Jump to content

Malwarebytes and several other programs are crashing or not starting at all


Recommended Posts

Hello,

Today I faced a problem that I have never experienced before. First the web browers that I usually use (google chrome) started crashing whenever I was trying to download a file. I found that a little strange so I restarted my computer, and suddenly Skype started giving me an error while trying to load (It is set as a startup program). I tried the second browser that I have installed (Mozilla Firefox) and I experienced the same issue, crashing whenever I try to download something (example Malwarebytes Anti-malware). I have an old version of the program installed on my PC (ver 2.3.55.0) And whenever I try to start it I am getting a message "Malwarebytes Anti-Malware has stopped working". I also tried the option "Run as Administrator" and then I got "external exception C000001D". It is funny that I also have MCShield installed which suddenly also stopped working along with Northen Power Eraser refusing to start. The antivirus program that I currenly have on my PC is ESET NOD 32 Trial version. (At least it is still working). 

I am almost sure that it is somesort of virus but I cant identify it.

I would be happy to hear your professional oppinion what may be causing browsers to crash and preventing anti-malware and anti-viruses programs from starting

Link to post
Share on other sites

Hello and :welcome::

I'm not sure if your MBAM is genuine, as the current (latest) version is 2.2.1.1043.  (There is no "version 2.3.55.0", although it's possible that one of the executable files in the program bears that version number).

In any event, it sounds as if you may be infected.
But we need a bit more information to try to determine that.

Please read the following pinned topic: Diagnostic Logs
Then, please ATTACH ALL 3 logs to your next reply here in this thread.

We'll go from there.

Thank you,

Edited by daledoc1
punctuation
Link to post
Share on other sites

Here are the both files. The version is "2.1.8.1057". Since I can not start the program I used "Right Click>Properties>Details" and there I saw Product/File version: 2.3.55.0. which was wrong. I apologise for the mistake.

Spoiler

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Atanas (administrator) on DESKTOP-MI9RO4V (31-05-2016 15:02:43)
Running from C:\Users\Atanas\Downloads
Loaded Profiles: Atanas (Available Profiles: Atanas)
Platform: Windows 10 Enterprise Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Atanas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Viber Media S.à r.l.) C:\Users\Atanas\AppData\Local\Viber\Viber.exe
(MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => "E:\Programs Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "E:\Programs Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Run: [Spotify Web Helper] => C:\Users\Atanas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-05-28] (Spotify Ltd)
HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Run: [Viber] => C:\Users\Atanas\AppData\Local\Viber\Viber.exe [69528656 2016-05-16] (Viber Media S.à r.l.)
HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Run: [GoogleChromeAutoLaunch_894F457ACC45EC082FCB0E42A03479A7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-05-11] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 95.87.194.5 95.87.255.92 192.168.1.1
Tcpip\..\Interfaces\{b0678ef1-435b-405c-9f1f-d86444c0a08c}: [DhcpNameServer] 192.168.1.211
Tcpip\..\Interfaces\{c015f5e1-bb3c-40b8-ae45-c8ac7636668b}: [DhcpNameServer] 95.87.194.5 95.87.255.92 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] ()
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] ()
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] ()
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] ()
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-04-23] ()

FireFox:
========
FF ProfilePath: C:\Users\Atanas\AppData\Roaming\Mozilla\Firefox\Profiles\yan4dr2s.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-04] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-04] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> E:\Programs Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-603607544-501088878-2932816841-1001: SkypePlugin -> C:\Users\Atanas\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-603607544-501088878-2932816841-1001: SkypePlugin64 -> C:\Users\Atanas\AppData\Local\SkypePlugin\7.12.0.55\npGatewayNpapi-x64.dll [2015-12-08] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Atanas\AppData\Roaming\Mozilla\Firefox\Profiles\yan4dr2s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programs Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn => not found

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.bg/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Users\Atanas\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => No File
CHR Plugin: (Picasa) - D:\Program Files\Google\Picasa3\npPicasa3.dll => No File
CHR Profile: C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-02]
CHR Extension: (Google Docs) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-02]
CHR Extension: (Google Drive) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-11-22]
CHR Extension: (Skype Calling) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-12-14]
CHR Extension: (YouTube) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-21]
CHR Extension: (Pushbullet) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-05-18]
CHR Extension: (Google Search) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-02]
CHR Extension: (Google Docs Offline) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Readability) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-01-29]
CHR Extension: (Gmail) - C:\Users\Atanas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-02]
CHR HKU\S-1-5-21-603607544-501088878-2932816841-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2015-12-30] (Hi-Rez Studios) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3535512 2015-11-29] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2104840 2016-01-18] (Electronic Arts)
S3 OverwolfUpdater; D:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-05-19] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4255232 2016-02-15] (A-Volute) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-02] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-14] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2016-05-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [51712 2015-10-30] (Realtek Semiconductor Corporation                           )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows (R) Win 7 DDK provider)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-15] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-15] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 15:02 - 2016-05-31 15:04 - 00021039 _____ C:\Users\Atanas\Downloads\FRST.txt
2016-05-31 15:02 - 2016-05-31 15:02 - 02383872 _____ (Farbar) C:\Users\Atanas\Downloads\FRST64.exe
2016-05-31 15:02 - 2016-05-31 15:02 - 00000000 ____D C:\FRST
2016-05-31 14:15 - 2016-05-31 14:15 - 00000000 ____D C:\Users\Atanas\AppData\Local\ESET
2016-05-31 14:07 - 2016-05-31 14:07 - 04896104 _____ (Oleg N. Scherbakov) C:\Users\Atanas\Downloads\Malwarebytes_2.1.8_SSE2_Hotfix.exe
2016-05-31 14:06 - 2016-05-31 14:06 - 00233063 _____ (Oleg N. Scherbakov) C:\Users\Atanas\Downloads\Unconfirmed 694789.crdownload
2016-05-31 13:44 - 2016-05-31 14:24 - 00000000 ____D C:\Users\Atanas\AppData\Local\CrashDumps
2016-05-31 13:44 - 2016-05-31 13:44 - 00000000 ____D C:\Users\Atanas\Desktop\Old Firefox Data
2016-05-31 13:40 - 2016-05-31 13:40 - 00000000 ____D C:\Users\Atanas\AppData\Local\NPE
2016-05-31 13:40 - 2016-05-31 13:40 - 00000000 ____D C:\ProgramData\Norton
2016-05-31 13:34 - 2016-05-31 13:40 - 03088296 _____ (Symantec Corporation) C:\Users\Atanas\Desktop\NPE.exe
2016-05-31 13:29 - 2016-05-31 13:29 - 00884714 _____ (Malwarebytes ) C:\Users\Atanas\Downloads\Unconfirmed 334159.crdownload
2016-05-31 13:28 - 2016-05-31 13:28 - 11485546 _____ C:\Users\Atanas\Downloads\QuickyBaby Modpack 9.15 v1 (1).zip
2016-05-31 13:03 - 2016-05-31 13:03 - 02261258 _____ C:\Users\Atanas\Downloads\Unconfirmed 391998.crdownload
2016-05-31 12:49 - 2016-05-31 12:53 - 00000411 _____ C:\Users\Atanas\Desktop\New Text Document (7).txt
2016-05-31 12:48 - 2016-05-31 12:48 - 22851472 _____ (Malwarebytes ) C:\Users\Atanas\Downloads\mbam-setup-2.2.1.1043 (2).exe
2016-05-31 12:47 - 2016-05-31 12:48 - 22851472 _____ (Malwarebytes ) C:\Users\Atanas\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-05-31 12:46 - 2016-05-31 12:47 - 22851472 _____ (Malwarebytes ) C:\Users\Atanas\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-31 12:44 - 2016-05-31 12:44 - 01310720 _____ C:\Users\Atanas\Downloads\Unconfirmed 363725.crdownload
2016-05-31 12:40 - 2016-05-31 12:40 - 00192355 _____ C:\Users\Atanas\Downloads\2B6B.tmp
2016-05-31 12:03 - 2016-05-31 12:03 - 00013184 ____N C:\bootsqm.dat
2016-05-28 15:30 - 2016-05-28 15:31 - 00000000 ____D C:\Users\Atanas\AppData\Local\Viber
2016-05-26 21:46 - 2016-05-26 21:43 - 11485546 _____ C:\Users\Atanas\Desktop\QuickyBaby Modpack 9.15 v1.zip
2016-05-26 21:43 - 2016-05-26 21:43 - 11485546 _____ C:\Users\Atanas\Downloads\QuickyBaby Modpack 9.15 v1.zip
2016-05-26 19:29 - 2016-05-26 19:29 - 00000849 _____ C:\Users\Public\Desktop\WoT Uninstall OMC ModPack.lnk
2016-05-26 19:29 - 2016-05-26 19:29 - 00000731 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2016-05-26 18:51 - 2016-05-26 18:51 - 00184900 ____T C:\Users\Atanas\Desktop\принт1.pdf
2016-05-26 17:39 - 2016-05-26 17:39 - 00185700 ____T C:\Users\Atanas\Desktop\document.pdf
2016-05-26 16:52 - 2016-05-26 20:25 - 00001406 _____ C:\Users\Atanas\Desktop\Videos Admin.txt
2016-05-26 16:50 - 2016-05-26 16:50 - 00828476 ____T C:\Users\Atanas\Desktop\123.prn
2016-05-26 14:37 - 2016-05-26 14:37 - 00000000 ____D C:\Users\Atanas\AppData\LocalLow\uTorrent
2016-05-26 10:36 - 2016-05-26 10:36 - 00011976 _____ C:\Users\Atanas\Downloads\bg_windows_7_ultimate_with_sp1_x86_dvd_u_677450.iso.torrent
2016-05-26 10:35 - 2016-05-26 10:36 - 00015556 _____ C:\Users\Atanas\Downloads\bg_windows_7_ultimate_with_sp1_x64_dvd_u_677363.iso.torrent
2016-05-25 19:02 - 2016-05-25 19:08 - 00000000 ____D C:\Users\Atanas\AppData\Local\Mozilla
2016-05-25 19:02 - 2016-05-25 19:02 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-25 19:02 - 2016-05-25 19:02 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-25 19:02 - 2016-05-25 19:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-25 19:01 - 2016-05-25 19:01 - 00242120 _____ C:\Users\Atanas\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-25 15:51 - 2016-05-25 15:51 - 00001762 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525 (2) (1) (1).csv - UserData-atanas.unibit.bg-20160525 (2) (1) (1).csv.csv
2016-05-25 15:51 - 2016-05-25 15:51 - 00001762 _____ C:\Users\Atanas\Desktop\FINFINFIN (1).csv.csv
2016-05-25 15:49 - 2016-05-25 15:49 - 00000203 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525 (2) (1).csv
2016-05-25 15:49 - 2016-05-25 15:49 - 00000203 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525 (2) (1) (1).csv
2016-05-25 15:48 - 2016-05-25 15:48 - 00000203 _____ C:\Users\Atanas\Desktop\UserData-atanas.unibit.bg-20160525 (2).csv
2016-05-25 15:47 - 2016-05-25 15:48 - 00000203 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525 (2).csv
2016-05-25 15:47 - 2016-05-25 15:47 - 00000203 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525 (1).csv
2016-05-25 15:45 - 2016-05-25 15:44 - 00001242 _____ C:\Users\Atanas\Desktop\Untitled spreadsheet - Sheet1 (1).csv
2016-05-25 15:44 - 2016-05-25 15:44 - 00001242 _____ C:\Users\Atanas\Downloads\Untitled spreadsheet - Sheet1 (1).csv
2016-05-25 15:41 - 2016-05-25 15:41 - 00001242 _____ C:\Users\Atanas\Downloads\Untitled spreadsheet - Sheet1.csv
2016-05-25 15:41 - 2016-05-25 15:41 - 00001242 _____ C:\Users\Atanas\Desktop\Untitled spreadsheet - Sheet1.csv
2016-05-25 15:37 - 2016-05-25 15:37 - 00000203 _____ C:\Users\Atanas\Downloads\UserData-atanas.unibit.bg-20160525.csv
2016-05-25 14:19 - 2016-05-25 14:22 - 00480954 _____ C:\Users\Atanas\Desktop\Киберсигурност на критичната инфраструктура.pdf
2016-05-25 13:53 - 2016-05-25 13:53 - 04160734 _____ C:\Users\Atanas\Downloads\CSIRT_setting_up_guide_ENISA-BG (1).pdf
2016-05-25 13:27 - 2016-05-25 13:27 - 07241105 _____ C:\Users\Atanas\Downloads\Лекции Киберсигурност (1).zip
2016-05-25 09:12 - 2016-05-25 09:12 - 02886816 _____ (Odem Mortis ) C:\Users\Atanas\Downloads\OMC_ModPack_Installer (3).exe
2016-05-18 23:02 - 2016-05-19 00:43 - 00000000 ____D C:\Users\Atanas\Desktop\Opredeleniq
2016-05-15 22:56 - 2016-05-15 22:56 - 01111452 _____ C:\Users\Atanas\Downloads\IT4Sec_Милина-Критична-инфраструктура (1).pdf
2016-05-15 21:38 - 2016-05-15 21:38 - 04160734 _____ C:\Users\Atanas\Downloads\CSIRT_setting_up_guide_ENISA-BG.pdf
2016-05-15 21:00 - 2016-05-15 21:00 - 00236045 _____ C:\Users\Atanas\Downloads\Критична-Информационна-инфраструктура.pdf
2016-05-15 20:50 - 2016-05-15 20:50 - 00505484 _____ C:\Users\Atanas\Downloads\Критична-инфраструктура.pdf
2016-05-15 19:54 - 2016-05-15 19:54 - 01111452 _____ C:\Users\Atanas\Downloads\IT4Sec_Милина-Критична-инфраструктура.pdf
2016-05-15 19:51 - 2016-05-15 19:51 - 00418070 _____ C:\Users\Atanas\Downloads\it4sec_reports_Йоана-Иванова.pdf
2016-05-15 18:43 - 2016-05-15 18:43 - 12969853 _____ C:\Users\Atanas\Downloads\K+ Specialen doklad.pdf
2016-05-15 18:31 - 2016-05-15 18:31 - 00000000 ____D C:\Users\Atanas\Desktop\Материали за есе Киберсигурност
2016-05-15 18:28 - 2016-05-15 18:28 - 07430128 _____ C:\Users\Atanas\Downloads\Материали за есе Киберсигурност.zip
2016-05-15 18:28 - 2016-05-15 18:28 - 07430128 _____ C:\Users\Atanas\Desktop\Материали за есе Киберсигурност.zip
2016-05-15 18:19 - 2016-05-15 18:19 - 07241105 _____ C:\Users\Atanas\Downloads\Лекции Киберсигурност.zip
2016-05-15 18:19 - 2016-05-15 18:19 - 07241105 _____ C:\Users\Atanas\Desktop\Лекции Киберсигурност.zip
2016-05-15 17:18 - 2016-05-15 17:18 - 61530279 _____ C:\Users\Atanas\Desktop\facebook-atanasnikolov08.zip
2016-05-15 17:18 - 2016-05-15 17:18 - 00000000 ____D C:\Users\Atanas\Desktop\facebook-atanasnikolov08
2016-05-15 17:17 - 2016-05-15 17:18 - 61530279 _____ C:\Users\Atanas\Downloads\facebook-atanasnikolov08.zip
2016-05-10 22:52 - 2016-04-23 07:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 22:52 - 2016-04-23 07:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 22:52 - 2016-04-23 07:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 22:52 - 2016-04-23 07:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 22:52 - 2016-04-23 07:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 22:52 - 2016-04-23 07:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 22:52 - 2016-04-23 07:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 22:52 - 2016-04-23 07:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 22:52 - 2016-04-23 07:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 22:52 - 2016-04-23 07:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 22:51 - 2016-04-23 08:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 22:51 - 2016-04-23 08:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 22:51 - 2016-04-23 08:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 22:51 - 2016-04-23 08:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 22:51 - 2016-04-23 08:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 22:51 - 2016-04-23 08:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 22:51 - 2016-04-23 08:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 22:51 - 2016-04-23 08:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 22:51 - 2016-04-23 07:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 22:51 - 2016-04-23 07:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 22:51 - 2016-04-23 07:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 22:51 - 2016-04-23 07:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 22:51 - 2016-04-23 07:20 - 19344384 _____ C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 22:51 - 2016-04-23 07:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 22:51 - 2016-04-23 07:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 22:51 - 2016-04-23 07:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 22:51 - 2016-04-23 07:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 22:51 - 2016-04-23 07:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 22:51 - 2016-04-23 07:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 22:51 - 2016-04-23 07:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 22:51 - 2016-04-23 07:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 22:51 - 2016-04-23 07:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 22:51 - 2016-04-23 07:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 22:51 - 2016-04-23 07:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 22:51 - 2016-04-23 07:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 22:51 - 2016-04-23 07:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 22:51 - 2016-04-23 07:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 22:51 - 2016-04-23 07:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 22:51 - 2016-04-23 07:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 22:51 - 2016-04-23 07:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 22:51 - 2016-04-23 07:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 22:51 - 2016-04-23 07:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 22:51 - 2016-04-23 07:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 22:50 - 2016-05-06 07:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 22:50 - 2016-05-06 07:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 22:50 - 2016-05-06 07:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 22:50 - 2016-05-06 06:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 22:50 - 2016-05-06 06:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 22:50 - 2016-05-06 06:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 22:50 - 2016-05-06 06:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 22:50 - 2016-04-30 09:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 22:50 - 2016-04-30 09:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 22:50 - 2016-04-23 09:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 22:50 - 2016-04-23 09:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 22:50 - 2016-04-23 09:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 22:50 - 2016-04-23 08:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 22:50 - 2016-04-23 08:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 22:50 - 2016-04-23 08:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 22:50 - 2016-04-23 08:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 22:50 - 2016-04-23 08:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 22:50 - 2016-04-23 08:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 22:50 - 2016-04-23 08:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 22:50 - 2016-04-23 08:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 22:50 - 2016-04-23 08:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 22:50 - 2016-04-23 08:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 22:50 - 2016-04-23 08:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 22:50 - 2016-04-23 08:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 22:50 - 2016-04-23 08:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 22:50 - 2016-04-23 08:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 22:50 - 2016-04-23 08:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 22:50 - 2016-04-23 08:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 22:50 - 2016-04-23 08:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 22:50 - 2016-04-23 08:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 22:50 - 2016-04-23 08:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 22:50 - 2016-04-23 08:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 22:50 - 2016-04-23 08:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 22:50 - 2016-04-23 08:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 22:50 - 2016-04-23 08:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 22:50 - 2016-04-23 08:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 22:50 - 2016-04-23 08:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 22:50 - 2016-04-23 08:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 22:50 - 2016-04-23 08:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 22:50 - 2016-04-23 08:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 22:50 - 2016-04-23 08:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 22:50 - 2016-04-23 08:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 22:50 - 2016-04-23 08:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 22:50 - 2016-04-23 08:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 22:50 - 2016-04-23 08:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 22:50 - 2016-04-23 08:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 22:50 - 2016-04-23 08:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 22:50 - 2016-04-23 08:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 22:50 - 2016-04-23 08:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 22:50 - 2016-04-23 08:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 22:50 - 2016-04-23 08:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 22:50 - 2016-04-23 08:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 22:50 - 2016-04-23 08:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 22:50 - 2016-04-23 08:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 22:50 - 2016-04-23 08:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 22:50 - 2016-04-23 07:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 22:50 - 2016-04-23 07:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 22:50 - 2016-04-23 07:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 22:50 - 2016-04-23 07:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 22:50 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 22:50 - 2016-04-23 07:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 22:50 - 2016-04-23 07:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 22:50 - 2016-04-23 07:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 22:50 - 2016-04-23 07:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 22:50 - 2016-04-23 07:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 22:50 - 2016-04-23 07:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 22:50 - 2016-04-23 07:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 22:50 - 2016-04-23 07:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 22:50 - 2016-04-23 07:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 22:50 - 2016-04-23 07:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 22:50 - 2016-04-23 07:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 22:50 - 2016-04-23 07:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 22:50 - 2016-04-23 07:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 22:50 - 2016-04-23 07:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 22:50 - 2016-04-23 07:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 22:50 - 2016-04-23 07:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 22:50 - 2016-04-23 07:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 22:50 - 2016-04-23 07:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 22:50 - 2016-04-23 07:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 22:50 - 2016-04-23 07:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 22:50 - 2016-04-23 07:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 22:50 - 2016-04-23 07:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 22:50 - 2016-04-23 07:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 22:50 - 2016-04-23 07:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 22:50 - 2016-04-23 07:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 22:50 - 2016-04-23 07:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 22:50 - 2016-04-23 07:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 22:50 - 2016-04-23 07:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 22:50 - 2016-04-23 07:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 22:50 - 2016-04-23 07:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 22:50 - 2016-04-23 07:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 22:50 - 2016-04-23 07:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 22:50 - 2016-04-23 07:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 22:50 - 2016-04-23 07:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 22:50 - 2016-04-23 07:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 22:50 - 2016-04-23 07:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 22:50 - 2016-04-23 07:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 22:50 - 2016-04-23 07:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 22:50 - 2016-04-23 07:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 22:50 - 2016-04-23 07:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 22:50 - 2016-04-23 07:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 22:50 - 2016-04-23 07:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 22:50 - 2016-04-23 07:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 22:50 - 2016-04-23 07:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 22:50 - 2016-04-23 07:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 22:50 - 2016-04-23 07:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 22:50 - 2016-04-23 07:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 22:50 - 2016-04-23 07:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 22:50 - 2016-04-23 07:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 22:50 - 2016-04-23 07:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 22:50 - 2016-04-23 07:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 22:50 - 2016-04-23 07:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 22:50 - 2016-04-23 07:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 22:50 - 2016-04-23 07:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 22:50 - 2016-04-23 07:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 22:50 - 2016-04-23 07:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 22:50 - 2016-04-23 07:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 22:50 - 2016-04-23 07:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 22:50 - 2016-04-23 07:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 22:50 - 2016-04-23 07:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 22:50 - 2016-04-23 07:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 22:50 - 2016-04-23 06:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 22:50 - 2016-04-23 05:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 22:49 - 2016-05-06 06:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 22:49 - 2016-04-23 08:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 22:49 - 2016-04-23 08:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 22:49 - 2016-04-23 08:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 22:49 - 2016-04-23 07:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 22:49 - 2016-04-23 07:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 22:49 - 2016-04-23 07:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 22:49 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 22:49 - 2016-04-23 07:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 22:49 - 2016-04-23 07:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 22:49 - 2016-04-23 07:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 22:49 - 2016-04-23 07:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 22:49 - 2016-04-23 07:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 22:49 - 2016-04-23 07:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 22:49 - 2016-04-23 07:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 22:49 - 2016-04-23 07:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 22:49 - 2016-04-23 07:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 22:49 - 2016-04-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 22:49 - 2016-04-23 07:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 22:49 - 2016-04-23 07:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 22:49 - 2016-04-23 07:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 22:49 - 2016-04-23 07:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 22:49 - 2016-04-23 07:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 22:49 - 2016-04-23 07:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 22:49 - 2016-04-23 07:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 22:49 - 2016-04-23 07:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 22:49 - 2016-04-23 07:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 22:49 - 2016-04-23 07:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 22:49 - 2016-04-23 07:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 22:49 - 2016-04-23 07:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 22:49 - 2016-04-23 07:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 22:49 - 2016-04-23 05:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 22:49 - 2016-04-19 01:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 14:59 - 2015-09-02 23:15 - 00001038 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-31 14:24 - 2015-11-11 13:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-31 14:22 - 2015-10-07 19:04 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-31 14:15 - 2015-09-03 01:03 - 00000000 ____D C:\Users\Atanas\Downloads\ESET Smart Security 8.0.319.1 Final & ESET NOD32 Antivirus System 8.0.319.1 Final (32bit & 64bit)
2016-05-31 14:14 - 2015-09-08 11:47 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-05-31 13:53 - 2015-10-24 11:31 - 00000000 ____D C:\Users\Atanas\.VirtualBox
2016-05-31 13:30 - 2015-12-21 05:02 - 00000000 ____D C:\Users\Atanas
2016-05-31 12:26 - 2015-12-13 02:36 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\Skype
2016-05-31 12:26 - 2015-09-12 20:44 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\ViberPC
2016-05-31 12:25 - 2015-10-07 19:08 - 00000000 ____D C:\ProgramData\MCShield
2016-05-31 12:25 - 2015-09-02 23:15 - 00001034 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-31 12:23 - 2015-12-21 05:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-31 12:23 - 2015-12-21 04:58 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-05-31 12:22 - 2015-10-30 09:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-31 12:01 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-31 12:00 - 2015-09-04 08:49 - 00000000 ____D C:\Users\Atanas\AppData\Local\Spotify
2016-05-31 09:43 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-31 08:45 - 2015-09-03 11:29 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FCCFF9DF-23DE-4826-BFEF-776ED28178BD}
2016-05-31 06:41 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-31 03:08 - 2015-09-04 08:48 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\Spotify
2016-05-31 00:17 - 2015-09-03 01:16 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\TS3Client
2016-05-29 03:54 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-05-28 15:36 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-28 15:32 - 2015-12-13 02:36 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 15:31 - 2015-12-13 02:36 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-28 15:30 - 2015-09-02 22:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-28 12:01 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-28 12:01 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-28 12:00 - 2015-10-30 12:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-28 12:00 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-28 12:00 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-28 11:59 - 2015-09-02 23:59 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\uTorrent
2016-05-28 11:58 - 2015-09-17 18:04 - 00007871 _____ C:\WINDOWS\BRRBCOM.INI
2016-05-26 19:29 - 2015-12-18 23:18 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack
2016-05-26 19:29 - 2015-11-18 18:40 - 00000779 _____ C:\Users\Public\Desktop\OMC ModPack Update- ReConfigure.lnk
2016-05-26 11:50 - 2015-10-24 11:50 - 00000000 ____D C:\Users\Atanas\VirtualBox VMs
2016-05-26 10:02 - 2015-09-03 09:54 - 00003020 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-05-25 19:02 - 2015-09-03 09:54 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\Mozilla
2016-05-25 19:02 - 2015-09-02 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-25 13:54 - 2015-09-03 01:23 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-25 09:14 - 2015-09-03 22:38 - 00000000 ____D C:\Users\Atanas\AppData\Roaming\Microsoft\Windows\Start Menu\OMC ModPack Client
2016-05-24 17:37 - 2015-09-12 20:46 - 00000000 ____D C:\Users\Atanas\Documents\ViberDownloads
2016-05-23 18:17 - 2016-03-27 09:59 - 00000000 ____D C:\Users\Atanas\AppData\Local\ftblauncher
2016-05-21 11:48 - 2015-09-02 22:50 - 00000000 ____D C:\Users\Atanas\AppData\Local\Packages
2016-05-21 10:38 - 2016-01-02 22:59 - 00000000 ____D C:\Users\Atanas\AppData\Local\ElevatedDiagnostics
2016-05-18 10:04 - 2015-12-21 01:03 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 10:04 - 2015-12-21 01:03 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-15 00:49 - 2015-10-30 10:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-15 00:49 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 20:30 - 2015-09-02 22:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-14 19:17 - 2015-09-02 22:59 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-13 03:01 - 2015-09-02 23:16 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 03:01 - 2015-09-02 23:16 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-11 22:57 - 2015-10-30 10:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:57 - 2015-10-30 10:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 02:54 - 2015-09-02 23:15 - 00004096 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 02:54 - 2015-09-02 23:15 - 00003864 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:13 - 2015-09-12 18:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-10 21:56 - 2015-09-03 01:24 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-08 10:02 - 2015-09-03 01:15 - 00000000 ____D C:\Users\Atanas\AppData\Local\TeamSpeak 3 Client
2016-05-03 15:34 - 2016-03-04 02:00 - 00001080 _____ C:\Users\Atanas\Desktop\nativelog.txt
2016-05-03 12:04 - 2015-09-03 09:40 - 00000000 ____D C:\Program Files (x86)\Razer

==================== Files in the root of some directories =======

2015-09-03 01:23 - 2015-09-03 01:23 - 0000017 _____ () C:\Users\Atanas\AppData\Local\resmon.resmoncfg

Files to move or delete:
====================
C:\Users\Atanas\postgresql_95.exe


Some files in TEMP:
====================
C:\Users\Atanas\AppData\Local\Temp\jansi-64-1155448939353048146.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-1625028507591023977.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-172105951362930579.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-1854534044734600272.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-2189868060072532048.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-2321973281555525600.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-2643752988077701180.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-2904141385796755340.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-3217327656930982244.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-3386473833386045790.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-4370127850564883936.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-4678181461006945717.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-4947580320096810640.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-5107753349760541825.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-5113698695387494774.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-5251877166021274878.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-568845149641008464.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6126377391521473692.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6129489694648772284.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6638572873210631728.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6834551571801750465.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6886753793503647838.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6895552068161889500.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-6966765790652220155.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-7138506235744350763.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-7793379417641097715.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-7824928826993981616.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-7878798599718434652.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-7972853457408278218.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-8167543550944063788.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-8584755909121603649.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-8741721113499889257.dll
C:\Users\Atanas\AppData\Local\Temp\jansi-64-8783162999082682576.dll
C:\Users\Atanas\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Atanas\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Atanas\AppData\Local\Temp\jre-8u91-windows-au.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\BrUsi12c.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 01:40

==================== End of FRST.txt ============================

Spoiler

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Atanas (2016-05-31 15:05:03)
Running from C:\Users\Atanas\Downloads
Windows 10 Enterprise Version 1511 (X64) (2015-12-21 02:25:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-603607544-501088878-2932816841-500 - Administrator - Disabled)
Atanas (S-1-5-21-603607544-501088878-2932816841-1001 - Administrator - Enabled) => C:\Users\Atanas
DefaultAccount (S-1-5-21-603607544-501088878-2932816841-503 - Limited - Disabled)
Guest (S-1-5-21-603607544-501088878-2932816841-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Franзais, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DBWScript x64 4.1 (HKLM\...\DBWScript x64) (Version: 4.1 - jtlab)
Disciples II: Rise of the Elves (HKLM\...\Steam App 1630) (Version:  - Strategy First)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
ESET NOD32 Antivirus (HKLM\...\{BCFE7AD8-E33B-4AE8-A7C4-1E9956A09F63}) (Version: 8.0.319.1 - ESET, spol s r. o.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GNS3 1.3.11 (HKLM-x32\...\GNS3) (Version: 1.3.11 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
OMC ModPack Client version 1.4.7.69 (HKLM-x32\...\{E2F3187C-2B94-486F-8914-E69211487FB6}_is1) (Version: 1.4.7.69 - Odem Mortis)
Oracle VM VirtualBox 5.0.8 (HKLM\...\{C1B8ECDB-4DB0-47ED-B9CE-61638F876B0F}) (Version: 5.0.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.94.111.0 - Overwolf Ltd.)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time) <==== ATTENTION
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.19 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{F6C18D35-D3EB-4AEA-B266-C2F11B6DB723}) (Version: 7.12.0.55 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SMITE (HKLM-x32\...\Steam App 386360) (Version:  - Hi-Rez Studios)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.162 - SolarWinds)
Spotify (HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Spotify) (Version: 1.0.29.92.g67727800 - Spotify AB)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM-x32\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Viber (HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\Viber) (Version: 5.2.0.2529 - Viber Media Inc)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.4 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.4 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Tanks (HKU\S-1-5-21-603607544-501088878-2932816841-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
XnView 2.33 (HKLM-x32\...\XnView_is1) (Version: 2.33 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-603607544-501088878-2932816841-1001_Classes\CLSID\{147D75F3-19D5-4810-800D-7F50A02E8B60}\InprocServer32 -> C:\Users\Atanas\AppData\Local\SkypePlugin\7.12.0.55\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-603607544-501088878-2932816841-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Atanas\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-603607544-501088878-2932816841-1001_Classes\CLSID\{B9BE850C-F3F7-48AD-BB5B-A0CDA0706DB5}\localserver32 -> C:\Users\Atanas\AppData\Local\SkypePlugin\7.12.0.55\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-603607544-501088878-2932816841-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Atanas\AppData\Local\SkypePlugin\7.12.0.55\EdgeCalling.exe (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EDB947C-2D1A-4A1B-BF13-68064C9023E3} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => D:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {1E108AA7-EED4-40D4-AD26-3CE859C9B8D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {2080DB06-C0E6-4D87-8C44-445FE98E3619} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-14] (Microsoft Corporation)
Task: {338FD6B6-B465-4009-9E4B-7EA5B08F5652} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-24] ()
Task: {5452E0F6-661B-4AF3-AFF8-227709564665} - System32\Tasks\Overwolf Updater Task => D:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-05-19] (Overwolf LTD)
Task: {6DD0E86D-4D27-4941-AB10-20AFD54BD28C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {9E5E76F1-688F-4B79-AD99-807F014AC761} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B3BCD271-AB3B-45EB-BEFB-D97419067158} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {D70CE128-F76F-4322-8591-D49EF325C1D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {E9085EE9-D190-4E5E-AF84-044049EC33EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 10:17 - 2015-10-30 10:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-05 03:11 - 2015-11-05 03:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-04-14 08:09 - 2016-03-29 13:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-14 08:09 - 2016-03-29 13:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-21 14:51 - 2015-12-21 14:51 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 22:49 - 2016-04-23 07:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 22:49 - 2016-04-23 07:25 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-04-19 03:54 - 2016-04-19 03:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-10 22:50 - 2016-04-23 07:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 22:50 - 2016-04-23 06:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 22:50 - 2016-04-23 06:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 22:51 - 2016-04-23 07:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-28 15:31 - 2016-05-16 15:57 - 00095312 _____ () C:\Users\Atanas\AppData\Local\Viber\qfacebook.dll
2016-05-28 15:31 - 2016-05-16 15:57 - 00042064 _____ () C:\Users\Atanas\AppData\Local\Viber\qrencode.dll
2016-05-28 15:31 - 2016-05-16 15:57 - 00016464 _____ () C:\Users\Atanas\AppData\Local\Viber\libEGL.dll
2016-05-28 15:31 - 2016-05-16 15:57 - 01607760 _____ () C:\Users\Atanas\AppData\Local\Viber\libGLESv2.dll
2016-05-28 15:31 - 2016-05-16 15:58 - 00398928 _____ () C:\Users\Atanas\AppData\Local\Viber\imageformats\qsvg.dll
2016-05-28 15:31 - 2016-05-16 15:59 - 00695888 _____ () C:\Users\Atanas\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-19 03:54 - 2016-04-19 03:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 03:54 - 2016-04-19 03:54 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-13 03:01 - 2016-05-11 14:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 03:01 - 2016-05-11 14:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-13 03:01 - 2016-05-11 14:48 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 14:04 - 2016-05-31 12:29 - 00002789 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

There are 6 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-603607544-501088878-2932816841-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 95.87.194.5 - 95.87.255.92
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{C76819FF-6CBE-4799-8245-6CD1BD2F1681}C:\users\atanas\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\atanas\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [TCP Query User{4380B8BE-41C2-4F86-914D-DBCE72DBB841}C:\users\atanas\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\atanas\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [{8ED2A31B-8AAB-4EC6-84BD-B4AEC5C6AB05}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{493663EC-F9C9-4935-86C9-3B9EDBD578CF}C:\users\atanas\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\atanas\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{2356FD22-5497-4D1B-A227-1B65DABDEF3E}C:\users\atanas\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\atanas\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{EEB4FE2A-1E8A-4691-ABE1-C71268D2F767}] => (Allow) D:\Games\SteamGames\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{E08B6D35-2F28-4E70-9EA6-0E0235CFEAC4}] => (Allow) D:\Games\SteamGames\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{648667EB-7BBD-4556-B7D2-5BD632005171}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{1A64C18E-A364-40FE-93F2-D461CE686609}C:\program files\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\java.exe
FirewallRules: [TCP Query User{0F1735AD-5A47-421C-8FCF-0504F84D4ABA}C:\program files\java\jre1.8.0_65\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\java.exe
FirewallRules: [UDP Query User{08D67929-CB9A-4CD6-9580-3E2341140ADD}C:\users\atanas\desktop\winbox.exe] => (Allow) C:\users\atanas\desktop\winbox.exe
FirewallRules: [TCP Query User{500ACB34-79B2-43CC-9930-733713500D3E}C:\users\atanas\desktop\winbox.exe] => (Allow) C:\users\atanas\desktop\winbox.exe
FirewallRules: [UDP Query User{274FC2D7-94AA-4683-B458-5263F98BFD43}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{4950F141-437E-4DA3-93F1-0A333661E3D2}D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{ECDB57A4-E2F7-4442-8D3A-472DA1FDF8BD}] => (Allow) D:\Games\SteamGames\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{4F9714D5-F9F7-4C27-AC0F-F92124E75A2E}] => (Allow) D:\Games\SteamGames\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [UDP Query User{8ABB23F7-9AEE-4C9E-8C1D-E1125811426F}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [TCP Query User{AD55DF50-84F0-4E93-9681-DD47FE3FDB44}C:\program files\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\java.exe
FirewallRules: [{2D95D6AC-D6E9-485B-9331-5F65218E6E99}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6F15EECA-64BB-4571-9FB2-FDBC2BA8EAFB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EF2DFB80-9949-4E6F-9317-DB70076AEDBB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{86A78C58-E929-4B6C-A3AF-DA1C409B849A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{FF59F425-8EFE-46F2-A0E6-8793A4DDF611}C:\users\atanas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\atanas\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2784D3CA-F599-41FA-8902-9C6693DE7E1B}C:\users\atanas\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\atanas\appdata\roaming\spotify\spotify.exe
FirewallRules: [{5B453D92-62D6-4049-9446-0DAE969B8AE0}] => (Allow) D:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{B5876855-8DC2-4309-B6B6-906FBD29EB72}] => (Allow) D:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{EBA8D980-B91A-4C6F-BB04-ACBC7EBF9404}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{0BBD3056-636D-45F7-A165-A36D063787C3}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{7F0C52E8-4C5B-49D8-AA65-5C9A6168C3C9}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{761B6BF8-1002-4A72-9A33-830D6BAD79FB}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6AEAD253-BB5D-44FF-9ECC-83E4849AF513}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{40C585CC-8033-404A-855B-8A61E8F7A565}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{972F3B10-0140-497D-B8E4-9396FDAD4688}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8A9D2B7-8D86-4A4B-BBD6-913651A9EEFD}] => (Allow) C:\Users\Atanas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A65FBEA9-9DF7-463A-B26F-DC0C79551CE8}] => (Allow) LPort=7935
FirewallRules: [{24FCC363-0480-4C82-82B5-173C4250B539}] => (Allow) E:\Programs Files\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{88156F97-510A-4AB6-A31B-25AA3C58B60C}] => (Allow) E:\Programs Files\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{9D314963-EC9A-4E23-8F75-DFE3FEBCF585}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1E901BFE-D8B6-4D1C-9277-833C2105BAA0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0DB4CBD4-418B-4EC6-A866-00EB8D58FD1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0DA5542-0C3E-474B-BD9A-C0529CA0E3D7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{AB2ED34A-774E-4F04-9299-3919AFDFB102}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{019D550F-FFEA-44D6-81A5-FF465D124293}C:\program files\java\jre1.8.0_66\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{6B4B4AA5-4C50-4FF0-ADD3-3876F84FDB55}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{27FEE7CD-0593-42D4-B7BE-13FC1373BD72}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{3D652028-6835-4522-BA4B-C379FE7B73A5}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{70D633B6-E539-4ED5-AA65-7A5A590A8A38}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{EE836E79-248E-4034-8E8B-B5CD65FECCA1}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{C63EC504-3F07-49DE-AF66-8CB28A84D77B}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{AE65714D-C57E-4C0B-B236-FBC2481A0559}] => (Allow) D:\Games\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17CD4540-298D-49D0-9540-E0B7FC15AB68}] => (Allow) D:\Games\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{317E5AC3-7BE8-4CA2-82A5-1E176430E289}] => (Allow) D:\Games\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{213EE3EF-2D54-47A0-B5AB-1BE5B4659FFC}] => (Allow) D:\Games\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7233F1DA-690C-4653-BB30-B52387BED1C2}] => (Allow) D:\Games\SteamGames\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{A9C594C1-F13E-4F01-9D40-699C2AC69ED9}] => (Allow) D:\Games\SteamGames\steamapps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{4EE91ADA-A8CC-41BD-B990-123BFE3D9C32}D:\games\steamgames\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\games\steamgames\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{9E6DB1DB-A098-47A7-AB81-BAFE03906D4F}D:\games\steamgames\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) D:\games\steamgames\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{89A46E5C-AC14-4C4A-9473-9607BE33175A}] => (Allow) D:\Games\SteamGames\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{318E4555-9953-4F87-9ED7-A7A129F90033}] => (Allow) D:\Games\SteamGames\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{733158E2-94EE-42AD-807C-1C68FFCA9370}] => (Allow) LPort=3306
FirewallRules: [{41A2E99A-FDE4-4719-8350-1EA42DCA1704}] => (Allow) LPort=3306
FirewallRules: [{6DA07E46-F306-45B3-9D41-E75CC4910C76}] => (Allow) D:\Games\SteamGames\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{EA5CBCEE-90CE-4D02-B2EB-41148457124F}] => (Allow) D:\Games\SteamGames\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{23596747-DDDE-4F5D-9CC1-85B8DF17FC87}] => (Allow) D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\Discipl2.exe
FirewallRules: [{D37F5EA0-D510-4EDA-9FCD-E6A9627A9631}] => (Allow) D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\Discipl2.exe
FirewallRules: [{FF79EB53-6636-40F9-8134-EA1A3803CAA3}] => (Allow) D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\ConfigEditor.exe
FirewallRules: [{7D177088-6928-4940-9B74-36ACB91AD32F}] => (Allow) D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\ConfigEditor.exe
FirewallRules: [{FEDF8A3F-93E2-4466-8FFA-0AC3C01B4FFA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A4D627C7-CF4A-43CD-8434-1661A9281E49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CD3F7397-E4D5-4E36-9877-1AAC4596B76C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9800F518-B625-4EC1-A269-E65C1AB0B50C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72DCA45F-34EF-4910-9D0A-B61657B10A25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{66023205-5FBB-401F-99AC-00E2C65BCB6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4A6B2D1-93C3-40F2-9857-362F7F7AC330}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A48E8886-0C54-4DCE-9FAD-933310B85100}] => (Allow) D:\Games\OMC ModPack Client\OMC ModPack Client.exe
FirewallRules: [{D4BB2EBB-6F1F-43A7-A9B3-5AE2EE1EFC59}] => (Allow) D:\Games\SteamGames\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{597793A5-758B-4AFA-84A2-F3E51BF58ACC}] => (Allow) D:\Games\SteamGames\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2016 02:23:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mcshieldcc.exe, version: 3.0.5.82, time stamp: 0x53444b3c
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571afb9a
Exception code: 0x0eedfade
Fault offset: 0x000bdae8
Faulting process id: 0x1720
Faulting application start time: 0xmcshieldcc.exe0
Faulting application path: mcshieldcc.exe1
Faulting module path: mcshieldcc.exe2
Report Id: mcshieldcc.exe3
Faulting package full name: mcshieldcc.exe4
Faulting package-relative application ID: mcshieldcc.exe5

Error: (05/31/2016 02:22:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.

Program: Malwarebytes Anti-Malware
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (05/31/2016 02:22:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: SHELL32.dll, version: 10.0.10586.306, time stamp: 0x571af6c4
Exception code: 0xc0000096
Fault offset: 0x002b0385
Faulting process id: 0x19a0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (05/31/2016 02:21:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.

Program: Malwarebytes Anti-Malware
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (05/31/2016 02:21:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: SHELL32.dll, version: 10.0.10586.306, time stamp: 0x571af6c4
Exception code: 0xc0000096
Fault offset: 0x002b0385
Faulting process id: 0x1144
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (05/31/2016 02:19:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.10586.0, time stamp: 0x5632d89f
Faulting module name: SHELL32.dll, version: 10.0.10586.306, time stamp: 0x571af6c4
Exception code: 0xc0000005
Fault offset: 0x002f1211
Faulting process id: 0x137c
Faulting application start time: 0xDllHost.exe0
Faulting application path: DllHost.exe1
Faulting module path: DllHost.exe2
Report Id: DllHost.exe3
Faulting package full name: DllHost.exe4
Faulting package-relative application ID: DllHost.exe5

Error: (05/31/2016 02:18:49 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.

Program: Malwarebytes Anti-Malware
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (05/31/2016 02:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: SHELL32.dll, version: 10.0.10586.306, time stamp: 0x571af6c4
Exception code: 0xc0000096
Fault offset: 0x002b0385
Faulting process id: 0x9f8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (05/31/2016 02:08:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Malwarebytes Anti-Malware because of this error.

Program: Malwarebytes Anti-Malware
File: 

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (05/31/2016 02:08:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: SHELL32.dll, version: 10.0.10586.306, time stamp: 0x571af6c4
Exception code: 0xc0000096
Fault offset: 0x002b0385
Faulting process id: 0x1bf0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5


System errors:
=============
Error: (05/31/2016 02:23:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:48:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:32:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/31/2016 01:27:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:27:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:27:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:27:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:27:05 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 01:27:04 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/31/2016 12:22:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_618d2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-05-29 17:28:30.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 15:03:25.400
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-15 02:32:26.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-16 11:17:20.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-15 23:19:01.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 17:40:54.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-21 16:41:07.995
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-20 16:10:56.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-15 15:21:53.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 22:20:00.821
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 6142.49 MB
Available physical RAM: 3178.28 MB
Total Virtual: 10494.49 MB
Available Virtual: 6737.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.51 GB) (Free:14.63 GB) NTFS
Drive d: () (Fixed) (Total:345.76 GB) (Free:26.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FF18D6DE)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=345.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hi:

Thanks for the logs.

Please have a look again at the Diagnostic Logs sticky and please run mbam-check to produce Log Set 2 (the CheckResults.txt) log.:)

Please ATTACH that log to your next reply, while we wait for a forum staff member to review all of the information.

Please be patient until a qualified staff member has a chance to respond.

Thanks again,

Link to post
Share on other sites

CheckResults Logs

 

Spoiler

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 10  64 bit Operating System
Current Version and Build:         10.0.10586 OS Product Info: Professional


Malwarebytes Anti-Malware:         2.1.8.1057
Installed On:                      2015/10/07
Malware Database:                  2015.10.07.04
Rootkit Database:                  2015.10.06.01
Remediation Database:              2015.10.07.01
IP Database:                       2015.10.06.02
Domain Database:                   2015.10.07.01
License:                           Free
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      1 (The service is not running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
Log Created:                       2016/05/31 15:57:27

User Information for Local System:
===========================================
User Account: Administrator
    Account Level: Admin
User Account: Atanas
    Account Level: Admin
User Account: DefaultAccount
    Account Level: Guest
User Account: Guest
    Account Level: Guest
Total # of user entries: 4

UAC Settings:
===================
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    DWORD    1    Status: ON
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    DWORD    5    Status: ON

AntiVirus Information:
===================
AntiVirus Software Installed:    "ESET NOD32 Antivirus 8.0"
AntiVirus Software Installed:    "Windows Defender"

FireWall Information:
===================
NO 3rd Party Firewall Software Installed

AntiSpyware Information:
===================
AntiSpyware Software Installed:    "Windows Defender"
AntiSpyware Software Installed:    "ESET NOD32 Antivirus 8.0"

Machine Information
===============================================
Machine ID:    687f4d86f2255caf4d7946391553fc2316aa2d2c
Installation Token:    CMZwr4zd57C3S2bj2QNW1464687973
System has been up for:     3.56972 Hours
Current Date:    2016-May-31 12:57:30.098684
Date Booted:    2016-May-31 09:57:30.098684

Detection and Protection Settings
===============================================
Use Advanced Heuristics Engine (Shuriken):            true
Scan for rootkits:                                    false
Scan within archives:                                 true
PUP (Potentially Unwanted Program) detections:        Treat Detections as Malware
PUM (Potentially Unwanted Modification) detections:   Treat Detections as Malware

Compatibility Flag Settings:
=================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    D:\Games\GTA San Andreas SAMP\gta_sa (1).exeREG_SZ        $ DWM8And16BitMitigation
    D:\Games\GTA San Andreas SAMP\gta_sa.exeREG_SZ        $ DWM8And16BitMitigation
    D:\Games\SteamGames\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exeREG_SZ        $ DWM8And16BitMitigation
    D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\discipl2.exeREG_SZ        $ DWM8And16BitMitigation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    D:\Games\OMC ModPack Client\OMC ModPack Client.exeREG_SZ        WIN7RTM
    D:\Games\GTA San Andreas SAMP\gta_sa (1).exeREG_SZ        DWM8And16BitMitigation
    D:\Games\GTA San Andreas SAMP\gta_sa.exeREG_SZ        DWM8And16BitMitigation
    D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeREG_SZ        ~ RUNASADMIN
    D:\Games\SteamGames\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exeREG_SZ        DWM8And16BitMitigation
    D:\Games\SteamGames\steamapps\common\Disciples II Rise of the Elves\discipl2.exeREG_SZ        DWM8And16BitMitigation


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:
=======================================================

--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size: 25816     BYTES    FileVersion: 0.1.15.0    MD5: [8c4c495f43c793c8c4b1eb40a60e9e41]
C:\WINDOWS\system32\drivers\mwac.sys
File Size: 64216     BYTES    FileVersion: 1.0.6.0    MD5: [b2d5e8fd3fe47e5d5bbcbaa97f3ae9f9]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size: 113880    BYTES    FileVersion: 0.2.22.0    MD5: [8f22037d3f5a6bb676525d825a1388b9]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size: 109272    BYTES    FileVersion: 1.1.20.0    MD5: [3584c58731b86ff315fb6ec8fcb6843e]

--------------MBAMProtector:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMService:--------------
Type:                   16
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMChameleon:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A


--------------MBAMWebAccessControl:--------------
Type:                   2
State:                  1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE:        1077
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


Required Dependencies:
======================

--------------BFE:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1001
    ErrorControl                  REG_DWORD        1
    Group                         REG_SZ        NetworkProvider
    ImagePath                     REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Start                         REG_DWORD        2
    Type                          REG_DWORD        32
    Description                   REG_SZ        @%SystemRoot%\system32\bfe.dll,-1002
    DependOnService               REG_MULTI_SZ    RpcSs

    ObjectName                    REG_SZ        NT AUTHORITY\LocalService
    ServiceSidType                REG_DWORD        3
    RequiredPrivileges            REG_MULTI_SZ    SeAuditPrivilege

    FailureActions                REG_BINARY    Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll                    REG_EXPAND_SZ    %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop        REG_DWORD        1
    ServiceMain                   REG_SZ        BfeServiceMain

--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded              REG_DWORD        1
    DisplayName                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    ErrorControl                  REG_DWORD        3
    Group                         REG_SZ        FSFilter Infrastructure
    ImagePath                     REG_EXPAND_SZ    system32\drivers\fltmgr.sys
    Start                         REG_DWORD        0
    Tag                           REG_DWORD        1
    Type                          REG_DWORD        2
    Description                   REG_SZ        @%SystemRoot%\system32\drivers\fltmgr.sys,-10000


C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 377696    BYTES    FileVersion: 6.2.10586.0    MD5: [25d7a58625e1453e40d36825de74e4f1]
C:\WINDOWS\SysWOW64\mscomctl.ocx
File Size: 1070152   BYTES    FileVersion: 6.1.98.34    MD5: [e52859fcb7a827cacfce7963184c7d24]
C:\WINDOWS\SysWOW64\olepro32.dll
File Size: 88576     BYTES    FileVersion: 6.2.10586.162    MD5: [8ce4d365ef60da0a098757371dd43752]


MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              -15 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Marketing: 
    LastPostScanMarketingIndex:                                1 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       3000 
ScanHistory: 
    Duration_Complete:                                         95505 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       266 
    Duration_Heuristics:                                       753966 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          27960 
    Duration_Registry:                                         35634 
    Duration_Sector:                                           0 
    Duration_Startup:                                          37940 
    ItemCount_Complete:                                        285831 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      51701 
    ItemCount_Heuristics:                                      18913 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        735 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         2240 
    LastScanDateEpoch:                                         1444234058772 
    LastScanType:                                              1 (Threat Scan)
Update: 
    LastUpdate:                                                2015-10-07T16:07:28 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    7 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
    CheckProgramUpdates:                          true
--------------Account:--------------
  Account Status:                                              Free 
  Expiration Time:                                              
  Activation Time:                                              
  Trial Used:                                                  false 
--------------Access Policies:--------------

Scheduler Queue:
================


Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:
==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
    WOW64                         REG_DWORD        1
    Type                          REG_DWORD        2
    Start                         REG_DWORD        3
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    \??\C:\Windows\system32\drivers\mbam.sys
    DisplayName                   REG_SZ        MBAMProtector
    Group                         REG_SZ        FSFilter Anti-Virus
    DependOnService               REG_MULTI_SZ    FltMgr

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
    DefaultInstance               REG_SZ        MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
    Altitude                      REG_SZ        328800
    Flags                         REG_DWORD        0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Parameters
    PassThruFile                  REG_SZ        mbampt.exe
    ProductPath                   REG_SZ        C:\Program Files (x86)\Malwarebytes Anti-Malware

MBAMService Registry Values:
============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
    WOW64                         REG_DWORD        1
    Description                   REG_SZ        Malwarebytes Anti-Malware service
    DelayedAutostart              REG_DWORD        0
    Type                          REG_DWORD        16
    Start                         REG_DWORD        2
    ErrorControl                  REG_DWORD        1
    ImagePath                     REG_EXPAND_SZ    "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
    DisplayName                   REG_SZ        MBAMService
    DependOnService               REG_MULTI_SZ    MBAMProtector

    ObjectName                    REG_SZ        LocalSystem

MBAMScheduler Registry Values:
==============================

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0


TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition    REG_SZ        \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
        h:mm:ss tt
        AM 
        PM 
        :

Currently:
REG_SZ        H:mm:ss
REG_SZ    
REG_SZ    
REG_SZ    

Language and Regional Settings:
===============================

ACP: 1251 Please refer to this link for details: Here  
MACCP: 10007 Please refer to this link for details: Here  
OEMCP: 866 Please refer to this link for details: Here  

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Context Menu Entries:
=====================


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes Anti-Malware\
7z.dll                                      File Size: 920888    BYTES    FileVersion:  9.20.0.0       MD5: [0187312e33a5ca56b5a3e4790710b4a7]
changes.txt                                 File Size: 3003      BYTES    FileVersion:  N/A            MD5: [17b6dc5b45f9558ea11ee7b95da9b684]
cloud-enumeration.dll                       File Size: 286008    BYTES    FileVersion:  1.0.0.0        MD5: [0a792b2f2639a8d543334b4e4853d207]
cloud.dll                                   File Size: 351544    BYTES    FileVersion:  1.0.0.0        MD5: [4e9ac654840c561744f49ce01b2346c3]
license.rtf                                 File Size: 235316    BYTES    FileVersion:  N/A            MD5: [5980b191ffe5d53bfef600b97ad533b5]
master.conf                                 File Size: 1258      BYTES    FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                    File Size: 602936    BYTES    FileVersion:  1.0.37.0       MD5: [d0795de45316a3e96831df602cff9992]
mbam.exe                                    File Size: 6554424   BYTES    FileVersion:  2.3.55.0       MD5: [1512c8e7a80cf74b729f92089bc2a9cd]
mbamcore.dll                                File Size: 1971512   BYTES    FileVersion:  1.3.11.0       MD5: [043244385a9dd83ae0710f5a3f1ba829]
mbamdor.exe                                 File Size: 54072     BYTES    FileVersion:  1.0.1.0        MD5: [0c38d8b04de17a7646494cc639856344]
mbamext.dll                                 File Size: 310584    BYTES    FileVersion:  3.0.6.0        MD5: [d926cd265ca8e057cfc43ffe588050e3]
mbampt.exe                                  File Size: 39736     BYTES    FileVersion:  1.0.0.0        MD5: [9bea6fb1e60b8f58b14bb952a0b52792]
mbamresearch.exe                            File Size: 1947960   BYTES    FileVersion:  1.1.0.0        MD5: [1e6117e354f4c9822fb1905c93b42abf]
mbamscheduler.exe                           File Size: 1871160   BYTES    FileVersion:  3.1.3.0        MD5: [7827378cf89a8332edb27e424d8eff6a]
mbamservice.exe                             File Size: 1133880   BYTES    FileVersion:  3.2.13.0       MD5: [15c794cf04ab10354d1570fc77f494b2]
mbamsrv.dll                                 File Size: 3841336   BYTES    FileVersion:  2.1.2.0        MD5: [66f0a315ec6cd95d4aa6c1645e68787a]
mbamtoast.dll                               File Size: 96568     BYTES    FileVersion:  1.70.0.0       MD5: [e82dbc36d043ce6e13f6061180b8031d]
msvcp100.dll                                File Size: 421688    BYTES    FileVersion:  10.0.40219.325 MD5: [a08365633fff756ae25e49da09807667]
msvcr100.dll                                File Size: 774456    BYTES    FileVersion:  10.0.40219.325 MD5: [8da587ebc5396422743cf3fa331522d2]
Qt5Core.dll                                 File Size: 4616192   BYTES    FileVersion:  5.4.1.0        MD5: [fe6754a7e85a098c9b8b7a51adc8d05b]
Qt5Gui.dll                                  File Size: 4475392   BYTES    FileVersion:  5.4.1.0        MD5: [0902aa5e5ae5907134d2774d12bc9cd4]
Qt5Network.dll                              File Size: 664064    BYTES    FileVersion:  5.4.1.0        MD5: [1240b3bdecc4707cfef42ab820cb9f16]
Qt5Widgets.dll                              File Size: 4438016   BYTES    FileVersion:  5.4.1.0        MD5: [e40e26d1dead66fcf69b6b21704a6975]
Third-party-notices.txt                     File Size: 70041     BYTES    FileVersion:  N/A            MD5: [915ab4fe416654fbc412019a0a1002ac]
unins000.dat                                File Size: 58228     BYTES    FileVersion:  N/A            MD5: [4c107643e4809a739bae21d5613fe000]
unins000.exe                                File Size: 718037    BYTES    FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                               File Size: 235882    BYTES    FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
firefox.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
firefox.pif                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
firefox.scr                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
iexplore.exe                                File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
mbam-chameleon.com                          File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
mbam-chameleon.exe                          File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
mbam-chameleon.pif                          File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
mbam-chameleon.scr                          File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
mbam-killer.exe                             File Size: 1496888   BYTES    FileVersion:  3.0.13.0       MD5: [1b182ccac60a4626c7b282ca087e1390]
rundll32.exe                                File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
svchost.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
windows.exe                                 File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]
winlogon.exe                                File Size: 893752    BYTES    FileVersion:  3.1.25.0       MD5: [4b0ce6a2f1555a13481c78acd891e977]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats
qgif.dll                                    File Size: 22016     BYTES    FileVersion:  5.4.1.0        MD5: [80646a135bce14377aa53d9f1b64182a]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages
lang_ar.qm                                  File Size: 87320     BYTES    FileVersion:  N/A            MD5: [7a7c7e14fcf3f14d6b269295e877750c]
lang_bg.qm                                  File Size: 109563    BYTES    FileVersion:  N/A            MD5: [654b95c228a72131aca7cb26e964dcf9]
lang_ca.qm                                  File Size: 92640     BYTES    FileVersion:  N/A            MD5: [533208d2306e5ad1e5972650f69d8c22]
lang_cs.qm                                  File Size: 105006    BYTES    FileVersion:  N/A            MD5: [508844d9e9aa364aa53bc77adf4f42a8]
lang_da.qm                                  File Size: 88045     BYTES    FileVersion:  N/A            MD5: [e3bc3cdfcf360d319319299d8cd66506]
lang_de.qm                                  File Size: 133736    BYTES    FileVersion:  N/A            MD5: [9b6c6a0d6bc188c1d86ea9342b8035da]
lang_el.qm                                  File Size: 126414    BYTES    FileVersion:  N/A            MD5: [3d112a79eca581d1775fd96b3c5870bb]
lang_en.qm                                  File Size: 2849      BYTES    FileVersion:  N/A            MD5: [d495fecf1db29d41317196416d5ea6c2]
lang_es.qm                                  File Size: 132948    BYTES    FileVersion:  N/A            MD5: [455f47414f13f8942ee6652dd194c46a]
lang_et.qm                                  File Size: 107454    BYTES    FileVersion:  N/A            MD5: [ef9d8fcc151759a2cf100afe2889d5e5]
lang_fi.qm                                  File Size: 89336     BYTES    FileVersion:  N/A            MD5: [09f12751811f8c1a46f6308ab1968ff7]
lang_fr.qm                                  File Size: 136774    BYTES    FileVersion:  N/A            MD5: [581b5833e2fa89003ff8349390323790]
lang_he.qm                                  File Size: 98616     BYTES    FileVersion:  N/A            MD5: [a9cb152f93da040fb9451d750f359c3e]
lang_hu.qm                                  File Size: 108619    BYTES    FileVersion:  N/A            MD5: [042e132aa420bb7807dc6ea150d21c84]
lang_id.qm                                  File Size: 105573    BYTES    FileVersion:  N/A            MD5: [1352510fd6296523d239363d90d493ad]
lang_it.qm                                  File Size: 129004    BYTES    FileVersion:  N/A            MD5: [993c14184487084aedf79471b337606b]
lang_ja.qm                                  File Size: 73730     BYTES    FileVersion:  N/A            MD5: [e1ae65ac342628156abb2cdc36508929]
lang_ko.qm                                  File Size: 85538     BYTES    FileVersion:  N/A            MD5: [e495736a22b566cd27cef405507c0b55]
lang_lt.qm                                  File Size: 90775     BYTES    FileVersion:  N/A            MD5: [2605701cc94ca4ee2ef0be3aaa617d64]
lang_lv.qm                                  File Size: 90647     BYTES    FileVersion:  N/A            MD5: [c9dda1e18b4869c60b8df14907dd5e46]
lang_nl.qm                                  File Size: 128186    BYTES    FileVersion:  N/A            MD5: [193e199cefe0429da41d564af35786e7]
lang_no.qm                                  File Size: 118156    BYTES    FileVersion:  N/A            MD5: [a7a243c9ac9e1efc71f8cdeb8c6ed4bf]
lang_pl.qm                                  File Size: 128623    BYTES    FileVersion:  N/A            MD5: [9e4c6ca1532843c77ddb07b8a1bcac08]
lang_pt_BR.qm                               File Size: 131550    BYTES    FileVersion:  N/A            MD5: [418b8766d7e7a2a4806ed4d97d18e80f]
lang_pt_PT.qm                               File Size: 131702    BYTES    FileVersion:  N/A            MD5: [34f70f2a89733552373fa935200c2a0a]
lang_ro.qm                                  File Size: 90440     BYTES    FileVersion:  N/A            MD5: [24bf3ee283cf5a3fd4c93bba6c9fc12b]
lang_ru.qm                                  File Size: 132186    BYTES    FileVersion:  N/A            MD5: [08e1303dba20e8e1957ae1de2ccb4550]
lang_sk.qm                                  File Size: 89139     BYTES    FileVersion:  N/A            MD5: [82ddef8ec6d13b1d4601e7104243ecc9]
lang_sl.qm                                  File Size: 107472    BYTES    FileVersion:  N/A            MD5: [c8e3fae6ae3980aec292baa6cb8eac89]
lang_sv.qm                                  File Size: 105939    BYTES    FileVersion:  N/A            MD5: [646ad8e20658650d4d1daa63b5abb9b6]
lang_tr.qm                                  File Size: 88788     BYTES    FileVersion:  N/A            MD5: [6c4e9b16e496ab46d4a1d3333d972762]
lang_vi.qm                                  File Size: 105393    BYTES    FileVersion:  N/A            MD5: [d1b2c9264ef72792b53255d4dfeb3098]
lang_zh_TW.qm                               File Size: 87358     BYTES    FileVersion:  N/A            MD5: [1ebfe79770cf695df897750b3c2d5a08]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms
qwindows.dll                                File Size: 922112    BYTES    FileVersion:  5.4.1.0        MD5: [fbb7b74deb9bb01cadde9f670b0a6570]

C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                               File Size: 821560    BYTES    FileVersion:  1.1.0.1010     MD5: [a2b2a00cac6869086e83a2104481968d]

C:\Users\Atanas\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                                 File Size: 2130      BYTES    FileVersion:  N/A            MD5: [92a0b0ea86f88cc2d438eb61762ef6d1]
akadomains.ref                              File Size: 92        BYTES    FileVersion:  N/A            MD5: [73d5774cbd8df165274a0691ae264808]
akaips.ref                                  File Size: 92        BYTES    FileVersion:  N/A            MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c]
domains.ref                                 File Size: 278668    BYTES    FileVersion:  N/A            MD5: [1864e024334cd6ab5137f1d1f940a9e3]
exclusions.dat                              File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
ips.ref                                     File Size: 18367     BYTES    FileVersion:  N/A            MD5: [0af1ac6fef25ca5e71306e520ba8cbb2]
mbam-setup.exe                              File Size: 24345536  BYTES    FileVersion:  2.1.8.1057     MD5: [6f16274de5dd301ab975f0ddf64307cf]
rules.ref                                   File Size: 10488372  BYTES    FileVersion:  N/A            MD5: [1ffe0677f3aae582ef1e2ff72ca889d7]
swissarmy.ref                               File Size: 26108     BYTES    FileVersion:  N/A            MD5: [991d83474ed5cdcf17a9206d854748e6]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                                  File Size: 4632      BYTES    FileVersion:  N/A            MD5: [2469162d6f11fcfd31d885d2d62e4c90]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 1460      BYTES    FileVersion:  N/A            MD5: [306bbbba076d61c29253cad2bb2260f0]
manifest.conf                               File Size: 3372      BYTES    FileVersion:  N/A            MD5: [c94450779b0935fa90d0ab6cc41dd620]
marketing.conf                              File Size: 11105     BYTES    FileVersion:  N/A            MD5: [4bbcad9dd8e558eb9996d32f37cd25e2]
net.conf                                    File Size: 6900      BYTES    FileVersion:  N/A            MD5: [964ab231b4c44337f1666c3d536d4e0e]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 2059      BYTES    FileVersion:  N/A            MD5: [eb273acdbe966d6e8f06c89b19cb5ee4]
statistics.conf                             File Size: 513       BYTES    FileVersion:  N/A            MD5: [5cf91e6498471f30013efec90d2d7d00]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore
build.conf                                  File Size: 4222      BYTES    FileVersion:  N/A            MD5: [4a692902e3699d965113702781522944]
database.conf                               File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                                File Size: 23        BYTES    FileVersion:  N/A            MD5: [0ec01df616b565180556881d8042255b]
manifest.conf                               File Size: 2836      BYTES    FileVersion:  N/A            MD5: [12da8707e6aa5c2dfafca55395a8bdbd]
marketing.conf                              File Size: 11105     BYTES    FileVersion:  N/A            MD5: [4bbcad9dd8e558eb9996d32f37cd25e2]
net.conf                                    File Size: 6133      BYTES    FileVersion:  N/A            MD5: [78d9d986b84b11f36330303a86a2be82]
notifications.conf                          File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                              File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
settings.conf                               File Size: 1725      BYTES    FileVersion:  N/A            MD5: [5454026126dac24f6e96eeb0c64123d3]
statistics.conf                             File Size: 4         BYTES    FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2015-10-07 (19-07-36).xml          File Size: 11010     BYTES    FileVersion:  N/A            MD5: [44f23c818ac2abb3a567a548bd1d31e8]
protection-log-2015-10-07.xml               File Size: 5014      BYTES    FileVersion:  N/A            MD5: [7abe2d5e3deb4e7f30ec03fe572f9dce]
protection-log-2015-10-11.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [12139dd020eebf9fa4fa58f6fc9c86a0]
protection-log-2015-10-14.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [2484f09052d27492e26f2b843b0c876a]
protection-log-2015-10-19.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [2f1c645c22b9e9ecdb1d6adce76bfb64]
protection-log-2015-10-22.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [3fc65b53be78c5d9be81834a1695bade]
protection-log-2015-11-01.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [89e844925386cf9eba6aa8563ca9bd1f]
protection-log-2015-11-08.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [60e4b1a47caeff1b1cb75d945b856891]
protection-log-2015-11-11.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [dd571829f78b3a6bca50f235ac0a87f4]
protection-log-2015-11-12.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [8b14c46cbf011b8195c0408f09c1a105]
protection-log-2015-11-22.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [5e21d1e51055ecb5371e4f4cfa7d04ff]
protection-log-2015-11-30.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [4a6e52a5f197cee527c3fbc6a69a0650]
protection-log-2015-12-03.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [2e7b6b36dfb8e6966d26ef88433543f0]
protection-log-2015-12-12.xml               File Size: 2629      BYTES    FileVersion:  N/A            MD5: [4bd8f5c1dc8b076a6a220cab389be8a0]
protection-log-2015-12-21.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [bdf1aa757c0db06c2dfd2fea11f4e62a]
protection-log-2015-12-24.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [052a77ead82af523921274b03c525240]
protection-log-2016-01-01.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [a22f4231c1c5004d9d1387a3ee132830]
protection-log-2016-01-08.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [2930082731618e734a12fee3800c9aeb]
protection-log-2016-01-14.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [cdd3f15fb417f1324982e7cc085933ce]
protection-log-2016-02-02.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [d0f0f02c12aba9d3988c6ecff113eb7b]
protection-log-2016-02-04.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [1a5dfb01ae77096cdd1904b5433fad9e]
protection-log-2016-02-05.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [0978d103416ee1fa1a3b0a801f0978e0]
protection-log-2016-02-06.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [a612e4e93e5eda2aa8b6b825e05bb993]
protection-log-2016-02-12.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [d00c5a8a47c02e8f51af48bf1a5dd2f1]
protection-log-2016-03-01.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [1cc1abc6d7eb4179a3156ac5fddb26bf]
protection-log-2016-03-03.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [a135c663e29f4fd152d8c523c83c01a0]
protection-log-2016-03-20.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [335c4abe449057612671dffbbff98589]
protection-log-2016-04-15.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [1c0d7f24303ab65f027f578fa8692e36]
protection-log-2016-04-16.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [7d3482da62962558f713fcea0b39c803]
protection-log-2016-04-26.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [5706ed32d3d17970ea04aa4a25924090]
protection-log-2016-05-05.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [3ab378195b9821d6c5f807667e9c50a6]
protection-log-2016-05-28.xml               File Size: 915       BYTES    FileVersion:  N/A            MD5: [cf0203a520f6a18bd2b7183a47f11760]
protection-log-2016-05-31.xml               File Size: 1772      BYTES    FileVersion:  N/A            MD5: [d5b93b88a3fa36f719e00c320ac5125d]

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
0540065975.data                             File Size: 744       BYTES    FileVersion:  N/A            MD5: [acdcc4076f506f1ec0099922e1b1430e]
0540065975.quar                             File Size: 195032    BYTES    FileVersion:  N/A            MD5: [2621bd4bcb93e773e46aa2303f7a3a69]
0678621281.quar                             File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
0954161941.data                             File Size: 739       BYTES    FileVersion:  N/A            MD5: [013cfca0c40f9c357d6101596ab08498]
0954161941.quar                             File Size: 3534      BYTES    FileVersion:  N/A            MD5: [f948a4cc986efee61f24d6e659634b59]
1726054586.data                             File Size: 745       BYTES    FileVersion:  N/A            MD5: [82ef08f308c7014a4054b539e74143d2]
1726054586.quar                             File Size: 2192061   BYTES    FileVersion:  N/A            MD5: [1c55055874c8529472e13ddf4313d527]
2494064229.data                             File Size: 698       BYTES    FileVersion:  N/A            MD5: [856be4366cf62d4e4b520ae42c9684cc]
2494064229.quar                             File Size: 620       BYTES    FileVersion:  N/A            MD5: [6fbba37f1a54c6dbe0777bbde3fdc4e1]
3705680253.data                             File Size: 741       BYTES    FileVersion:  N/A            MD5: [75b48e135af241b16db0ec3864ea7b51]
3705680253.quar                             File Size: 1810      BYTES    FileVersion:  N/A            MD5: [7036f06cb331b26a1f59dad2b50c3393]
3748324637.data                             File Size: 739       BYTES    FileVersion:  N/A            MD5: [bd46e14faf36ab86221242fbdd538c59]
3748324637.quar                             File Size: 792       BYTES    FileVersion:  N/A            MD5: [b30bcd7d1f3c6785e8d41c27659bc04a]
3921195697.data                             File Size: 743       BYTES    FileVersion:  N/A            MD5: [fcbfa6680455d6abd95c3ec55b239b3b]
3921195697.quar                             File Size: 994       BYTES    FileVersion:  N/A            MD5: [7ec3c5a7fc84488c6e75bb2f14291210]
4050072191.data                             File Size: 731       BYTES    FileVersion:  N/A            MD5: [a8185e66f2ee3c0112dbf7b4cfbb9f8e]
4050072191.quar                             File Size: 908       BYTES    FileVersion:  N/A            MD5: [6d2a3c2156d2083ddafdaf376fb35df9]
4632778313.data                             File Size: 700       BYTES    FileVersion:  N/A            MD5: [85f65e3115d856104c095a53d65b96b6]
4632778313.quar                             File Size: 594       BYTES    FileVersion:  N/A            MD5: [095e651e618e47f9830f8dc1a51c39fd]
4793783051.data                             File Size: 739       BYTES    FileVersion:  N/A            MD5: [ac21d27527618677f2e4680685418958]
4793783051.quar                             File Size: 3534      BYTES    FileVersion:  N/A            MD5: [54ab363890fee688e62cc7c3cb0643eb]
5312820197.data                             File Size: 743       BYTES    FileVersion:  N/A            MD5: [8251481eb31773c25bdb50ede8cac4ba]
5312820197.quar                             File Size: 1222      BYTES    FileVersion:  N/A            MD5: [d28400cff146d371be2d65f6d14acc62]
5330620121.data                             File Size: 739       BYTES    FileVersion:  N/A            MD5: [499e248b178e9279620dcd25df620ca4]
5330620121.quar                             File Size: 792       BYTES    FileVersion:  N/A            MD5: [64c9e2def795fae0908651eba672304f]
6547696471.data                             File Size: 741       BYTES    FileVersion:  N/A            MD5: [ee09c5dce8209b5004c11723f22ddec8]
6547696471.quar                             File Size: 1810      BYTES    FileVersion:  N/A            MD5: [d04072ca504366d66e1f36a6f1f6e3c2]
7227327535.quar                             File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
7636881269.data                             File Size: 731       BYTES    FileVersion:  N/A            MD5: [5d723569f2df78813ab4f0d56ae57991]
7636881269.quar                             File Size: 922       BYTES    FileVersion:  N/A            MD5: [de631cec9f5f9906d8d387f0fc364d1f]
7779495668.quar                             File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
8754698839.data                             File Size: 743       BYTES    FileVersion:  N/A            MD5: [92050cc85dd99d7aae26987215d48ae9]
8754698839.quar                             File Size: 994       BYTES    FileVersion:  N/A            MD5: [1aba7b3a81ab5eae217319b7ee27b939]
8945914739.data                             File Size: 729       BYTES    FileVersion:  N/A            MD5: [7dbd778afff55378293036849bb5292d]
8945914739.quar                             File Size: 1666      BYTES    FileVersion:  N/A            MD5: [e66211ca5a2eaa65e5c49f7b959091e9]
9518601989.quar                             File Size: 0         BYTES    FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
9911029099.data                             File Size: 743       BYTES    FileVersion:  N/A            MD5: [89625c842c862d5392f230f2312513e7]
9911029099.quar                             File Size: 1222      BYTES    FileVersion:  N/A            MD5: [6bd26e03c135859d2a8013b8e77c7b02]

Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: File, Location: C:\Users\Atanas\AppData\Local\Temp\HYDB4E2.tmp.1441227542\HTA\3rdparty\OCComSDK.dll
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: File, Location: C:\Users\Atanas\AppData\Local\Temp\HYDB4E2.tmp.1441227542\HTA\install.1441227542.zip
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}
Vendor: PUP.Optional.OpenCandy, Date: 2015/10/07 16:07:38, Type: Registry Key, Location: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
===============================================================
END OF FILE


 

 

Link to post
Share on other sites

Just a quick update.

I tried RKill and after that I tried to run any anti-virus software and they are still not working. (plus NPE, Anti-Malware Malwarebytes, and the ESET Online scanner)

 

Spoiler

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/31/2016 06:56:54 PM in x64 mode.
Windows Version: Windows 10 Enterprise 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  0.0.0.0    choice.microsoft.com
  0.0.0.0    choice.microsoft.com.nstac.net
  0.0.0.0    df.telemetry.microsoft.com
  0.0.0.0    oca.telemetry.microsoft.com
  0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
  0.0.0.0    redir.metaservices.microsoft.com
  0.0.0.0    reports.wes.df.telemetry.microsoft.com
  0.0.0.0    services.wes.df.telemetry.microsoft.com
  0.0.0.0    settings-sandbox.data.microsoft.com
  0.0.0.0    settings-win.data.microsoft.com
  0.0.0.0    sqm.df.telemetry.microsoft.com
  0.0.0.0    sqm.telemetry.microsoft.com
  0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
  0.0.0.0    telecommand.telemetry.microsoft.com
  0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
  0.0.0.0    telemetry.appex.bing.net
  0.0.0.0    telemetry.microsoft.com
  0.0.0.0    telemetry.urs.microsoft.com
  0.0.0.0    vortex-sandbox.data.microsoft.com
  0.0.0.0    vortex-win.data.microsoft.com

  20 out of 37 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 05/31/2016 06:57:08 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 

 

Edited by naskon
Link to post
Share on other sites

Update 2: From all the programs that I've tried so far (dds.scr, SUPERAntiSpyware.exe mbam-chameleon, Hitman Pro 64x, Zemara, RKill, ESET Online Scanner, Rouge Killer and The Exception Privileged Instruction Virus Removal tool)
I am getting one of the following messages:

1. External exception: C000001D

2. Exceotion Privilege

3. A program caused the program to stop working correctly. Please close the program (Windows error message)

(Note: Only NPE managed to start its process, but it is not displaying any window)

Link to post
Share on other sites

Hello and Welcome....

While @daledoc1 returns here is something you can try...

Your version of Malwarebytes is 2.1.8.1057 (which is old) the version of the mbam.exe file is 2.3.55.0 which is where the confusion is coming from.  So lets get you to cleanly install the latest version by following the steps outlined below.

Let's try this first....

  1. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x


Please let us know how it goes.

Thank You,

Firefox

Link to post
Share on other sites

I've removed Malware bytes using the mbam-clean, but just like all the other programs, whenever I try to install it via the chameleon or just by running the setup I am getting, depending how am I trying to start it. Using the chameleon I am getting error #1, using the normal setup I am getting error #2

1. External exception: C000001D
2. Privileged Instructions
3. A program caused the program to stop working correctly. Please close the program (Windows error message)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.