Jump to content

Hard disk processing utilisation and malware pop-ups


Recommended Posts

Hello.First of all i'm sorry for my english .  After entering a site , something downloaded like an installer and I didn't even open it and the pc got infected. When I was scanning using malwarebytes those pop ups kept opening ( photo attach). Also it seems like it drains hard disk utlisation( not memory ) and some RAM. 

I runned scans with Malwarebytes (with root enabled) , FRST64 , Rkill , Zemana

1 detection with zemana if I remember correctly but even after deleting it kept using the disk and ram.

Tried restarting but it doesn't work.

Thank you for your time and help.

Addition.txt

FRST.txt

malwarebytes scan.txt

pop up.png

Rkill.txt

task manager.png

zemana.txt

Link to post
Share on other sites

I tought about scanning again with zemana ( deep scan this time , not smart) and I found 5 viruses . 

Here is the log:

Zemana AntiMalware 2.20.2.985 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016-6-10
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
BIOS Mode              : Legacy
CUID                   : 12F9408B83CA0D3AD682F5
Scan Type              : Deep Scan
Duration               : 60m 11s
Scanned Objects        : 603114
Detected Objects       : 5
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

OCSetupHlp.dll
Status             : Scanned
Object             : %temp%\hyd9e53.tmp.1465493418\hta\3rdparty\ocsetuphlp.dll
MD5                : 428A5D062B8665FF64B8024A487A4604
Publisher          : -
Size               : 1037312
Version            : 2.1.0.89
Detection          : Adware:Win32/OpenCandy
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\hyd9e53.tmp.1465493418\hta\3rdparty\ocsetuphlp.dll

avr-ld.exe
Status             : Scanned
Object             : %programfiles%\arduino\hardware\tools\avr\bin\avr-ld.exe
MD5                : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher          : -
Size               : 1084416
Version            : -
Detection          : Malware:Win32/Vorniac.A!Tktk
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\arduino\hardware\tools\avr\bin\avr-ld.exe

avr-ld.bfd.exe
Status             : Scanned
Object             : %programfiles%\arduino\hardware\tools\avr\bin\avr-ld.bfd.exe
MD5                : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher          : -
Size               : 1084416
Version            : -
Detection          : Malware:Win32/Vorniac.A!Tktk
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\arduino\hardware\tools\avr\bin\avr-ld.bfd.exe

ld.bfd.exe
Status             : Scanned
Object             : %programfiles%\arduino\hardware\tools\avr\avr\bin\ld.bfd.exe
MD5                : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher          : -
Size               : 1084416
Version            : -
Detection          : Malware:Win32/Vorniac.A!Tktk
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\arduino\hardware\tools\avr\avr\bin\ld.bfd.exe

ld.exe
Status             : Scanned
Object             : %programfiles%\arduino\hardware\tools\avr\avr\bin\ld.exe
MD5                : 89FABAA027C5FD2534CC5EDE076CDCD2
Publisher          : -
Size               : 1084416
Version            : -
Detection          : Malware:Win32/Vorniac.A!Tktk
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\arduino\hardware\tools\avr\avr\bin\ld.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 

Link to post
Share on other sites

Hello gabipoem and welcome to malwarebytes,

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

My screen name is kevinf80, i`m here to help clean up your system, continue as follows please:

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.

 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result....

Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Let me see those logs, also give an update on any remaining issues or concerns..

Thank you,

Kevin...

 

 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11-Jun-16
Scan Time: 1:47 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.11.02
Rootkit Database: v2016.05.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: victo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415753
Time Elapsed: 38 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

# AdwCleaner v5.119 - Logfile created 11/06/2016 at 14:29:36
# Updated 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Operating system : Windows 10 Pro  (X64)
# Username : victo - DESKTOP-847JART
# Running from : C:\Users\victo\Desktop\AdwCleaner (1).exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{649CCF8F-C1C9-4275-88B7-31CA8B31154C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F44DC845-F9E1-4907-8D9C-1472F72E8326}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E8B1900-34DE-E742-E6A7-606519AC19B7}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1829 bytes] - [11/06/2016 14:29:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [1820 bytes] - [11/06/2016 14:27:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1975 bytes] ##########

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by victo (2016-06-11 14:40:05)
Running from C:\Users\victo\Desktop\frst64
Windows 10 Pro Version 1511 (X64) (2016-02-08 18:15:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3165644656-758810436-2540193018-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3165644656-758810436-2540193018-503 - Limited - Disabled)
Guest (S-1-5-21-3165644656-758810436-2540193018-501 - Limited - Disabled)
victo (S-1-5-21-3165644656-758810436-2540193018-1001 - Administrator - Enabled) => C:\Users\victo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{97FCE17A-EE75-465B-A844-3D458CF8B801}) (Version: 4.2.60128.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.5-r5 - Arduino LLC)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.29.6222 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Clang with Microsoft CodeGen (HKLM-x32\...\{d4e92325-e9d6-43ec-9c3b-65187d053dbe}) (Version: 14.0.24914.0 - Microsoft Corporation)
Clang with Microsoft CodeGen (x32 Version: 14.0.24914 - Microsoft Corporation) Hidden
CodedUITest81 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
CodedUITestUAP (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.0 - Conexant)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Git version 2.7.0 (HKLM\...\Git_is1) (Version: 2.7.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4279 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Emulator - Windows 10.0.10586.11 (HKLM-x32\...\{99cdb1a5-a979-4d8d-865a-bd0d50f2fbce}) (Version: 10.1.10586.11 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Update 1 (HKLM-x32\...\{b754d160-031f-40d6-9234-aa57674295b0}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Apache Cordova (HKLM-x32\...\{63f2f742-924c-4a1c-aad0-ddeb4c350982}) (Version: 14.0.60202.6 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Node.js (HKLM-x32\...\{69735668-F8BC-4E9A-839A-4006FDFDD5AC}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Open Asset Import Library - SDK (v3.0) (HKLM\...\Open Asset Import Library - SDK_is1) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Project and Item Templates for Visual Studio Community 2015 - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Python Tools 2.2.2 for Visual Studio 2015 (HKLM-x32\...\{811CBB11-A221-4AF8-9F69-937487DE6AAC}) (Version: 2.2.31124.00 - Microsoft Corporation)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24730 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4641.1002 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.3104.1200 - Microsoft Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SourceTree (HKLM-x32\...\SourceTree 1.8.2.11) (Version: 1.8.2.11 - Atlassian)
SourceTree (x32 Version: 1.8.2.11 - Atlassian) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual C++ for Mobile Development (Android support) (HKLM-x32\...\{6fbdd940-1a9b-4b15-af0c-6cb7b983f271}) (Version: 14.0.24916.0 - Microsoft Corporation)
Visual C++ for Mobile Development (iOS support) (HKLM-x32\...\{fa9a7c1f-175b-4572-b80e-ff5c1295ca6b}) (Version: 14.0.24916.0 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 5.3.0 (HKLM\...\{9FC6D0C1-137D-4A03-9345-ACB9403BFF69}) (Version: 5.3.0.15303 - RealVNC Ltd)
VNC Viewer 5.3.0 (HKLM\...\{80B5CC59-1240-4ADA-B6AC-C8BA058153A6}) (Version: 5.3.0.15303 - RealVNC Ltd)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10 for Mobile Image - 10.0.10586.0 (HKLM-x32\...\{EA923538-8370-4294-A5CC-F6130FAAD89D}) (Version: 10.1.10586.11 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories Inc. (silabser) Ports  (11/20/2015 6.7.2.200) (HKLM\...\F189C013BFD9D0C73BEC97AD2CFF0CF7CAD1E670) (Version: 11/20/2015 6.7.2.200 - Silicon Laboratories Inc.)
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (Version: 2.0.50408.1 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.50408.2 - Microsoft Corporation) Hidden
Xamarin (HKLM-x32\...\{DE994ED9-270B-41B9-8E21-6F4F8C2AB5EA}) (Version: 4.0.0.1717 - Xamarin)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.985 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3165644656-758810436-2540193018-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-8CD337F6120D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3165644656-758810436-2540193018-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\victo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_3\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3165644656-758810436-2540193018-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {238D942C-3DBF-4BEF-9A81-008940EA2047} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-13] (Microsoft Corporation)
Task: {34CEA76C-20F3-4FF8-B883-579EBAAA5D4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {47B9F4AF-500A-4888-85C1-DE56A1E4228D} - System32\Tasks\{20B0B934-E2DF-419F-A53F-93C9C116028E} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.18.0.112/ro/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {B79951DC-F723-45FC-9A2D-021397DC8595} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-13] (Microsoft Corporation)
Task: {B8DF8891-0245-4B0A-AE8C-153FBC09B6C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-04-12] (Microsoft Corporation)
Task: {BCFDDA82-F1D6-47C9-9AD7-45C09B52424E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-28] (Adobe Systems Incorporated)
Task: {DB4E2F3E-4CC3-4CF3-B365-56565BDE3059} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {F0FE64CA-9C5E-4D34-AEC8-0756C1B486EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-07] (Google Inc.)
Task: {F5224911-611B-4B90-9B13-9430E3F20AC8} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-03] (Advanced Micro Devices, Inc.)
Task: {F6796489-B49E-44DD-9E65-11F7FE0F9254} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\victo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 10:18 - 2015-10-30 10:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-02-13 23:11 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 10:18 - 2016-02-13 22:01 - 00263168 _____ () C:\Windows\system32\wc_storage.dll
2016-04-13 16:39 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-13 16:39 - 2016-03-29 13:20 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-06-07 22:00 - 2016-06-07 22:00 - 00959168 _____ () C:\Users\victo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_3\amd64\ClientTelemetry.dll
2016-02-13 23:15 - 2016-02-13 23:15 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-09 21:54 - 2016-06-09 21:54 - 00121200 _____ () C:\GABI POEM\Aplicatii\Zemana AntiMalware\ZAMShellExt64.dll
2016-02-08 23:42 - 2015-12-07 07:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-28 10:19 - 2016-04-23 07:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-28 10:20 - 2016-04-23 07:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-28 10:20 - 2016-04-23 06:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-28 10:20 - 2016-04-23 06:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-28 10:20 - 2016-04-23 07:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-09 11:05 - 2015-09-09 11:05 - 00405416 _____ () C:\Windows\system32\igfxTray.exe
2016-05-01 16:53 - 2016-05-01 16:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-06-07 21:35 - 2016-06-04 04:01 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-07 21:35 - 2016-06-04 04:01 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-02-08 23:43 - 2015-12-07 07:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-02-08 23:42 - 2015-12-07 07:57 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2016-02-13 23:12 - 2016-02-13 23:16 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-06-07 22:00 - 2016-06-07 22:00 - 00679624 _____ () C:\Users\victo\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_3\ClientTelemetry.dll
2016-06-11 13:29 - 2016-03-09 09:28 - 03306496 _____ () C:\Program Files (x86)\Bluestacks\libGLESv2.dll
2016-06-03 03:36 - 2016-06-03 03:36 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-05-01 16:53 - 2016-05-01 16:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-01 16:53 - 2016-05-01 16:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-06-08 00:10 - 2016-06-08 00:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-06-08 00:41 - 2016-06-08 00:41 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-06-08 00:10 - 2016-06-08 00:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-02-13 23:12 - 2016-02-13 23:16 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-02-13 23:11 - 2016-02-13 23:11 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2016-05-20 17:30 - 2016-05-20 17:30 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-20 17:30 - 2016-05-20 17:30 - 00121344 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-05-20 17:31 - 2016-05-20 17:31 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-20 17:31 - 2016-05-20 17:31 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-06-03 03:20 - 2016-06-03 03:20 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-05-20 17:30 - 2016-05-20 17:30 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2016-05-20 17:29 - 2016-05-20 17:29 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 10:24 - 2015-10-30 10:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3165644656-758810436-2540193018-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 193.231.252.1 - 213.154.124.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{B28EC124-28A6-4D39-894D-6D39F9CD03EB}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{BDE81433-97DA-4B85-A537-9E02F305A119}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{01B48420-237E-4815-B315-60B3E8E2CDC9}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [UDP Query User{647D273D-617B-4569-B955-ED7C43120626}C:\program files\java\jdk1.8.0_74\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_74\bin\java.exe
FirewallRules: [{60CB4108-A726-4CCD-A672-78923D513A74}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{81F2AFBE-3ADD-4460-8D32-0913B0F6C1FC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{C5DE4F65-B0B8-455B-8A64-EBC4C4EE991F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F982A9BB-4595-43F2-8EC9-96A78C83BAC3}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{295B259D-D625-455E-9CF1-E39BDD36DCDA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7685EE15-D1B5-49CD-8226-79E9DCB528AC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{2B61C24A-E747-4C36-B8CA-3E4FDCD54193}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{C8AF4DEA-2F0D-4F72-B905-433565734455}] => (Allow) LPort=12292
FirewallRules: [{84251940-786B-4FB6-989D-27BE9495B4B8}] => (Allow) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
FirewallRules: [{854B731C-573F-41EF-A0C9-A9DD30EBC98A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9312EC81-D0EF-45D0-8F08-04A97370532E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7E65796A-400A-4ACE-B2CF-A5D37520858A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F56CB68F-B06B-498D-8C9F-82EEB3405049}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{932BAA0A-4D2C-41B6-BB04-76AE31788799}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{2A6C7FD1-4495-4637-A0E8-DC485E31AEBE}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\debug\ssserver.vshost.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\debug\ssserver.vshost.exe
FirewallRules: [UDP Query User{9420C838-23E3-4819-BD33-86AAF34472E9}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\debug\ssserver.vshost.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\debug\ssserver.vshost.exe
FirewallRules: [TCP Query User{6C486E00-3372-4366-A721-5CB3C65126C8}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\obj\release\ssserver.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\obj\release\ssserver.exe
FirewallRules: [UDP Query User{E6324027-326E-4C17-AFFA-9DD43A8DDC52}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\obj\release\ssserver.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\obj\release\ssserver.exe
FirewallRules: [{6DA309BD-3A65-4390-B115-8055070C67D8}] => (Allow) LPort=16555
FirewallRules: [TCP Query User{B7CA907C-B6BB-4820-9CE3-D3D3CCBA2A17}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\release\ssserver.vshost.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\release\ssserver.vshost.exe
FirewallRules: [UDP Query User{BE16886F-935F-463B-9B11-F5E50907BC2F}C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\release\ssserver.vshost.exe] => (Allow) C:\users\victo\onedrive\documents\visual studio 2015\projects\ssserver\ssserver\bin\release\ssserver.vshost.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{FC0BE435-52F7-46CC-8BE0-F108F8E39983}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{1D979365-EFB7-4842-9F88-FB9009198FCF}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{7A75E47A-A8F1-4180-820E-1A9FE742D808}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{AB48CE64-FE21-4A40-8C55-E37E68FAF407}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{DEDE120D-8CB6-4BCD-B7D8-8786E3CAB8CA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{141B1E64-E203-46AB-BF96-4FD5DC0C0093}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2016 02:33:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (06/11/2016 02:32:58 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/11/2016 02:32:57 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (06/11/2016 02:32:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

Error: (06/11/2016 02:32:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (06/11/2016 02:32:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4

Error: (06/11/2016 02:32:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (06/11/2016 01:32:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

Error: (06/11/2016 01:32:03 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/11/2016 01:32:03 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 


System errors:
=============
Error: (06/11/2016 02:31:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
%%31

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_46b3d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_46b3d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_46b3d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_46b3d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Plus Android Service  service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Hyper-V Virtual Machine Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/11/2016 02:29:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Phone IP over USB Transport (IpOverUsbSvc) service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2016-06-11 13:51:42.017
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.852
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.831
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 13:51:41.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 13:42:10.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-10 13:42:10.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 8111.55 MB
Available physical RAM: 3430.87 MB
Total Virtual: 8623.55 MB
Available Virtual: 3734.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:618.2 GB) (Free:459.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DBFD8C3A)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=618.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294.2 GB) - (Type=83)
Partition 4: (Not Active) - (Size=18.6 GB) - (Type=82)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-06-2016
Ran by victo (administrator) on DESKTOP-847JART (11-06-2016 14:36:50)
Running from C:\Users\victo\Desktop\frst64
Loaded Profiles: victo (Available Profiles: victo)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Malwarebytes) C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Malwarebytes) C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbamservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Zemana Ltd.) C:\GABI POEM\Aplicatii\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Zemana Ltd.) C:\GABI POEM\Aplicatii\Zemana AntiMalware\ZAM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Disc Soft Ltd) C:\GABI POEM\Aplicatii\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5062384 2015-08-30] (Realtek semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4888264 2016-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ZAM] => C:\GABI POEM\Aplicatii\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-3165644656-758810436-2540193018-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3165644656-758810436-2540193018-1001\...\Run: [DAEMON Tools Lite Automount] => C:\GABI POEM\Aplicatii\DAEMON Tools Lite\DTAgent.exe [4299968 2016-05-30] (Disc Soft Ltd)
HKU\S-1-5-21-3165644656-758810436-2540193018-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [970264 2016-06-09] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3165644656-758810436-2540193018-1001\...\MountPoints2: {818ef333-2d64-11e6-9362-34e6adc8eb09} - "F:\Setup.exe" 
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{6F03DFE5-B80D-449B-AADC-D88B617BEAC3}: [NameServer] 193.231.252.1 213.154.124.1
Tcpip\..\Interfaces\{a589186a-727d-4915-9477-f66280d5c6a7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-03-30] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-03-30] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-13] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-28] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\GABI POEM\Aplicatii\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-03-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-07] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentări Google) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-07]
CHR Extension: (Google Docs) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-07]
CHR Extension: (Disc Google) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-07]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2016-06-07]
CHR Extension: (YouTube) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-07]
CHR Extension: (Foi de calcul Google) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-07]
CHR Extension: (Documente Google Offline) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-08]
CHR Extension: (AdBlock) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-07]
CHR Extension: (Plăți prin Magazinul web Chrome) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-07]
CHR Extension: (Gmail) - C:\Users\victo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [441880 2016-06-09] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [421400 2016-06-09] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [458264 2016-06-09] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-02-13] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\GABI POEM\Aplicatii\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-05-30] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S2 HvHost; C:\Windows\System32\hvhostsvc.dll [61440 2016-02-13] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 MBAMScheduler; C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2016-02-13] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-11-13] (Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5653736 2015-12-07] (RealVNC Ltd)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\GABI POEM\Aplicatii\Zemana AntiMalware\ZAM.exe [13644016 2016-06-07] (Zemana Ltd.)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-06-09] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-05-30] (Bluestack System Inc. )
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-06-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-06-08] (Disc Soft Ltd)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [71008 2015-11-05] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [299280 2015-12-18] (Intel Corporation)
R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-27] (Intel  Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-02-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194320 2015-10-14] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-02-13] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-02-13] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-02-13] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3069680 2015-08-30] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-02-13] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-02-13] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-02-13] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-06-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-06-09] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 13:48 - 2016-06-11 13:48 - 03677248 _____ C:\Users\victo\Downloads\AdwCleaner (1).exe
2016-06-11 13:48 - 2016-06-11 13:48 - 03677248 _____ C:\Users\victo\Desktop\AdwCleaner (1).exe
2016-06-11 13:47 - 2016-06-11 14:29 - 00000000 ____D C:\AdwCleaner
2016-06-11 13:47 - 2016-06-11 13:47 - 03677248 _____ C:\Users\victo\Downloads\AdwCleaner.exe
2016-06-11 13:45 - 2016-06-11 13:45 - 00001050 _____ C:\Users\victo\Downloads\5759c738e30f2_malwarebytesscan.txt
2016-06-11 13:30 - 2016-06-11 13:30 - 00002144 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-06-11 13:30 - 2016-06-11 13:30 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-06-11 13:30 - 2016-06-11 13:30 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-06-11 11:49 - 2016-06-11 11:49 - 00000000 ___HD C:\OneDriveTemp
2016-06-10 17:03 - 2016-06-10 17:03 - 00000000 ____D C:\Users\victo\AppData\Roaming\Mozilla
2016-06-10 17:03 - 2016-06-10 17:03 - 00000000 ____D C:\Users\victo\AppData\Local\Macromedia
2016-06-10 16:58 - 2016-06-11 13:32 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-06-10 16:55 - 2016-06-10 16:55 - 00000000 ____D C:\Users\victo\AppData\Local\Bluestacks
2016-06-10 16:50 - 2016-06-10 16:51 - 276600776 _____ (BlueStack Systems Inc.) C:\Users\victo\Downloads\BlueStacks2_native.exe
2016-06-10 13:28 - 2016-06-10 13:28 - 00001904 _____ C:\Users\victo\Downloads\Fixlist.txt
2016-06-10 10:03 - 2016-06-10 10:03 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2016-06-10 10:02 - 2016-06-10 10:02 - 00000000 ____D C:\Program Files\Adobe
2016-06-10 10:00 - 2016-06-10 10:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-06-10 09:54 - 2016-06-11 14:35 - 00000000 ___RD C:\Users\victo\Creative Cloud Files
2016-06-10 09:51 - 2016-06-10 09:51 - 00001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-06-10 09:51 - 2016-06-10 09:51 - 00001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-06-10 09:45 - 2016-06-11 14:35 - 00000000 ____D C:\Users\victo\AppData\Local\Adobe
2016-06-10 09:45 - 2016-06-10 09:45 - 00798912 _____ (Adobe Systems Incorporated) C:\Users\victo\Downloads\CreativeCloudSet-Up (1).exe
2016-06-09 22:47 - 2016-06-09 22:47 - 00003683 _____ C:\Users\victo\Downloads\zemana.txt
2016-06-09 22:07 - 2016-06-09 22:07 - 00000000 ____D C:\ProgramData\Sophos
2016-06-09 22:06 - 2016-06-09 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-06-09 22:03 - 2016-06-09 22:03 - 152030248 _____ (Sophos Limited) C:\Users\victo\Downloads\Sophos Virus Removal Tool.exe
2016-06-09 21:54 - 2016-06-11 14:38 - 00147595 _____ C:\Windows\ZAM.krnl.trace
2016-06-09 21:54 - 2016-06-11 14:37 - 00030813 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-06-09 21:53 - 2016-06-09 21:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-06-09 21:53 - 2016-06-09 21:53 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-06-09 21:53 - 2016-06-09 21:53 - 00000000 ____D C:\Users\victo\AppData\Local\Zemana
2016-06-09 21:53 - 2016-06-09 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-09 21:17 - 2016-06-09 21:17 - 05579496 _____ ( ) C:\Users\victo\Downloads\Zemana.AntiMalware.Setup.exe
2016-06-09 21:13 - 2016-06-09 21:13 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\victo\Downloads\rkill.com
2016-06-09 21:04 - 2016-06-09 21:04 - 00001022 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-09 21:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-09 21:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-09 21:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-09 21:02 - 2016-06-09 21:02 - 22851472 _____ (Malwarebytes ) C:\Users\victo\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-06-09 20:48 - 2016-06-11 14:36 - 00000000 ____D C:\Users\victo\Desktop\frst64
2016-06-09 20:27 - 2016-06-11 14:36 - 00000000 ____D C:\FRST
2016-06-09 20:16 - 2016-06-09 20:16 - 00615478 _____ C:\Users\victo\Downloads\Autoruns.zip
2016-06-09 20:05 - 2016-06-09 20:05 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2016-06-09 20:04 - 2016-06-09 20:04 - 01270466 _____ C:\Users\victo\Downloads\ProcessExplorer.zip
2016-06-09 19:23 - 2016-06-09 19:23 - 02385408 _____ (Farbar) C:\Users\victo\Downloads\FRST64 (2).exe
2016-06-09 19:23 - 2016-06-09 19:23 - 02385408 _____ (Farbar) C:\Users\victo\Downloads\FRST64 (1).exe
2016-06-09 19:00 - 2016-06-09 19:00 - 02385408 _____ (Farbar) C:\Users\victo\Downloads\FRST64.exe
2016-06-09 18:49 - 2016-06-09 18:49 - 00042037 _____ C:\Users\victo\Downloads\Addition (1).txt
2016-06-09 18:48 - 2016-06-09 18:48 - 00042037 _____ C:\Users\victo\Downloads\Addition.txt
2016-06-09 17:01 - 2016-06-11 14:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-09 17:00 - 2016-06-09 17:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-09 16:59 - 2016-06-09 16:59 - 22851472 _____ (Malwarebytes ) C:\Users\victo\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-09 16:17 - 2016-06-11 14:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-09 16:17 - 2016-06-09 19:27 - 00000000 ___RD C:\Users\victo\Creative Cloud Files (archived) (1)
2016-06-09 16:09 - 2016-06-10 09:54 - 00000000 ____D C:\ProgramData\Adobe
2016-06-09 16:08 - 2016-06-10 09:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-06-09 16:06 - 2016-06-09 16:08 - 99119281 _____ C:\Users\victo\Downloads\OneDrive-2016-06-09.zip
2016-06-09 16:06 - 2016-06-09 16:06 - 95508694 _____ C:\Users\victo\Downloads\Madara.mp4
2016-06-09 16:05 - 2016-06-09 16:05 - 00798912 _____ (Adobe Systems Incorporated) C:\Users\victo\Downloads\CreativeCloudSet-Up.exe
2016-06-09 15:53 - 2016-06-09 15:54 - 113172186 _____ C:\Users\victo\Desktop\FINAL AMV.mov
2016-06-08 15:48 - 2016-06-08 15:48 - 00000420 _____ C:\Users\victo\Desktop\This PC - Shortcut.lnk
2016-06-08 15:42 - 2016-06-08 15:42 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-06-08 15:42 - 2016-06-08 15:42 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-06-08 15:41 - 2016-06-08 15:48 - 00000000 ____D C:\Users\victo\AppData\Roaming\DAEMON Tools Lite
2016-06-08 15:41 - 2016-06-08 15:41 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-06-07 23:29 - 2016-06-11 14:04 - 00000000 ____D C:\Users\victo\AppData\Roaming\vlc
2016-06-07 23:28 - 2016-06-07 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-06-07 23:27 - 2016-06-07 23:27 - 31717016 _____ C:\Users\victo\Downloads\vlc-2.2.4-win64 (1).exe
2016-06-07 23:27 - 2016-06-07 23:27 - 30533688 _____ C:\Users\victo\Downloads\vlc-2.2.4-win32.exe
2016-06-07 23:27 - 2016-06-07 23:27 - 30533688 _____ C:\Users\victo\Downloads\vlc-2.2.4-win32 (1).exe
2016-06-07 23:26 - 2016-06-07 23:26 - 31717016 _____ C:\Users\victo\Downloads\vlc-2.2.4-win64.exe
2016-06-07 23:11 - 2016-06-07 23:11 - 00029842 _____ C:\Users\victo\Downloads\OneDrive-2016-06-07.zip
2016-06-07 22:01 - 2016-06-07 22:01 - 00000757 _____ C:\Users\victo\Desktop\GABI POEM - Shortcut.lnk
2016-06-07 22:00 - 2016-06-07 22:00 - 09040072 _____ (Microsoft Corporation) C:\Users\victo\Downloads\OneDriveSetup (2).exe
2016-06-07 21:58 - 2016-06-07 21:58 - 09040072 _____ (Microsoft Corporation) C:\Users\victo\Downloads\OneDriveSetup (1).exe
2016-06-07 21:51 - 2016-06-07 21:50 - 09040072 _____ (Microsoft Corporation) C:\Users\victo\Downloads\OneDriveSetup.exe
2016-06-07 21:36 - 2016-06-09 22:40 - 00000000 ____D C:\GABI POEM
2016-06-07 21:35 - 2016-06-11 14:31 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-07 21:35 - 2016-06-07 22:49 - 00000000 ____D C:\Users\victo\AppData\Local\Google
2016-06-07 21:35 - 2016-06-07 21:40 - 00003996 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-07 21:35 - 2016-06-07 21:40 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-07 21:35 - 2016-06-07 21:40 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-07 21:35 - 2016-06-07 21:35 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-07 21:35 - 2016-06-07 21:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-07 21:34 - 2016-06-07 21:35 - 00987728 _____ (Google Inc.) C:\Users\victo\Downloads\ChromeSetup.exe
2016-05-28 23:00 - 2016-05-04 00:13 - 00000247 _____ C:\Users\victo\OneDrive\Documents\text.frag
2016-05-28 23:00 - 2016-05-04 00:13 - 00000239 _____ C:\Users\victo\OneDrive\Documents\text.vert
2016-05-28 23:00 - 2016-04-19 15:22 - 00000349 _____ C:\Users\victo\OneDrive\Documents\model_loading.vert
2016-05-28 23:00 - 2016-04-19 15:22 - 00000179 _____ C:\Users\victo\OneDrive\Documents\model_loading.frag
2016-05-28 10:21 - 2016-04-23 07:28 - 16984576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-05-28 10:21 - 2016-04-23 07:26 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-05-28 10:21 - 2016-04-23 07:25 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-05-28 10:21 - 2016-04-23 07:22 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-05-28 10:21 - 2016-04-23 07:19 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-05-28 10:21 - 2016-04-23 07:19 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-05-28 10:21 - 2016-04-23 07:18 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-05-28 10:21 - 2016-04-23 07:16 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-05-28 10:21 - 2016-04-23 07:13 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-05-28 10:21 - 2016-04-23 07:09 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-05-28 10:21 - 2016-04-23 07:08 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-05-28 10:21 - 2016-04-23 07:07 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-05-28 10:20 - 2016-05-06 07:53 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdport.sys
2016-05-28 10:20 - 2016-05-06 07:05 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-05-28 10:20 - 2016-05-06 07:03 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-05-28 10:20 - 2016-05-06 06:53 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-05-28 10:20 - 2016-05-06 06:49 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrSvc.dll
2016-05-28 10:20 - 2016-05-06 06:44 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-05-28 10:20 - 2016-05-06 06:43 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-05-28 10:20 - 2016-05-06 06:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-05-28 10:20 - 2016-04-30 09:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-05-28 10:20 - 2016-04-30 09:31 - 03591168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-05-28 10:20 - 2016-04-23 09:12 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 00713920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 00294592 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 00190144 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-05-28 10:20 - 2016-04-23 09:12 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-05-28 10:20 - 2016-04-23 09:12 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-05-28 10:20 - 2016-04-23 08:28 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-28 10:20 - 2016-04-23 08:28 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-28 10:20 - 2016-04-23 08:26 - 00707608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-28 10:20 - 2016-04-23 08:24 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-28 10:20 - 2016-04-23 08:24 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-28 10:20 - 2016-04-23 08:24 - 01819208 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-28 10:20 - 2016-04-23 08:24 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-05-28 10:20 - 2016-04-23 08:24 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-05-28 10:20 - 2016-04-23 08:24 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-05-28 10:20 - 2016-04-23 08:24 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-05-28 10:20 - 2016-04-23 08:22 - 01161120 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-28 10:20 - 2016-04-23 08:18 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-05-28 10:20 - 2016-04-23 08:13 - 00502104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-05-28 10:20 - 2016-04-23 08:13 - 00306832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2016-05-28 10:20 - 2016-04-23 08:13 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-05-28 10:20 - 2016-04-23 08:12 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-05-28 10:20 - 2016-04-23 08:12 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-05-28 10:20 - 2016-04-23 08:12 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-05-28 10:20 - 2016-04-23 08:11 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-05-28 10:20 - 2016-04-23 08:11 - 00696672 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-05-28 10:20 - 2016-04-23 08:11 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-05-28 10:20 - 2016-04-23 08:11 - 00390496 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-05-28 10:20 - 2016-04-23 08:11 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-05-28 10:20 - 2016-04-23 08:11 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-05-28 10:20 - 2016-04-23 08:10 - 03673424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-28 10:20 - 2016-04-23 08:10 - 02919832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-28 10:20 - 2016-04-23 08:10 - 00330072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-05-28 10:20 - 2016-04-23 08:09 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-05-28 10:20 - 2016-04-23 08:09 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-05-28 10:20 - 2016-04-23 08:09 - 05240960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-05-28 10:20 - 2016-04-23 08:09 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-05-28 10:20 - 2016-04-23 08:09 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-05-28 10:20 - 2016-04-23 08:09 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-05-28 10:20 - 2016-04-23 08:09 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-05-28 10:20 - 2016-04-23 08:09 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-05-28 10:20 - 2016-04-23 08:09 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-05-28 10:20 - 2016-04-23 08:08 - 06605504 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-05-28 10:20 - 2016-04-23 08:08 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-05-28 10:20 - 2016-04-23 08:08 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-05-28 10:20 - 2016-04-23 08:07 - 01848072 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-05-28 10:20 - 2016-04-23 08:07 - 01536088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-05-28 10:20 - 2016-04-23 08:07 - 00204048 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-05-28 10:20 - 2016-04-23 08:07 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-05-28 10:20 - 2016-04-23 08:06 - 00291360 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2016-05-28 10:20 - 2016-04-23 08:02 - 00188256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-05-28 10:20 - 2016-04-23 08:01 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-28 10:20 - 2016-04-23 08:01 - 00650304 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-05-28 10:20 - 2016-04-23 08:01 - 00619296 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-28 10:20 - 2016-04-23 08:01 - 00577368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-05-28 10:20 - 2016-04-23 08:01 - 00522176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-05-28 10:20 - 2016-04-23 08:01 - 00513368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-28 10:20 - 2016-04-23 08:01 - 00393568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-28 10:20 - 2016-04-23 08:01 - 00217440 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01594920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01372304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 00453472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-05-28 10:20 - 2016-04-23 08:00 - 00058208 _____ (Microsoft Corporation) C:\Windows\system32\dwminit.dll
2016-05-28 10:20 - 2016-04-23 07:56 - 00534872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-05-28 10:20 - 2016-04-23 07:39 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-05-28 10:20 - 2016-04-23 07:35 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-05-28 10:20 - 2016-04-23 07:34 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-05-28 10:20 - 2016-04-23 07:34 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\hmkd.dll
2016-05-28 10:20 - 2016-04-23 07:34 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-05-28 10:20 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2016-05-28 10:20 - 2016-04-23 07:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-28 10:20 - 2016-04-23 07:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-05-28 10:20 - 2016-04-23 07:31 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-05-28 10:20 - 2016-04-23 07:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-05-28 10:20 - 2016-04-23 07:30 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-05-28 10:20 - 2016-04-23 07:30 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-05-28 10:20 - 2016-04-23 07:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-05-28 10:20 - 2016-04-23 07:29 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-05-28 10:20 - 2016-04-23 07:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filecrypt.sys
2016-05-28 10:20 - 2016-04-23 07:29 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-05-28 10:20 - 2016-04-23 07:29 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-05-28 10:20 - 2016-04-23 07:29 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hmkd.dll
2016-05-28 10:20 - 2016-04-23 07:28 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\CloudDomainJoinDataModelServer.dll
2016-05-28 10:20 - 2016-04-23 07:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-05-28 10:20 - 2016-04-23 07:28 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-05-28 10:20 - 2016-04-23 07:27 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-05-28 10:20 - 2016-04-23 07:26 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-05-28 10:20 - 2016-04-23 07:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2016-05-28 10:20 - 2016-04-23 07:25 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-05-28 10:20 - 2016-04-23 07:25 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-05-28 10:20 - 2016-04-23 07:25 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-05-28 10:20 - 2016-04-23 07:24 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEDataLayerHelpers.dll
2016-05-28 10:20 - 2016-04-23 07:23 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-05-28 10:20 - 2016-04-23 07:23 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\ListSvc.dll
2016-05-28 10:20 - 2016-04-23 07:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\BrowserSettingSync.dll
2016-05-28 10:20 - 2016-04-23 07:23 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-05-28 10:20 - 2016-04-23 07:22 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-05-28 10:20 - 2016-04-23 07:21 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-28 10:20 - 2016-04-23 07:21 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-05-28 10:20 - 2016-04-23 07:20 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-28 10:20 - 2016-04-23 07:19 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-05-28 10:20 - 2016-04-23 07:19 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-28 10:20 - 2016-04-23 07:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 24604672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-05-28 10:20 - 2016-04-23 07:18 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00605184 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-05-28 10:20 - 2016-04-23 07:18 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-05-28 10:20 - 2016-04-23 07:18 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-05-28 10:20 - 2016-04-23 07:17 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-05-28 10:20 - 2016-04-23 07:17 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-05-28 10:20 - 2016-04-23 07:17 - 00388608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-28 10:20 - 2016-04-23 07:16 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-05-28 10:20 - 2016-04-23 07:16 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-28 10:20 - 2016-04-23 07:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 13383168 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-05-28 10:20 - 2016-04-23 07:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-05-28 10:20 - 2016-04-23 07:13 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-05-28 10:20 - 2016-04-23 07:13 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-05-28 10:20 - 2016-04-23 07:13 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-28 10:20 - 2016-04-23 07:13 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-05-28 10:20 - 2016-04-23 07:12 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-05-28 10:20 - 2016-04-23 07:10 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-28 10:20 - 2016-04-23 07:10 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-05-28 10:20 - 2016-04-23 07:09 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-28 10:20 - 2016-04-23 07:08 - 05324288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-05-28 10:20 - 2016-04-23 07:07 - 02598912 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-05-28 10:20 - 2016-04-23 07:07 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-28 10:20 - 2016-04-23 07:07 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-28 10:20 - 2016-04-23 07:06 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 05502976 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-05-28 10:20 - 2016-04-23 07:05 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-05-28 10:20 - 2016-04-23 07:04 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-05-28 10:20 - 2016-04-23 07:04 - 01731072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-05-28 10:20 - 2016-04-23 07:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-05-28 10:20 - 2016-04-23 07:02 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-05-28 10:20 - 2016-04-23 07:02 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-05-28 10:20 - 2016-04-23 07:01 - 04775424 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-28 10:20 - 2016-04-23 07:00 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-05-28 10:20 - 2016-04-23 07:00 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-05-28 10:20 - 2016-04-23 06:45 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-05-28 10:20 - 2016-04-23 05:10 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-05-28 10:19 - 2016-04-23 07:33 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-05-28 10:19 - 2016-04-23 07:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-05-28 10:19 - 2016-04-23 07:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\ByteCodeGenerator.exe
2016-05-28 10:19 - 2016-04-23 07:32 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-05-28 10:19 - 2016-04-23 07:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-05-28 10:19 - 2016-04-23 07:29 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-05-28 10:19 - 2016-04-23 07:29 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ByteCodeGenerator.exe
2016-05-28 10:19 - 2016-04-23 07:29 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-05-28 10:19 - 2016-04-23 07:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-05-28 10:19 - 2016-04-23 07:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-05-28 10:19 - 2016-04-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-05-28 10:19 - 2016-04-23 07:25 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-05-28 10:19 - 2016-04-23 07:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-05-28 10:19 - 2016-04-23 07:23 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-05-28 10:19 - 2016-04-23 07:22 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-05-28 10:19 - 2016-04-23 07:19 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2016-05-28 10:19 - 2016-04-23 07:19 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BrowserSettingSync.dll
2016-05-28 10:19 - 2016-04-23 07:18 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-05-28 10:19 - 2016-04-23 07:18 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-05-28 10:19 - 2016-04-23 07:18 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-05-28 10:19 - 2016-04-23 07:17 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2016-05-28 10:19 - 2016-04-23 07:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-05-28 10:19 - 2016-04-23 07:05 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-05-28 10:19 - 2016-04-23 07:03 - 02193408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-05-28 10:19 - 2016-04-23 05:10 - 00002186 _____ C:\Windows\system32\AppxProvisioning.xml
2016-05-28 10:19 - 2016-04-19 01:30 - 00002186 _____ C:\Windows\SysWOW64\AppxProvisioning.xml
2016-05-28 09:54 - 2016-05-28 09:58 - 00000000 ____D C:\Users\victo\OneDrive\Documents\Win32Project3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-11 14:34 - 2016-02-08 21:24 - 00000000 ___RD C:\Users\victo\OneDrive
2016-06-11 14:33 - 2016-03-17 18:06 - 00000000 ____D C:\Users\victo\AppData\Roaming\Skype
2016-06-11 14:33 - 2016-02-08 21:19 - 00000000 ____D C:\Users\victo
2016-06-11 14:31 - 2016-02-13 20:06 - 00000093 _____ C:\HaxLogs.txt
2016-06-11 14:31 - 2016-02-08 21:29 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-11 14:31 - 2016-02-08 21:29 - 00000000 __SHD C:\Users\victo\IntelGraphicsProfiles
2016-06-11 14:31 - 2016-02-08 21:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-11 14:30 - 2015-10-30 09:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-11 14:28 - 2016-03-30 14:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-11 13:30 - 2015-10-30 10:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-11 12:28 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-11 12:28 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-10 13:20 - 2016-02-08 21:07 - 05033864 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-10 10:02 - 2016-02-08 21:21 - 00000000 ____D C:\Users\victo\AppData\Roaming\Adobe
2016-06-09 16:23 - 2016-02-08 21:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-09 13:47 - 2016-02-08 21:19 - 00897254 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 13:47 - 2015-10-30 10:21 - 00000000 ____D C:\Windows\INF
2016-06-08 22:15 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\rescache
2016-06-08 09:23 - 2016-02-08 21:24 - 00000000 ____D C:\Program Files\CONEXANT
2016-06-07 22:00 - 2016-02-08 21:24 - 00002363 _____ C:\Users\victo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-07 21:53 - 2016-02-08 21:31 - 00000000 ____D C:\Users\victo\AppData\Local\ElevatedDiagnostics
2016-06-07 21:52 - 2016-02-08 21:24 - 00000000 ____D C:\ProgramData\Conexant
2016-05-29 20:25 - 2016-02-08 21:21 - 00000000 ____D C:\Users\victo\AppData\Local\Packages
2016-05-28 18:44 - 2016-03-17 18:06 - 00000000 ____D C:\ProgramData\Skype
2016-05-28 18:43 - 2016-03-17 18:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-28 18:42 - 2016-02-08 21:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-28 17:35 - 2015-10-30 12:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-28 17:35 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\oobe
2016-05-28 17:35 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-28 17:35 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\Provisioning
2016-05-28 17:35 - 2015-10-30 10:24 - 00000000 ____D C:\Windows\bcastdvr
2016-05-28 14:39 - 2015-10-30 10:24 - 00015703 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2016-05-28 14:39 - 2015-10-30 10:11 - 00000000 ____D C:\Windows\CbsTemp
2016-05-28 14:37 - 2016-02-08 23:44 - 00000000 ____D C:\Windows\system32\MRT
2016-05-28 14:25 - 2016-02-08 23:44 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-28 10:28 - 2016-03-30 14:28 - 05995712 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-28 10:13 - 2015-10-30 10:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-28 10:10 - 2016-02-13 23:11 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-02-08 21:25 - 2016-02-08 21:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\victo\AppData\Local\Temp\BluestacksUninstaller.exe
C:\Users\victo\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\victo\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\victo\AppData\Local\Temp\libeay32.dll
C:\Users\victo\AppData\Local\Temp\msvcr120.dll
C:\Users\victo\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-08 00:54

==================== End of FRST.txt ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me know if you have any remaining issues or concerns....

Thank you,

Kevin

Fixlist.txt

Link to post
Share on other sites

The problem is still there. Disk usage is 100%

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-06-2016
Ran by victo (2016-06-11 18:26:58) Run:1
Running from C:\Users\victo\Desktop\frst64
Loaded Profiles: victo (Available Profiles: victo)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3165644656-758810436-2540193018-1001\...\MountPoints2: {818ef333-2d64-11e6-9362-34e6adc8eb09} - "F:\Setup.exe" 
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] 
C:\Users\victo\AppData\Local\Temp\BluestacksUninstaller.exe
C:\Users\victo\AppData\Local\Temp\HD-LibraryHandler.dll
C:\Users\victo\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\victo\AppData\Local\Temp\libeay32.dll
C:\Users\victo\AppData\Local\Temp\msvcr120.dll
C:\Users\victo\AppData\Local\Temp\sqlite3.dll 
CustomCLSID: HKU\S-1-5-21-3165644656-758810436-2540193018-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-8CD337F6120D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-21-3165644656-758810436-2540193018-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{818ef333-2d64-11e6-9362-34e6adc8eb09}" => key removed successfully
HKCR\CLSID\{818ef333-2d64-11e6-9362-34e6adc8eb09} => key not found. 
ibtsiva => service removed successfully
C:\Users\victo\AppData\Local\Temp\BluestacksUninstaller.exe => moved successfully
C:\Users\victo\AppData\Local\Temp\HD-LibraryHandler.dll => moved successfully
C:\Users\victo\AppData\Local\Temp\HD-Logger-Native.dll => moved successfully
C:\Users\victo\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\victo\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\victo\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKU\S-1-5-21-3165644656-758810436-2540193018-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-8CD337F6120D}" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 4.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:28:47 ====

Link to post
Share on other sites

No audio is strange, no entries in fix by FRST are related to audio services or drivers....

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

After running troubleshooting it fixed the problem about audio.

 

RogueKiller V12.3.2.0 [Jun  6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : victo [Administrator]
Started from : C:\Users\victo\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/11/2016 19:46:55

¤¤¤ Processes : 1 ¤¤¤
[PUP] mbam.exe(2628) -- C:\GABI POEM\Aplicatii\Malwarebytes Anti-Malware\mbam.exe[x] -> Found

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPCX-24UE4T0 +++++
--- User ---
[MBR] 2904ee8d8c21ca053b9b607499f8a062
[BSP] 364be0f051d302c00b823992343cd996 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1030144 | Size: 633037 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 1297489920 | Size: 301256 MB
3 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 1914462208 | Size: 19073 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Ok, change back to Normal boot mode, instructions at same link for clean boot. Lets run indepth online AV scan to make sure we have not missed any thing malicious...

user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.


Please include this logfile in your next reply.

Don't forget to re-enable security software!

 

Link to post
Share on other sites

Thanks for the update, it would seem that malware/infection is not the cause of the  problem that you describe.... probably a better option is to start a thread in the General PC Forum, post a link back to this thread.... https://forums.malwarebytes.org/forum/6-general-pc-help/

Let me know the outcome when complete, we can clean up and remove tools etc later...

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.