29184 2015-10-11] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; D:\Programs\wamp\bin\mysql\mysql5.7.9\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [16224 2014-09-11] (Windows (R) Win 7 DDK provider)
S3 AVer330USB; C:\Windows\system32\DRIVERS\AVer330USB.sys [1550464 2014-11-05] (AVerMedia TECHNOLOGIES, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-12] (Qualcomm Atheros, Inc.)
R3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [147576 2015-08-30] (HID Global Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-23] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255272 2015-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186272 2015-07-24] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [169744 2015-07-24] (ESET)
S3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2015-10-26] (LogMeIn Inc.)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
S3 Ke2200; C:\Windows\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [170128 2016-02-05] (Qualcomm Atheros, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-03-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2016-03-08] (NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\system32\DRIVERS\Qcamain10x64.sys [2356184 2015-10-25] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\Windows\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-06] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-31] (Synaptics Incorporated)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51392 2015-10-04] (SteelSeries ApS)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-12] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[raqulka]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-13 15:33 - 2016-04-13 15:33 - 00000511 _____ C:\Users\user\Desktop\malware.txt
2016-04-13 15:01 - 2016-04-13 15:01 - 00001746 _____ C:\Users\user\Desktop\JRT.txt
2016-04-13 12:36 - 2016-04-13 12:37 - 00000000 ____D C:\AdwCleaner
2016-04-13 10:09 - 2016-04-02 06:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 10:09 - 2016-04-02 06:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 10:09 - 2016-04-02 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 10:09 - 2016-04-02 06:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 10:09 - 2016-04-02 06:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 10:09 - 2016-04-02 06:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 10:09 - 2016-04-02 06:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 10:09 - 2016-04-02 06:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 10:09 - 2016-04-02 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 10:09 - 2016-03-29 13:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 10:09 - 2016-03-29 13:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:09 - 2016-03-29 13:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 10:09 - 2016-03-29 13:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 10:09 - 2016-03-29 13:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 10:09 - 2016-03-29 13:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 10:09 - 2016-03-29 12:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 10:09 - 2016-03-29 12:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 10:09 - 2016-03-29 12:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 10:09 - 2016-03-29 12:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 10:09 - 2016-03-29 12:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 10:09 - 2016-03-29 11:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 10:09 - 2016-03-29 11:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 10:09 - 2016-03-29 11:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 10:09 - 2016-03-29 11:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 10:09 - 2016-03-29 10:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 10:09 - 2016-03-29 10:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 10:09 - 2016-03-29 10:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 10:09 - 2016-03-29 10:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 10:09 - 2016-03-29 10:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 10:09 - 2016-03-29 10:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 10:09 - 2016-03-29 10:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 10:09 - 2016-03-29 10:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 10:09 - 2016-03-29 10:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 10:09 - 2016-03-29 10:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 10:09 - 2016-03-29 10:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 10:09 - 2016-03-29 10:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 10:09 - 2016-03-29 10:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 10:09 - 2016-03-29 10:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 10:09 - 2016-03-29 10:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 10:09 - 2016-03-29 10:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 10:09 - 2016-03-29 10:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 10:09 - 2016-03-29 10:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 10:09 - 2016-03-29 10:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 10:09 - 2016-03-29 10:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 10:09 - 2016-03-29 10:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 10:09 - 2016-03-29 10:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 10:09 - 2016-03-29 10:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 10:09 - 2016-03-29 10:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 10:09 - 2016-03-29 09:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 10:09 - 2016-03-29 09:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 10:09 - 2016-03-29 09:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 10:09 - 2016-03-29 09:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 10:09 - 2016-03-29 09:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 10:09 - 2016-03-29 09:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 10:09 - 2016-03-29 09:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 10:09 - 2016-03-29 09:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 10:09 - 2016-03-29 09:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 10:09 - 2016-03-29 09:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 10:09 - 2016-03-29 09:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 10:09 - 2016-03-29 09:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 10:09 - 2016-03-29 09:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 10:09 - 2016-03-29 09:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 10:09 - 2016-03-29 09:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 10:09 - 2016-03-29 09:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 10:09 - 2016-03-29 09:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 10:09 - 2016-03-29 09:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 10:09 - 2016-03-29 09:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 10:09 - 2016-03-29 09:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 10:09 - 2016-03-29 09:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 10:09 - 2016-03-29 09:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 10:09 - 2016-03-29 09:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 10:09 - 2016-03-29 08:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 10:09 - 2016-03-29 08:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 10:09 - 2016-03-29 08:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 10:09 - 2016-03-29 08:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 10:09 - 2016-03-29 08:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 10:09 - 2016-03-29 08:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 10:09 - 2016-03-29 08:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 10:09 - 2016-03-29 08:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 10:09 - 2016-03-29 08:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 10:09 - 2016-03-29 08:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 10:09 - 2016-03-29 08:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 10:09 - 2016-03-29 08:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 10:09 - 2016-03-29 08:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 10:09 - 2016-03-29 08:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 10:09 - 2016-03-29 08:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 10:09 - 2016-03-29 08:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 10:09 - 2016-03-29 08:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 10:09 - 2016-03-29 08:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 10:08 - 2016-04-02 07:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 10:08 - 2016-04-02 07:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 10:08 - 2016-04-02 07:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 10:08 - 2016-04-02 07:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 10:08 - 2016-04-02 06:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 10:08 - 2016-04-02 06:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 10:08 - 2016-04-02 06:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 10:08 - 2016-04-02 06:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 10:08 - 2016-04-02 06:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 10:08 - 2016-04-02 06:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 10:08 - 2016-04-02 06:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 10:08 - 2016-04-02 06:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 10:08 - 2016-04-02 06:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 10:08 - 2016-04-02 06:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 10:08 - 2016-03-29 13:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 10:08 - 2016-03-29 13:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 10:08 - 2016-03-29 13:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 10:08 - 2016-03-29 13:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 10:08 - 2016-03-29 13:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 10:08 - 2016-03-29 13:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 10:08 - 2016-03-29 13:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 10:08 - 2016-03-29 12:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 10:08 - 2016-03-29 12:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 10:08 - 2016-03-29 12:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 10:08 - 2016-03-29 12:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 10:08 - 2016-03-29 12:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 10:08 - 2016-03-29 12:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 10:08 - 2016-03-29 12:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 10:08 - 2016-03-29 12:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 10:08 - 2016-03-29 12:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 10:08 - 2016-03-29 12:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 10:08 - 2016-03-29 12:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 10:08 - 2016-03-29 12:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 10:08 - 2016-03-29 12:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 10:08 - 2016-03-29 11:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 10:08 - 2016-03-29 11:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 10:08 - 2016-03-29 11:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 10:08 - 2016-03-29 11:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 10:08 - 2016-03-29 11:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 10:08 - 2016-03-29 11:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 10:08 - 2016-03-29 11:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 10:08 - 2016-03-29 11:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 10:08 - 2016-03-29 11:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 10:08 - 2016-03-29 11:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 10:08 - 2016-03-29 11:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 10:08 - 2016-03-29 11:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 10:08 - 2016-03-29 11:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 10:08 - 2016-03-29 11:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 10:08 - 2016-03-29 11:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 10:08 - 2016-03-29 11:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 10:08 - 2016-03-29 11:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 10:08 - 2016-03-29 11:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 10:08 - 2016-03-29 11:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 10:08 - 2016-03-29 11:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 10:08 - 2016-03-29 11:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 10:08 - 2016-03-29 11:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 10:08 - 2016-03-29 10:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 10:08 - 2016-03-29 10:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 10:08 - 2016-03-29 10:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 10:08 - 2016-03-29 10:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 10:08 - 2016-03-29 10:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 10:08 - 2016-03-29 10:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 10:08 - 2016-03-29 10:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 10:08 - 2016-03-29 10:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 10:08 - 2016-03-29 10:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 10:08 - 2016-03-29 10:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 10:08 - 2016-03-29 10:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 10:08 - 2016-03-29 10:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 10:08 - 2016-03-29 10:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 10:08 - 2016-03-29 10:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 10:08 - 2016-03-29 10:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 10:08 - 2016-03-29 10:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 10:08 - 2016-03-29 10:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 10:08 - 2016-03-29 10:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 10:08 - 2016-03-29 10:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 10:08 - 2016-03-29 10:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 10:08 - 2016-03-29 10:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 10:08 - 2016-03-29 10:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 10:08 - 2016-03-29 10:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 10:08 - 2016-03-29 10:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 10:08 - 2016-03-29 10:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 10:08 - 2016-03-29 10:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 10:08 - 2016-03-29 10:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 10:08 - 2016-03-29 10:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 10:08 - 2016-03-29 10:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 10:08 - 2016-03-29 10:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 10:08 - 2016-03-29 10:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 10:08 - 2016-03-29 10:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 10:08 - 2016-03-29 10:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 10:08 - 2016-03-29 10:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 10:08 - 2016-03-29 10:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 10:08 - 2016-03-29 10:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 10:08 - 2016-03-29 10:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 10:08 - 2016-03-29 10:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 10:08 - 2016-03-29 10:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 10:08 - 2016-03-29 10:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 10:08 - 2016-03-29 10:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 10:08 - 2016-03-29 10:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 10:08 - 2016-03-29 10:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 10:08 - 2016-03-29 10:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 10:08 - 2016-03-29 10:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 10:08 - 2016-03-29 10:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 10:08 - 2016-03-29 10:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 10:08 - 2016-03-29 10:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 10:08 - 2016-03-29 10:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:08 - 2016-03-29 10:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 10:08 - 2016-03-29 10:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 10:08 - 2016-03-29 10:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 10:08 - 2016-03-29 10:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 10:08 - 2016-03-29 10:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 10:08 - 2016-03-29 10:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 10:08 - 2016-03-29 10:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 10:08 - 2016-03-29 10:17 - 00708608 _____ (Microsoft Corporation)

 

[raqulka]

C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:08 - 2016-03-29 10:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 10:08 - 2016-03-29 10:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 10:08 - 2016-03-29 10:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 10:08 - 2016-03-29 10:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 10:08 - 2016-03-29 10:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 10:08 - 2016-03-29 10:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 10:08 - 2016-03-29 10:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 10:08 - 2016-03-29 10:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 10:08 - 2016-03-29 10:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 10:08 - 2016-03-29 10:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 10:08 - 2016-03-29 10:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 10:08 - 2016-03-29 10:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 10:08 - 2016-03-29 10:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 10:08 - 2016-03-29 10:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 10:08 - 2016-03-29 10:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 10:08 - 2016-03-29 10:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 10:08 - 2016-03-29 10:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 10:08 - 2016-03-29 10:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 10:08 - 2016-03-29 10:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 10:08 - 2016-03-29 10:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 10:08 - 2016-03-29 10:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 10:08 - 2016-03-29 10:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 10:08 - 2016-03-29 10:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 10:08 - 2016-03-29 10:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 10:08 - 2016-03-29 10:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 10:08 - 2016-03-29 10:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 10:08 - 2016-03-29 09:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 10:08 - 2016-03-29 09:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 10:08 - 2016-03-29 09:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 10:08 - 2016-03-29 09:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 10:08 - 2016-03-29 09:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 10:08 - 2016-03-29 09:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 10:08 - 2016-03-29 09:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 10:08 - 2016-03-29 09:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 10:08 - 2016-03-29 09:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 10:08 - 2016-03-29 09:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 10:08 - 2016-03-29 09:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 10:08 - 2016-03-29 09:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 10:08 - 2016-03-29 09:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 10:08 - 2016-03-29 09:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 10:08 - 2016-03-29 09:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:08 - 2016-03-29 09:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 10:08 - 2016-03-29 09:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 10:08 - 2016-03-29 09:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 10:08 - 2016-03-29 09:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:08 - 2016-03-29 09:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 10:08 - 2016-03-29 09:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 10:08 - 2016-03-29 09:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 10:08 - 2016-03-29 09:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 10:08 - 2016-03-29 09:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 10:08 - 2016-03-29 09:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 10:08 - 2016-03-29 09:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 10:08 - 2016-03-29 09:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 10:08 - 2016-03-29 09:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 10:08 - 2016-03-29 09:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 10:08 - 2016-03-29 09:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 10:08 - 2016-03-29 09:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 10:08 - 2016-03-29 09:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 10:08 - 2016-03-29 09:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 10:08 - 2016-03-29 09:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 10:08 - 2016-03-29 09:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 10:08 - 2016-03-29 09:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 10:08 - 2016-03-29 09:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 10:08 - 2016-03-29 09:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 10:08 - 2016-03-29 09:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 10:08 - 2016-03-29 09:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 10:08 - 2016-03-29 09:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 10:08 - 2016-03-29 09:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 10:08 - 2016-03-29 09:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 10:08 - 2016-03-29 09:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 10:08 - 2016-03-29 09:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 10:08 - 2016-03-29 09:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 10:08 - 2016-03-29 09:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 10:08 - 2016-03-29 09:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 10:08 - 2016-03-29 08:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 10:08 - 2016-03-29 08:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 10:08 - 2016-03-29 08:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 10:08 - 2016-03-29 08:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 10:08 - 2016-03-29 08:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 10:08 - 2016-03-29 08:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 10:08 - 2016-03-29 08:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 10:08 - 2016-03-29 08:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 10:08 - 2016-03-29 08:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 09:26 - 2016-04-12 09:26 - 00000000 ___HD C:\OneDriveTemp
2016-04-12 09:25 - 2016-04-12 09:25 - 00014160 _____ C:\Users\user\Desktop\rk_7C16.tmp.txt
2016-04-12 09:07 - 2016-04-12 09:07 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-12 09:06 - 2016-04-12 09:06 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-11 10:32 - 2016-04-11 10:32 - 00001753 _____ C:\Users\user\Desktop\39208317016.cer
2016-04-11 09:02 - 2016-04-14 08:13 - 00000000 ____D C:\FRST
2016-04-10 11:05 - 2016-04-10 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-10 11:05 - 2016-04-10 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Roaming\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Users\user\AppData\Local\FonePaw
2016-04-05 19:58 - 2016-04-05 19:58 - 00000000 ____D C:\Program Files (x86)\FonePaw
2016-04-04 13:14 - 2016-04-04 16:40 - 00000000 ____D C:\Users\user\AppData\Roaming\RIA
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-card
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\Program Files\Open-EID
2016-04-04 13:14 - 2016-04-04 13:14 - 00000000 ____D C:\Program Files (x86)\Open-EID
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2016-03-31 14:37 - 2016-03-31 14:42 - 00000000 ____D C:\Users\user\Desktop\www
2016-03-30 15:32 - 2016-03-30 15:41 - 00000000 ____D C:\Users\user\Desktop\urmur2_AME
2016-03-30 15:27 - 2016-03-31 08:33 - 00479056 _____ C:\Users\user\Desktop\urmur2.aep
2016-03-30 11:10 - 2016-03-30 15:10 - 00448700 _____ C:\Users\user\Desktop\urmur.aep
2016-03-28 18:42 - 2016-03-29 09:02 - 00000000 ____D C:\Users\user\AppData\Local\Skyrim
2016-03-25 16:03 - 2016-03-29 07:36 - 00000000 __SHD C:\ProgramData\ilhdxm
2016-03-22 19:15 - 2016-03-22 19:15 - 00000000 ____D C:\Users\user\AppData\Roaming\DS4Windows
2016-03-18 13:05 - 2016-03-18 13:05 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2016-03-17 20:26 - 2016-04-13 12:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-03-17 20:26 - 2016-03-17 20:26 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-17 20:26 - 2016-03-08 13:27 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-17 20:26 - 2016-03-08 13:27 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-03-17 20:26 - 2016-03-08 09:42 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-03-17 20:26 - 2016-03-08 09:42 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-03-17 20:26 - 2016-03-08 09:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-17 20:26 - 2016-03-07 07:22 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-03-17 20:26 - 2016-02-14 04:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-03-17 20:26 - 2016-02-14 04:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-03-17 20:26 - 2016-02-14 04:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-03-17 20:26 - 2016-02-14 04:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-03-17 20:24 - 2016-03-10 06:19 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-03-17 20:24 - 2016-03-08 13:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00632152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00346560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-17 20:24 - 2016-03-08 13:27 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-03-17 20:24 - 2016-03-08 13:27 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
2016-03-17 20:24 - 2016-03-08 13:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-17 20:24 - 2016-03-08 13:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-17 09:28 - 2016-03-17 09:30 - 00000000 ____D C:\Users\user\Documents\Need For Speed
2016-03-16 11:48 - 2016-03-16 11:48 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-03-15 15:18 - 2016-03-15 15:18 - 00000000 ____D C:\Users\user\AppData\Roaming\Xfer
2016-03-15 15:16 - 2016-03-15 15:16 - 00000000 ____D C:\Users\user\Documents\Xfer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 07:50 - 2015-07-16 09:40 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf92534c146b.job
2016-04-14 07:50 - 2015-01-20 21:30 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 07:40 - 2015-01-20 21:30 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 07:18 - 2015-08-18 09:52 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001UA.job
2016-04-14 03:51 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 03:32 - 2015-01-15 12:59 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE494239-FD0C-4259-8F7F-302738D33E3B}
2016-04-13 20:18 - 2015-08-18 09:52 - 00000860 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2707210134-101100643-1977969362-1001Core.job
2016-04-13 19:14 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-13 15:35 - 2015-10-25 15:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-13 15:00 - 2015-01-23 15:38 - 00000000 __RDO C:\Users\user\OneDrive
2016-04-13 12:55 - 2015-07-20 19:18 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-04-13 12:45 - 2015-11-29 21:52 - 00973920 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-13 12:45 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-13 12:39 - 2015-11-29 22:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-13 12:39 - 2015-11-29 21:50 - 05104592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-13 12:39 - 2015-08-18 11:02 - 00000091 _____ C:\HaxLogs.txt
2016-04-13 12:38 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 12:38 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 12:38 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 12:38 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 12:38 - 2015-10-30 09:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-13 11:30 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 11:29 - 2015-01-20 21:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 11:26 - 2015-01-20 21:28 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 07:54 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-13 07:54 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-13 07:54 - 2015-01-15 11:29 - 00000000 ____D C:\Users\user\AppData\Local\Packages
2016-04-12 12:19 - 2016-02-27 12:46 - 00000000 ____D C:\Users\user\AppData\Roaming\StardewValley
2016-04-09 12:40 - 2015-01-20 21:31 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-08 17:57 - 2016-02-29 21:24 - 00000000 ____D C:\Users\user\AppData\Roaming\qBittorrent
2016-04-06 21:32 - 2015-10-30 10:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 21:32 - 2015-10-30 10:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-06 16:25 - 2015-06-22 09:47 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2016-04-06 15:27 - 2015-01-21 18:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-04-05 08:49 - 2015-02-10 22:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-04-04 13:14 - 2015-06-07 21:04 - 00003442 _____ C:\WINDOWS\System32\Tasks\id updater task
2016-04-04 13:14 - 2015-01-21 17:54 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-30 21:27 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-03-29 09:02 - 2015-09-23 07:05 - 00000000 ____D C:\ProgramData\Steam
2016-03-29 07:35 - 2015-01-21 18:19 - 00000000 ___RD C:\Users\user\Desktop\Games
2016-03-28 18:42 - 2015-03-26 17:08 - 00000000 ____D C:\Users\user\Documents\My Games
2016-03-27 10:48 - 2015-01-24 11:10 - 00000000 ____D C:\ProgramData\Origin
2016-03-26 14:17 - 2015-10-17 12:19 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-24 11:29 - 2015-08-17 10:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-18 11:30 - 2015-01-24 11:12 - 00000000 ____D C:\Users\user\AppData\Roaming\Origin
2016-03-17 20:29 - 2015-01-15 12:10 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2016-03-17 20:28 - 2015-11-29 21:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-17 20:26 - 2015-11-29 21:51 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-17 20:26 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-17 20:26 - 2015-06-30 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-17 20:26 - 2015-03-31 20:34 - 00000000 ____D C:\Temp
2016-03-17 20:26 - 2015-01-15 12:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-15 08:50 - 2015-10-30 10:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 08:50 - 2015-02-12 19:24 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2015-03-07 14:04 - 2015-10-23 16:39 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-06 19:50 - 2015-07-06 19:50 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-12 14:31 - 2015-08-12 14:31 - 0000000 ___SH () C:\Users\user\AppData\Local\LumaEmu
2015-01-23 15:21 - 2015-03-14 16:30 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-11-29 21:51 - 2015-11-29 21:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Open-EID-3.12.2.1653_x86.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-14 03:34

==================== End of FRST.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[raqulka]

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by user (2016-04-15 08:14:02) Run:1
Running from C:\Users\user\Desktop\fix
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {147189FC-676C-476F-B8D2-58117AE42014} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {408CC19F-9D04-4291-8AC0-F289C648A29E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4809D986-F5FB-47C4-9F27-3F8A62251ACB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {489DE231-D2CD-4C21-949C-C59744862ECC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {58ABFCD3-D97C-47F3-9E1F-E45A2EEE9DF6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5BC60527-FC22-4A9E-8714-9FFEB9BA0C39} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {74D1077E-ED70-4A2F-96B9-9B8FE6BB0318} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {88586C25-30B7-4655-96CC-F57E270495CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {91EE783B-F01A-47C0-84DA-ABB415AE6E1E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AB936D19-F5E4-4DD8-A009-1A0A7330B6AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F4D87D46-6A84-425F-82D5-F74F8A3CF1DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {7ad50740-f567-11e5-82f3-000000005aad} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2707210134-101100643-1977969362-1001\...\MountPoints2: {92d3c816-82b7-11e5-82b8-000000005aad} - "F:\OnePlus_setup.exe" /s
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\Eset\Mozilla Thunderbird => not found
CHR Plugin: (Shockwave Flash) - C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
2016-03-25 16:03 - 2016-03-29 07:36 - 00000000 __SHD C:\ProgramData\ilhdxm
2015-03-07 14:04 - 2015-10-23 16:39 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-07-06 19:50 - 2015-07-06 19:50 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-12 14:31 - 2015-08-12 14:31 - 0000000 ___SH () C:\Users\user\AppData\Local\LumaEmu
2015-01-23 15:21 - 2015-03-14 16:30 - 0007602 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-11-29 21:51 - 2015-11-29 21:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Open-EID-3.12.2.1653_x86.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll

*****************

"HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2707210134-101100643-1977969362-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{147189FC-676C-476F-B8D2-58117AE42014}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{147189FC-676C-476F-B8D2-58117AE42014}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{408CC19F-9D04-4291-8AC0-F289C648A29E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{408CC19F-9D04-4291-8AC0-F289C648A29E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4809D986-F5FB-47C4-9F27-3F8A62251ACB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4809D986-F5FB-47C4-9F27-3F8A62251ACB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{489DE231-D2CD-4C21-949C-C59744862ECC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489DE231-D2CD-4C21-949C-C59744862ECC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58ABFCD3-D97C-47F3-9E1F-E45A2EEE9DF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58ABFCD3-D97C-47F3-9E1F-E45A2EEE9DF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BC60527-FC22-4A9E-8714-9FFEB9BA0C39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BC60527-FC22-4A9E-8714-9FFEB9BA0C39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74D1077E-ED70-4A2F-96B9-9B8FE6BB0318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1077E-ED70-4A2F-96B9-9B8FE6BB0318}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88586C25-30B7-4655-96CC-F57E270495CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88586C25-30B7-4655-96CC-F57E270495CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91EE783B-F01A-47C0-84DA-ABB415AE6E1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EE783B-F01A-47C0-84DA-ABB415AE6E1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB936D19-F5E4-4DD8-A009-1A0A7330B6AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB936D19-F5E4-4DD8-A009-1A0A7330B6AD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4D87D46-6A84-425F-82D5-F74F8A3CF1DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D87D46-6A84-425F-82D5-F74F8A3CF1DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
"HKU\S-1-5-21-2707210134-101100643-1977969362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad50740-f567-11e5-82f3-000000005aad}" => key removed successfully
HKCR\CLSID\{7ad50740-f567-11e5-82f3-000000005aad} => key not found.
"HKU\S-1-5-21-2707210134-101100643-1977969362-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92d3c816-82b7-11e5-82b8-000000005aad}" => key removed successfully
HKCR\CLSID\{92d3c816-82b7-11e5-82b8-000000005aad} => key not found.
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll => not found.
C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
LMIInfo => service removed successfully
NVHDA => service removed successfully
C:\ProgramData\ilhdxm => moved successfully
C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs => moved successfully
C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\user\AppData\Local\LumaEmu => moved successfully
C:\Users\user\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\user\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\user\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\user\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\user\AppData\Local\Temp\Open-EID-3.12.2.1653_x86.exe => moved successfully
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\user\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 08:14:05 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[raqulka]

Sorry for the late reply. Doing it right now.

 

[raqulka]

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Endpoint Antivirus 6.2.2033.0
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 65
Java SE Development Kit 7 Update 71
Visual Studio Extensions for Windows Library for JavaScript
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.226
Mozilla Firefox (Signing.)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
Google Chrome (49.0.2623.87)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[raqulka]

Farbar Service Scanner Version: 27-01-2016
Ran by user (administrator) on 18-04-2016 at 08:52:39
Running from "D:\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****