Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware/adware on my computer [Solved]

Started by chilligringo , Apr 29 2016 09:07 AM

malware adware Tencent

This topic is locked

#1
chilligringo

Posted 29 April 2016 - 09:07 AM

New Member

Member
9 posts

Hello good people,

My computer got infected by some chineese program that now is both my virus program and some optimization service. I cant find a way to remove it and hope you guys can help me.

Edit: removed the txt files text.

Edited by chilligringo, 29 April 2016 - 09:33 AM.

#2
chilligringo

Posted 29 April 2016 - 09:31 AM

New Member

Topic Starter
Member
9 posts

I read that you want the txt files in different posts so here is FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by evenh (administrator) on DESKTOP-VVO3BQM (29-04-2016 16:57:13)
Running from C:\Users\evenh\Desktop
Loaded Profiles: evenh (Available Profiles: evenh)
Platform: Windows 10 Home Version 1511 (X64) Language: Norsk bokmål (Norge)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(腾讯公司) C:\Users\evenh\AppData\Roaming\Tencent\AndroidServer\1.0.0.510\AndroidServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8504064 2015-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-08-16] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-01] (Raptr, Inc)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * aswBoot.exe /M:1801e9ce5 /wow /dir:"C:\Program Files\AVAST Software\Avast"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{acd70d16-3c46-47a9-b8d6-4ae1e1deeb18}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{af726f95-390a-45cb-af3f-01f64f1f9b07}: [NameServer] 138.201.48.176,8.8.8.8
Tcpip\..\Interfaces\{af726f95-390a-45cb-af3f-01f64f1f9b07}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{d5e60bb0-5347-408f-9c31-b5b2f8840054}: [DhcpNameServer] 82.163.143.171
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1389706129-1160737656-1141877127-1001 -> hxxp://www.startsiden.no/

FireFox:
========
FF ProfilePath: C:\Users\evenh\AppData\Roaming\Mozilla\Firefox\Profiles\ltfvs5g6.default
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: hxxps://www.google.com/search?bcutc=sp-006
FF SearchEngineOrder.1: Google
FF Keyword.URL: hxxps://www.google.com/search?bcutc=sp-006
FF Homepage: hxxps://www.google.com/?bcutc=sp-006
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-04-29] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF SearchPlugin: C:\Users\evenh\AppData\Roaming\Mozilla\Firefox\Profiles\ltfvs5g6.default\searchplugins\google-avast.xml [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.startsiden.no/
CHR StartupUrls: Default -> "hxxp://www.startsiden.no/"
CHR Profile: C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-19]
CHR Extension: (Google Docs) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-19]
CHR Extension: (Google Drive) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-19]
CHR Extension: (YouTube) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-19]
CHR Extension: (Google Search) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-19]
CHR Extension: (Google Sheets) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\evenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdBlockerService; C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe [7168 2016-04-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-04-01] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-11] (Plays.tv, LLC)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-04-29] (Tencent)
U2 QQRepair251a; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair251a [140608 2016-04-29] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [140608 2016-04-29] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-16] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-08-16] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-21] (Intel Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-04-18] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-04-29] (电脑管家)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-04-29] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [172664 2016-04-29] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-04-29] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-04-29] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-04-29] (电脑管家)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-02-17] (BitDefender S.R.L.)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-04-29] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-04-29] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-04-29] ()
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-04-29] (电脑管家)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 gzflt; \??\C:\Program Files\Norman\nvc\bin\gzflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 16:56 - 2016-04-29 16:57 - 00019193 _____ C:\Users\evenh\Desktop\FRST.txt
2016-04-29 16:48 - 2016-04-29 16:48 - 00047457 _____ C:\Users\evenh\Downloads\Addition.txt
2016-04-29 16:47 - 2016-04-29 16:57 - 00000000 ____D C:\FRST
2016-04-29 16:47 - 2016-04-29 16:48 - 00079981 _____ C:\Users\evenh\Downloads\FRST.txt
2016-04-29 16:47 - 2016-04-29 16:47 - 02376704 _____ (Farbar) C:\Users\evenh\Desktop\FRST64.exe
2016-04-29 16:35 - 2016-04-29 16:35 - 00768248 _____ (Reimage®) C:\Users\evenh\Downloads\ReimageRepair.exe
2016-04-29 16:23 - 2016-04-29 16:23 - 00013008 _____ C:\Users\evenh\Documents\cc_20160429_162323.reg
2016-04-29 16:22 - 2016-04-29 16:22 - 00000000 ____D C:\Users\evenh\AppData\Roaming\AVG
2016-04-29 16:21 - 2016-04-29 16:21 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-04-29 16:21 - 2016-04-29 16:21 - 00000000 ___HD C:\$AVG
2016-04-29 16:21 - 2016-04-29 16:21 - 00000000 ____D C:\Users\evenh\AppData\Roaming\TuneUp Software
2016-04-29 16:21 - 2016-04-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-29 16:21 - 2016-04-29 16:21 - 00000000 ____D C:\ProgramData\Avg
2016-04-29 16:21 - 2016-04-29 16:21 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-29 16:20 - 2016-04-29 16:22 - 00000000 ____D C:\Users\evenh\AppData\Local\Avg
2016-04-29 16:20 - 2016-04-29 16:22 - 00000000 ____D C:\ProgramData\MFAData
2016-04-29 16:20 - 2016-04-29 16:21 - 00000000 ____D C:\Users\evenh\AppData\Local\AvgSetupLog
2016-04-29 16:20 - 2016-04-29 16:20 - 05051824 _____ (AVG Technologies) C:\Users\evenh\Downloads\avg_free_stb_all_2015_ltst_176.exe
2016-04-29 16:20 - 2016-04-29 16:20 - 00000000 ____D C:\Users\evenh\AppData\Local\MFAData
2016-04-29 16:20 - 2016-04-29 16:20 - 00000000 ____D C:\Users\evenh\AppData\Local\Avg2015
2016-04-29 16:19 - 2016-04-29 16:19 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-04-29 16:19 - 2016-04-29 16:19 - 00000000 ___HD C:\OneDriveTemp
2016-04-29 16:02 - 2016-04-29 16:18 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-29 16:02 - 2016-04-29 16:02 - 05168776 _____ (AVAST Software) C:\Users\evenh\Downloads\avast_free_antivirus_setup_online.exe
2016-04-29 15:50 - 2016-04-29 15:50 - 00000258 __RSH C:\Users\evenh\ntuser.pol
2016-04-29 15:45 - 2016-04-29 15:45 - 00413439 _____ C:\ProgramData\xdo.zip
2016-04-29 15:45 - 2016-04-26 23:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
2016-04-29 15:44 - 2016-04-29 16:18 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-29 15:44 - 2016-04-29 15:53 - 00000000 ____D C:\Users\evenh\AppData\Roaming\Tencent
2016-04-29 15:44 - 2016-04-29 15:50 - 00000000 ____D C:\ProgramData\Tencent
2016-04-29 15:44 - 2016-04-29 15:44 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-04-29 15:44 - 2016-04-29 15:44 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-04-29 15:44 - 2016-04-29 15:44 - 00097400 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-04-29 15:43 - 2016-04-29 16:14 - 00000000 ____D C:\Program Files (x86)\AdBlocker
2016-04-29 15:43 - 2016-04-29 16:08 - 00000000 ____D C:\Users\evenh\AppData\Roaming\FreeVPN
2016-04-29 15:43 - 2016-04-29 15:50 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-29 15:43 - 2016-04-29 15:43 - 00114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\evenh\AppData\Roaming\xldl.dll
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\evenh\AppData\Roaming\download
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\ProgramData\Thunder Network
2016-04-29 15:39 - 2016-04-29 15:42 - 00000000 ____D C:\Hearts of Iron 3
2016-04-29 15:39 - 2016-04-29 15:39 - 00000000 ____D C:\Users\evenh\Documents\Paradox Interactive
2016-04-29 15:38 - 2016-04-29 15:38 - 00867674 _____ C:\Users\evenh\Downloads\blackice-installer_2.0 (1).zip
2016-04-28 17:01 - 2016-04-28 17:01 - 02449920 _____ C:\Users\evenh\Downloads\addressOutput.xls
2016-04-27 12:34 - 2016-04-27 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-04-26 18:55 - 2016-04-26 18:55 - 00000000 ____D C:\Users\evenh\AppData\Local\Macromedia
2016-04-26 17:37 - 2016-04-29 16:09 - 00001208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-26 17:37 - 2016-04-26 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-26 17:37 - 2016-04-26 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-26 17:36 - 2016-04-26 17:36 - 00242120 _____ C:\Users\evenh\Downloads\Firefox Setup Stub 46.0.exe
2016-04-26 16:50 - 2016-04-26 17:11 - 00000000 ____D C:\Users\evenh\AppData\Roaming\discord
2016-04-26 16:50 - 2016-04-26 16:50 - 00000000 ____D C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-26 16:50 - 2016-04-26 16:50 - 00000000 ____D C:\Users\evenh\AppData\Local\SquirrelTemp
2016-04-26 16:50 - 2016-04-26 16:50 - 00000000 ____D C:\Users\evenh\AppData\Local\Discord
2016-04-26 16:45 - 2016-04-26 16:50 - 49113784 _____ (Hammer & Chisel, Inc.) C:\Users\evenh\Downloads\DiscordSetup.exe
2016-04-26 14:24 - 2016-04-26 14:24 - 00000009 _____ C:\ProgramData\a.bat
2016-04-25 15:46 - 2016-04-25 15:46 - 00001296 _____ C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk
2016-04-21 19:33 - 2016-04-21 19:33 - 00990214 _____ C:\Users\evenh\Downloads\Brev_fristillelse_depositumskonto.pdf
2016-04-21 16:28 - 2016-04-21 16:29 - 00234578 _____ C:\Users\evenh\Downloads\SI-09R0A-002-NOR.pdf
2016-04-21 16:25 - 2016-04-21 16:25 - 00839333 _____ C:\Users\evenh\Downloads\DM-CN0001-05-NOR.pdf
2016-04-21 16:25 - 2016-04-21 16:25 - 00317355 _____ C:\Users\evenh\Downloads\UM-0AH0A-003-03-NOR.pdf
2016-04-21 16:04 - 2016-04-21 16:05 - 01278846 _____ C:\Users\evenh\Downloads\DM-FD0002-05-NOR.pdf
2016-04-21 16:04 - 2016-04-21 16:05 - 00131082 _____ C:\Users\evenh\Downloads\UM-5NL0A-003-03-NOR.pdf
2016-04-21 16:04 - 2016-04-21 16:04 - 00159372 _____ C:\Users\evenh\Downloads\EV-FD-6800-3604D.pdf
2016-04-21 16:03 - 2016-04-21 16:03 - 00072622 _____ C:\Users\evenh\Downloads\SI-PD63A-003-03-NOR.pdf
2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys
2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avguniva.sys
2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys
2016-04-13 21:11 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 21:11 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 21:11 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 21:11 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 21:11 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 21:11 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 21:11 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 21:11 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 21:11 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 21:11 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 21:11 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 21:11 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 21:11 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 21:11 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 21:11 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 21:11 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 21:11 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 21:11 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 21:11 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 21:11 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 21:11 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 21:11 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 21:11 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 21:11 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 21:11 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 21:11 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 21:11 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 21:11 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 21:11 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 21:11 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 21:11 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 21:11 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 21:11 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 21:11 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 21:11 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 21:11 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 21:11 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 21:11 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 21:11 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 21:11 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 21:11 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 21:11 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 21:11 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 21:11 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 21:11 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 21:11 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 21:11 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 21:11 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 21:11 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 21:11 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 21:11 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 21:11 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 21:11 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 21:11 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 21:11 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 21:11 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 21:11 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 21:11 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 21:11 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 21:11 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 21:11 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 21:11 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 21:11 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 21:11 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 21:11 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 21:11 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 21:11 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 21:11 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 21:11 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 21:11 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 21:11 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 21:11 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 21:11 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 21:11 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 21:11 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 21:11 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 21:11 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 21:11 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 21:11 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 21:11 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 21:11 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 21:11 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 21:11 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 21:11 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 21:11 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 21:11 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 21:11 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 21:11 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 21:11 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 21:11 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 21:11 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 21:11 - 2016-03-29 09:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-13 21:11 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 21:11 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 21:11 - 2016-03-29 09:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-13 21:11 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 21:11 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 21:11 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 21:11 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 21:11 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 21:11 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 21:11 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 21:11 - 2016-03-29 09:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-13 21:11 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 21:11 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 21:11 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 21:11 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 21:11 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 21:11 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 21:11 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 21:11 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 21:11 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 21:11 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 21:11 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 21:11 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 21:11 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 21:11 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 21:11 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 21:11 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 21:11 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 21:11 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 21:11 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 21:11 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 21:11 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 21:11 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 21:11 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 21:11 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 21:11 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 21:11 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 21:11 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 21:11 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 21:11 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 21:11 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 21:11 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 21:11 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 21:11 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 21:11 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 21:11 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 21:11 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 21:11 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 21:11 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 21:11 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 21:11 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 21:11 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 21:11 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 21:11 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 21:11 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 21:11 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 21:11 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 21:11 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 21:11 - 2016-03-29 09:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-13 21:11 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 21:11 - 2016-03-29 09:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-13 21:11 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 21:11 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 21:11 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 21:11 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 21:11 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 21:11 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 21:11 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 21:11 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 21:11 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 21:11 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 21:11 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 21:11 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 21:11 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 21:11 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 21:11 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 21:11 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 21:11 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 21:11 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 21:11 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 21:11 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 21:11 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 21:11 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 21:11 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 21:11 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 21:11 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 21:11 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 21:11 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 21:11 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 21:11 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 21:11 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 21:11 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 21:11 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 21:11 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 21:11 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 21:11 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 21:11 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 21:11 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 21:11 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 21:11 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 21:11 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 21:11 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 21:11 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 21:11 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 21:11 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 21:11 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 21:11 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 21:11 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 21:11 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 21:11 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 21:11 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 21:11 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 21:11 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 21:11 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 21:11 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 21:11 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 21:11 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 21:11 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 21:11 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 21:11 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 21:11 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 21:11 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 21:11 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 21:11 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 21:11 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 21:11 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 21:11 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 21:11 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 21:11 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 21:11 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 21:11 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 21:11 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 21:11 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 21:11 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 21:11 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 21:11 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 21:11 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 21:11 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 21:11 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 21:11 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 21:11 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 21:11 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 21:11 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 21:11 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 21:11 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 21:11 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 21:11 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 21:11 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 21:11 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 21:11 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 21:11 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 21:11 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 21:11 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 21:11 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 21:11 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 21:11 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 21:11 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 21:11 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 21:11 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 21:11 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 21:11 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 21:11 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 21:11 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 21:11 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 21:11 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 21:11 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 21:11 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 21:11 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 21:11 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 21:11 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 21:11 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 21:11 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 21:11 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 21:11 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 21:11 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 21:11 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 21:11 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 21:11 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 21:11 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 21:11 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 21:11 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 21:11 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 21:11 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 21:11 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 21:11 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 21:11 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-09 14:45 - 2016-04-09 14:45 - 00003740 _____ C:\Users\evenh\Documents\cc_20160409_144512.reg
2016-04-09 14:44 - 2016-04-09 14:44 - 00001834 _____ C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BI Quick Launch.lnk
2016-04-09 13:52 - 2016-04-23 22:46 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-09 13:52 - 2016-04-09 13:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-04-05 19:23 - 2016-04-05 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1
2016-04-05 19:23 - 2016-04-05 19:23 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-04-05 19:23 - 2016-02-16 01:27 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-04-05 19:23 - 2016-02-16 01:26 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-04-05 19:23 - 2016-02-16 01:25 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-04-05 19:23 - 2016-02-16 01:25 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-04-05 19:22 - 2016-04-05 19:22 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-01 00:46 - 2016-04-01 00:46 - 08929400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-04-01 00:46 - 2016-04-01 00:46 - 08669624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-04-01 00:46 - 2016-04-01 00:46 - 07466024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-04-01 00:46 - 2016-04-01 00:46 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-04-01 00:46 - 2016-04-01 00:46 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-04-01 00:46 - 2016-04-01 00:46 - 00081200 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-04-01 00:45 - 2016-04-01 00:45 - 08468248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 06658376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00471344 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00151968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00138416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00120768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00112400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-04-01 00:44 - 2016-04-01 00:44 - 00081192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00218648 _____ C:\WINDOWS\system32\GameManager64.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00203800 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00183312 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00136208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00122392 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00106000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-04-01 00:39 - 2016-04-01 00:39 - 00098320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-04-01 00:38 - 2016-04-01 00:38 - 00874008 _____ (AMD) C:\WINDOWS\system32\coinst_16.15.dll
2016-04-01 00:38 - 2016-04-01 00:38 - 00243728 _____ C:\WINDOWS\system32\clinfo.exe
2016-04-01 00:38 - 2016-04-01 00:38 - 00232984 _____ C:\WINDOWS\system32\dgtrayicon.exe
2016-04-01 00:38 - 2016-04-01 00:38 - 00195088 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2016-04-01 00:38 - 2016-04-01 00:38 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2016-04-01 00:38 - 2016-04-01 00:38 - 00012824 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2016-04-01 00:36 - 2016-04-01 00:36 - 25077784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-04-01 00:36 - 2016-04-01 00:36 - 00341520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2016-04-01 00:36 - 2016-04-01 00:36 - 00199704 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-04-01 00:36 - 2016-04-01 00:36 - 00097808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2016-04-01 00:36 - 2016-04-01 00:36 - 00089624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2016-04-01 00:36 - 2016-04-01 00:36 - 00059928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2016-04-01 00:35 - 2016-04-01 00:35 - 00573456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-04-01 00:35 - 2016-04-01 00:35 - 00260112 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-04-01 00:35 - 2016-04-01 00:35 - 00171032 _____ C:\WINDOWS\system32\atieah64.exe
2016-04-01 00:35 - 2016-04-01 00:35 - 00166416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-04-01 00:35 - 2016-04-01 00:35 - 00154136 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-04-01 00:35 - 2016-04-01 00:35 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-04-01 00:35 - 2016-04-01 00:35 - 00087056 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-04-01 00:35 - 2016-04-01 00:35 - 00084504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-04-01 00:35 - 2016-04-01 00:35 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-04-01 00:35 - 2016-04-01 00:35 - 00078864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 15720464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 14310936 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 06964752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00953360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00953360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00451096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00375824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-04-01 00:34 - 2016-04-01 00:34 - 00071184 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00064528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00060952 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00057872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-04-01 00:34 - 2016-04-01 00:34 - 00052240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-04-01 00:33 - 2016-04-01 00:33 - 48221720 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-04-01 00:33 - 2016-04-01 00:33 - 26895896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-04-01 00:33 - 2016-04-01 00:33 - 21739024 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-04-01 00:33 - 2016-04-01 00:33 - 05428752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2016-04-01 00:32 - 2016-04-01 00:32 - 40135696 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-04-01 00:32 - 2016-04-01 00:32 - 06893584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-04-01 00:32 - 2016-04-01 00:32 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-04-01 00:32 - 2016-04-01 00:32 - 00048152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 05406736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00710168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00588816 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00305400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2016-04-01 00:31 - 2016-04-01 00:31 - 00213528 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00198680 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00143376 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00132112 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00073744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-04-01 00:31 - 2016-04-01 00:31 - 00068120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-03-31 23:32 - 2016-03-31 23:32 - 30386712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-03-31 23:29 - 2016-03-31 23:29 - 00088032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-03-31 22:24 - 2016-03-31 22:24 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2016-03-31 22:24 - 2016-03-31 22:24 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2016-03-31 22:24 - 2016-03-31 22:24 - 00365824 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00322612 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00320944 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00264736 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00260640 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00254804 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00251856 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00232496 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2016-03-31 22:24 - 2016-03-31 22:24 - 00177280 _____ C:\WINDOWS\system32\ativce03.dat
2016-03-31 22:23 - 2016-03-31 22:23 - 00697792 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2016-03-31 22:23 - 2016-03-31 22:23 - 00697792 _____ C:\WINDOWS\system32\atiapfxx.blb
2016-03-31 22:22 - 2016-03-31 22:22 - 00857576 _____ C:\WINDOWS\system32\amdicdxx.dat
2016-03-31 22:22 - 2016-03-31 22:22 - 00175584 _____ C:\WINDOWS\system32\amde31a.dat
2016-03-31 22:22 - 2016-03-31 22:22 - 00166624 _____ C:\WINDOWS\system32\amde34b.dat
2016-03-31 22:22 - 2016-03-31 22:22 - 00166624 _____ C:\WINDOWS\system32\amde34a.dat
2016-03-31 22:22 - 2016-03-31 22:22 - 00009184 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2016-03-31 22:22 - 2016-03-31 22:22 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2016-03-31 22:22 - 2016-03-31 22:22 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 16:29 - 2016-02-19 17:24 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 16:29 - 2016-02-19 17:24 - 00001018 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-29 16:25 - 2015-10-30 20:07 - 00449578 _____ C:\WINDOWS\system32\perfh014.dat
2016-04-29 16:25 - 2015-10-30 20:07 - 00076846 _____ C:\WINDOWS\system32\perfc014.dat
2016-04-29 16:25 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-29 16:25 - 2015-08-16 00:52 - 01393452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-29 16:23 - 2015-08-17 12:01 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-29 16:22 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-29 16:21 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-29 16:19 - 2015-08-16 00:59 - 00000000 ___RD C:\Users\evenh\OneDrive
2016-04-29 16:18 - 2015-11-16 17:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 16:18 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-29 16:14 - 2015-08-16 00:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-29 15:59 - 2016-02-19 16:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 15:50 - 2015-11-16 17:51 - 00000000 ____D C:\Users\evenh
2016-04-29 15:49 - 2015-11-16 17:50 - 05849200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-29 15:44 - 2015-08-16 00:57 - 00000000 ____D C:\Users\evenh\AppData\Local\VirtualStore
2016-04-29 15:43 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-29 15:38 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-29 13:39 - 2015-08-16 00:57 - 00000000 ____D C:\Users\evenh\AppData\Local\Packages
2016-04-29 12:41 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 12:40 - 2015-09-03 11:34 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F635A319-825F-4D6D-996B-3584AFEB4B09}
2016-04-29 12:40 - 2015-08-23 16:32 - 00000000 ____D C:\Users\evenh\AppData\Local\Adobe
2016-04-28 17:17 - 2015-09-16 13:51 - 00001456 _____ C:\Users\evenh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-27 12:34 - 2015-09-30 15:56 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-04-27 12:34 - 2015-09-30 15:56 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-04-26 14:36 - 2016-02-29 22:38 - 00002334 _____ C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-04-26 14:36 - 2016-02-29 22:38 - 00000000 ____D C:\Users\evenh\AppData\Local\Vivaldi
2016-04-26 14:35 - 2015-08-16 00:59 - 00002373 _____ C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-22 09:57 - 2015-08-16 01:02 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-19 16:47 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-19 16:46 - 2015-08-23 16:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-16 01:24 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 23:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 23:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-13 23:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-13 23:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:29 - 2016-02-19 17:24 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-13 21:19 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 21:18 - 2015-08-16 01:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 21:17 - 2015-08-16 01:00 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-09 14:30 - 2016-02-19 16:28 - 00000000 ____D C:\ProgramData\4f871b43
2016-04-09 14:26 - 2016-02-19 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-09 14:26 - 2016-02-19 16:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-06 20:32 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 19:23 - 2015-12-09 12:56 - 00000000 ____D C:\Users\evenh\AppData\Roaming\Raptr
2016-04-05 19:23 - 2015-12-09 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-04-05 19:22 - 2015-11-16 17:50 - 00000000 ____D C:\Program Files\AMD
2016-04-05 19:22 - 2015-08-16 00:58 - 00000000 ____D C:\AMD
2016-04-01 00:46 - 2015-08-16 01:01 - 00162784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-04-01 00:46 - 2015-08-16 01:01 - 00143600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-04-01 00:45 - 2015-08-16 01:01 - 11735800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-04-01 00:45 - 2015-08-16 01:01 - 09675944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-04-01 00:45 - 2015-08-16 01:01 - 01539560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-04-01 00:45 - 2015-08-16 01:01 - 01265208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-04-01 00:35 - 2015-08-16 01:01 - 26354192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-04-01 00:35 - 2015-08-16 01:01 - 00685592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2016-04-01 00:34 - 2015-12-23 17:26 - 01285136 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-03-31 23:29 - 2015-08-16 01:01 - 09618792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll

==================== Files in the root of some directories =======

2015-12-29 12:00 - 2016-01-04 17:40 - 0000132 _____ () C:\Users\evenh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-29 15:43 - 2016-04-29 15:43 - 0114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\evenh\AppData\Roaming\xldl.dll
2015-09-16 13:51 - 2016-04-28 17:17 - 0001456 _____ () C:\Users\evenh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 _____ () C:\ProgramData\a.bat
2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 _____ () C:\ProgramData\adb.exe
2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 _____ (Google, inc) C:\ProgramData\AdbWinApi.dll
2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 _____ (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
2016-04-29 15:45 - 2016-04-26 23:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
2015-11-16 17:50 - 2015-11-16 17:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 _____ () C:\ProgramData\fastboot.exe
2016-04-29 15:45 - 2016-04-29 15:45 - 0413439 _____ () C:\ProgramData\xdo.zip

Files to move or delete:
====================
C:\ProgramData\a.bat
C:\ProgramData\adb.exe
C:\ProgramData\AdbWinApi.dll
C:\ProgramData\AdbWinUsbApi.dll
C:\ProgramData\apptj.exe
C:\ProgramData\fastboot.exe

Some files in TEMP:
====================
C:\Users\evenh\AppData\Local\Temp\A0B7.tmp.exe
C:\Users\evenh\AppData\Local\Temp\adblocker4.exe
C:\Users\evenh\AppData\Local\Temp\avg-2f08ac5f-5a25-4460-a6c1-9b254dd2ab7f.exe
C:\Users\evenh\AppData\Local\Temp\FreeVPNSetup.exe
C:\Users\evenh\AppData\Local\Temp\hoi3_tfh_podcast_exe.zip.exe
C:\Users\evenh\AppData\Local\Temp\pps-qq-19.exe
C:\Users\evenh\AppData\Local\Temp\QQPCMgr_Setup.exe
C:\Users\evenh\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_123112061_Silence.exe
C:\Users\evenh\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_45101_Silence.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-20 23:30

==================== End of FRST.txt ============================

#3
chilligringo

Posted 29 April 2016 - 09:32 AM

New Member

Topic Starter
Member
9 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by evenh (2016-04-29 16:57:31)
Running from C:\Users\evenh\Desktop
Windows 10 Home Version 1511 (X64) (2015-11-16 15:56:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1389706129-1160737656-1141877127-500 - Administrator - Disabled)
evenh (S-1-5-21-1389706129-1160737656-1141877127-1001 - Administrator - Enabled) => C:\Users\evenh
Gjest (S-1-5-21-1389706129-1160737656-1141877127-501 - Limited - Disabled)
Standardkonto (S-1-5-21-1389706129-1160737656-1141877127-503 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Airfoil (HKLM-x32\...\Airfoil) (Version: 3.6.7 - Rogue Amoeba)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version: - Studio Wildcard)
AVG (Version: 16.71.7596 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4563 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
Cyberduck 4.7.2 (HKLM-x32\...\Cyberduck) (Version: 4.7.2 - )
Discord (HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
FM Genie Scout 14 version 1.2 14.3.1 (HKLM-x32\...\FM Genie Scout 14_is1) (Version: 1.2 14.3.1 - )
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version: - )
Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearts of Iron III (HKLM\...\Steam App 25890) (Version: - Paradox Development Studio)
Malwarebytes Anti-Malware versjon 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - nb-no (HKLM\...\O365HomePremRetail - nb-no) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 nb-NO)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.8.11-r110387-release - Plays.tv, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: 5.1.1-r111306-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sheltered (HKLM-x32\...\Steam App 356040) (Version: - Unicube)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TIDAL (HKLM-x32\...\TIDAL 1.2.0.697) (Version: 1.2.0.697 - TIDAL)
TIDAL (x32 Version: 1.2.0.697 - TIDAL) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vivaldi (HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\...\Vivaldi) (Version: 1.1.453.47 - Vivaldi)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Windows-driverpakke - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-driverpakke - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1389706129-1160737656-1141877127-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\evenh\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033916B4-0899-449D-8E4F-3F9F3D0F6694} - \{7F0C7D47-0C0D-7E7A-0911-7E057D09110F} -> No File <==== ATTENTION
Task: {0EC3BF0D-3828-45BE-9219-78D2D2C6CABD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
Task: {166C0899-5CAD-4B6B-9DA5-6D8F1E79AD0F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)
Task: {1C1DA664-D85F-4C0D-9F9A-CBFA0E8AABA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
Task: {29E06290-CDE0-4538-B096-860302BE764C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {375F7ED7-DD22-4202-9502-B25632982E24} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {4CF24AE6-FC9B-429E-837F-0318D4D33902} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {4E298487-60FE-476A-BEAD-8CFE56A6B338} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {58140C7E-385F-459A-B45C-A56E4F4C883B} - System32\Tasks\{DA608A7F-3D54-D701-9E09-F9D9310DBA45} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4f871b43\2eafea31.dll" <==== ATTENTION
Task: {62F108BC-C61E-41B3-8626-474ACCC3F7DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {B7065C65-32AD-4D1F-9CB4-0B550A9CC002} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {BE2B233A-193C-407E-8F19-75CA04EA7F78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {D24AE032-197C-40DD-B84F-8E710C05F3E9} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {FCDB59C1-62B1-4A15-8845-5853DFB609E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-22 13:54 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-09 11:45 - 2016-04-09 11:45 - 00007168 _____ () C:\Program Files (x86)\AdBlocker\Service.WinServiceHost.exe
2016-04-13 21:11 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 21:11 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-19 16:39 - 2016-04-19 16:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-13 21:11 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 14:35 - 2016-04-26 14:35 - 00959176 _____ () C:\Users\evenh\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-12-18 18:05 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 21:11 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 21:11 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 21:11 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 21:11 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-03-11 22:31 - 2016-03-11 22:31 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1044.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00115904 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAntiInject.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\zlib.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00488640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\sqlite.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\tinyxml.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00046784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2016-04-29 15:45 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2016-04-29 15:44 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\oDayProtect.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00128192 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmrtpcontroller.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 22:48 - 2015-11-24 22:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 22:46 - 2015-11-24 22:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 22:48 - 2015-11-24 22:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 22:57 - 2015-12-07 22:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 22:47 - 2015-11-24 22:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 22:43 - 2015-11-24 22:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2016-04-19 16:39 - 2016-04-19 16:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 16:39 - 2016-04-19 16:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\arkGraphic.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xImage.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\GF.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\xGraphic32.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libpng.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libjpegturbo.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\libexpatw.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgImage.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\jgIOStub.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00083136 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\MemDefrag.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00169152 _____ () c:\program files (x86)\tencent\qqpcmgr\11.5.17490.219\qmhipslogpolicy.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00337088 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\DlForQd.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00264896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\Win10ToastNotification.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00251072 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMWlanMacDll.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\GF.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\xGraphic32.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\arkGraphic.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgImage.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\jgIOStub.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\tinyxml.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\zlib.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libexpatw.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libpng.dll
2016-04-29 15:44 - 2016-04-29 15:44 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\libjpegturbo.dll
2016-04-26 14:34 - 2016-04-26 14:34 - 00679624 _____ () C:\Users\evenh\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-04-29 16:21 - 2016-04-29 16:21 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-04-29 15:53 - 2016-04-29 15:53 - 00075320 _____ () C:\Users\evenh\AppData\Roaming\Tencent\AndroidServer\1.0.0.510\zlib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-09-21 13:30 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\evenh\Pictures\canyon-02-wide.jpg
DNS Servers: 138.201.48.176 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "tim.exe -start"
HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{430C64F3-A8C8-4851-95A1-7C370D272099}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{33F39C95-C416-408F-B656-4471D3B4B67B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E79C0892-D5C7-4712-AF6C-D9AEAA7AAA5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{70DEDB5C-9183-43E5-ACEC-2C8FFBA64B66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe
FirewallRules: [{41E3CDC6-2C4F-4FF7-A121-8F197A7EFDF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe
FirewallRules: [{EB4AA1F3-3E21-4F71-9AEC-5FAB52DB597A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sheltered\Sheltered.exe
FirewallRules: [{657B59A1-91F9-426F-9C3A-041A7A5B412C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sheltered\Sheltered.exe
FirewallRules: [{3EEA3339-8807-45F3-8D19-EEB921CCDBE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D0F999E7-5804-41DA-BE10-0918B8D04F86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{DBECE422-DF86-45E9-AA13-6EE52182455C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1723A8C1-2CA2-4DF8-B711-3F3D587E9E79}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB8965D5-AD69-4092-969A-513C9FC6F4D1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{62971440-BD22-4578-AC41-991A4EE91A7C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{348CF462-33B5-483E-A0B8-76A5019072D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B42250C-D02E-4C0C-86D5-2CB9D9CFE201}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A568EFD-C70E-4E16-9A86-6A67E8255ECA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{D0873227-827B-4266-B0E5-ADF0252D2097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0875BF27-96AA-4504-9603-05215A86ED01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5B9A138C-F8DA-4617-AD10-8A113BB635C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A616D35A-985A-4398-B24D-6ECD6BE84744}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{39C531A3-2E5B-4FF0-8CB9-015EE1918ED8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{9AF1D910-9DFD-49DA-8D1F-9F8E13FB3028}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{0C722FC1-E741-451B-9D42-C9F49B088D62}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3E73B9DF-F009-47C3-8E54-3E1780312D51}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4BDA7DDF-61EB-4562-8C31-774E94E8F1B4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{E6761FA5-203C-42A3-AF7C-F62F959752CF}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B7A467D8-33F2-4EA0-A9C6-A638154C4F92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8516D30A-246C-4C95-B432-4F4C5A20D0A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB360EE4-9468-4E94-933A-C9AE6A8D9828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4239372F-DF9C-4C15-BF62-BA0AE2BDC52F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{F71E538D-AA89-4063-A761-CF398C125892}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{B7371F2F-6A31-4CCB-A0E7-77AE032AB73F}] => (Allow) c:\users\evenh\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{BAF0F728-E46D-4976-9CBA-0D9D59C25E1E}] => (Allow) c:\users\evenh\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{8CC644E1-7692-45FB-B61E-012616DEDF56}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCmgrInstallGuide.exe
FirewallRules: [{3C61ECFB-24FB-4B11-A46E-E302FB99B12C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
FirewallRules: [{2CAF69F9-2209-4742-BB88-C3DF974E9825}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCMgr.exe
FirewallRules: [{0B034EF9-96FA-4F5E-BCA3-DAE5274ECE0E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
FirewallRules: [{C9A8A7A3-6498-4FFE-84AF-0E96E130D018}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe
FirewallRules: [{08ACBDB2-F5D0-4444-8177-3099E93D7A75}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\bugreport.exe
FirewallRules: [{4AE30009-1FBD-4652-8BF2-CDF441BBCA38}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCFileOpen.exe
FirewallRules: [{F0C54838-2137-424D-B5ED-B773B3A1D85D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe
FirewallRules: [{2549CD79-8FF4-4AB7-BF44-61737C14203D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPConfig.exe
FirewallRules: [{9ADDAB5E-9C1D-446A-A665-1341E34CA3A0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftMgr.exe
FirewallRules: [{427CED2E-7B95-422D-8605-B7304BAC82CD}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{07E1EC00-D990-412A-950A-4F35A37B3E60}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCBTU.exe
FirewallRules: [{D41AC0AE-FCC6-47C0-A4E4-A569F1D2B977}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCClinic.exe
FirewallRules: [{286645AF-2380-4C61-B8DF-155F145DBD34}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLaunch.exe
FirewallRules: [{AEB6474F-4EB4-4284-B247-2256544F4B86}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{7CF0A986-192D-4818-9650-E15D2DB5AC7D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftGame.exe
FirewallRules: [{BB9DA3B2-BA85-4B32-9B10-12CFF6501492}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSysOptimize.exe
FirewallRules: [{ECC58006-01FC-4B94-AFEF-554772A992DE}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCUpdateAVLib.exe
FirewallRules: [{800ACF17-F8F5-4E34-82AD-20BD57092524}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQRepair.exe
FirewallRules: [{490048CC-EFA8-4FF7-8A59-BB8E42848CDF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\Uninst.exe
FirewallRules: [{D2AF8436-9B66-4E00-B978-E3FF8A9A8C6C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCPatch.exe
FirewallRules: [{F10AA8B8-1603-4FA8-9E31-3BCC629CE15F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TpkUpdate.exe
FirewallRules: [{4CC57878-DC38-474E-8AD8-6045867270F0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMRouterMgr.exe
FirewallRules: [{749E2667-24D9-4FC6-8285-D15B546B7617}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAccountProtection.exe
FirewallRules: [{F8B6E7F8-9CA0-480B-9C69-3F61F4B435E7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAdBlock.exe
FirewallRules: [{71049FBF-8561-4413-838C-65C7282EAF95}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{5F8CCBA2-7B54-4019-87FB-294964D8D059}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{36F853C2-3905-4CF9-AF52-9C3DC0271222}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{7DBC1716-18FD-45D2-8EBC-2EA37D9070F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{53CCCA99-E850-4F09-A73B-676507D78B9D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{45FEAFFA-CFCC-4FC6-B885-16F52EE5A0C1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{783546E3-3A82-4ED2-84FB-A1F057C02891}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{34CAE3FE-B607-4AB3-88D2-BF5A02BE71F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{68F77876-A338-4291-8D0A-06BCA5900782}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{427B0675-855A-4AD5-900D-EA79CF05D575}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

01-04-2016 09:52:49 Planlagt kontrollpunkt
13-04-2016 21:15:48 Windows Update
21-04-2016 19:43:32 Planlagt kontrollpunkt
27-04-2016 12:34:29 Garmin Express
29-04-2016 15:43:18 AdBlocker

==================== Faulty Device Manager Devices =============

Name: Dell U2410(HDMI)
Description: Dell U2410(HDMI)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell Inc.
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Dual Band Wireless-AC 7260
Description: Intel® Dual Band Wireless-AC 7260
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNb64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2016 04:18:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: AvastSvc.exe, versjon: 11.2.2738.0, tidsangivelse: 0x571e0372
Modulnavn med feil: combase.dll, versjon: 10.0.10586.103, tidsangivelse: 0x56a84cbb
Unntakskode: 0xc0000005
Feilforskyvning: 0x0009ecdf
Feil prosess-ID: 0x1f74
Feil starttid for program: 0xAvastSvc.exe0
Feil programbane: AvastSvc.exe1
Feil modulbane: AvastSvc.exe2
Rapport-ID: AvastSvc.exe3
Fullstendig navn på feilpakke: AvastSvc.exe4
Relativ program-ID for feilpakke: AvastSvc.exe5

Error: (04/29/2016 03:43:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Tjenesten Cryptographic Services mislyktes under behandling av OnIdentity()-kallet i systemskriverobjektet.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Ingen tilgang.
.

Error: (04/29/2016 12:47:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/28/2016 03:34:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/27/2016 12:41:26 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/27/2016 12:34:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Tjenesten Cryptographic Services mislyktes under behandling av OnIdentity()-kallet i systemskriverobjektet.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Ingen tilgang.
.

Error: (04/26/2016 05:37:31 PM) (Source: ESENT) (EventID: 489) (User: )
Description: firefox (2872) An attempt to open the file "C:\Users\evenh\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb" for read only access failed with system error 32 (0x00000020): "Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/26/2016 05:37:20 PM) (Source: ESENT) (EventID: 489) (User: )
Description: firefox (2872) An attempt to open the file "C:\Users\evenh\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb" for read only access failed with system error 32 (0x00000020): "Prosessen får ikke tilgang til filen fordi den brukes av en annen prosess. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/26/2016 02:44:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (04/25/2016 02:28:30 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

System errors:
=============
Error: (04/29/2016 04:32:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: programspesifikkLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-MYNDIGHETSYSTEMS-1-5-18LocalHost (bruker LRPC)Ikke tilgjengeligIkke tilgjengelig

Error: (04/29/2016 04:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten User Data Access_5ccc3 ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 10000 millisekunder: Start tjenesten på nytt.

Error: (04/29/2016 04:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten User Data Storage_5ccc3 ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 10000 millisekunder: Start tjenesten på nytt.

Error: (04/29/2016 04:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Contact Data_5ccc3 ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 10000 millisekunder: Start tjenesten på nytt.

Error: (04/29/2016 04:18:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Synkroniseringsvert_5ccc3 ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 10000 millisekunder: Start tjenesten på nytt.

Error: (04/29/2016 04:18:18 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: programspesifikkLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-MYNDIGHETSYSTEMS-1-5-18LocalHost (bruker LRPC)Ikke tilgjengeligIkke tilgjengelig

Error: (04/29/2016 04:18:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Avast Antivirus kan ikke starte på grunn av følgende feil:
%%3

Error: (04/29/2016 04:18:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Avast Antivirus ble uventet avbrutt. Det har den blitt 1 gang(er). Følgende korrigerende handling blir utført om 5000 millisekunder: Start tjenesten på nytt.

Error: (04/29/2016 03:55:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten QQPCMgr RTP Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (04/29/2016 03:55:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-MYNDIGHET)
Description: programspesifikkLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-MYNDIGHETSYSTEMS-1-5-18LocalHost (bruker LRPC)Ikke tilgjengeligIkke tilgjengelig

CodeIntegrity:
===================================
Date: 2016-04-29 16:56:43.571
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:56:43.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:47:49.882
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:47:49.868
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:47:38.230
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:47:38.222
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:31:29.586
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:31:29.577
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:22:51.325
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-29 16:22:51.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 15%
Total physical RAM: 32719.15 MB
Available physical RAM: 27634.9 MB
Total Virtual: 37583.15 MB
Available Virtual: 33356.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.34 GB) (Free:69.39 GB) NTFS
Drive d: (DATA) (Fixed) (Total:2794.39 GB) (Free:2628.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: B100393A)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: B10039F0)

Partition: GPT.

==================== End of Addition.txt ============================

#4
Essexboy

Posted 29 April 2016 - 10:45 AM

GeekU Moderator

Retired Staff
69,964 posts

Once this has run could you provide a fresh FRST scan please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
AppInit_DLLs-x32: AirfoilInjector_3_7.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Tcpip\..\Interfaces\{d5e60bb0-5347-408f-9c31-b5b2f8840054}: [DhcpNameServer] 82.163.143.171
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-04-29] (Tencent Technology (Shenzhen) Company Limited)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-04-29] (Tencent)
U2 QQRepair251a; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair251a [140608 2016-04-29] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [140608 2016-04-29] ()
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-04-18] (Tencent)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-04-29] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [172664 2016-04-29] ()
R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-04-29] (Tencent)
R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-04-29] (Tencent Technology(Shenzhen) Company Limited)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-04-29] (Tencent)
S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-04-29] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-04-29] ()
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-04-29] (电脑管家)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-04-29] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-04-29] (电脑管家)
2016-04-29 15:44 - 2016-04-29 15:44 - 00097400 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2016-04-29 15:43 - 2016-04-29 15:43 - 00114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\evenh\AppData\Roaming\xldl.dll
2016-04-29 15:43 - 2016-04-29 15:43 - 0114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\evenh\AppData\Roaming\xldl.dll
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
2016-04-29 16:35 - 2016-04-29 16:35 - 00768248 _____ (Reimage®) C:\Users\evenh\Downloads\ReimageRepair.exe
2016-04-29 16:19 - 2016-04-29 16:19 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2016-04-29 15:45 - 2016-04-29 15:45 - 00413439 _____ C:\ProgramData\xdo.zip
2016-04-29 15:45 - 2016-04-26 23:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
2016-04-29 15:44 - 2016-04-29 16:18 - 00000000 ____D C:\ProgramData\TXQMPC
2016-04-29 15:44 - 2016-04-29 15:53 - 00000000 ____D C:\Users\evenh\AppData\Roaming\Tencent
2016-04-29 15:44 - 2016-04-29 15:50 - 00000000 ____D C:\ProgramData\Tencent
2016-04-29 15:44 - 2016-04-29 15:44 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
2016-04-29 15:44 - 2016-04-29 15:44 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\evenh\AppData\Roaming\download
2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\ProgramData\Thunder Network
Task: {033916B4-0899-449D-8E4F-3F9F3D0F6694} - \{7F0C7D47-0C0D-7E7A-0911-7E057D09110F} -> No File <==== ATTENTION
Task: {58140C7E-385F-459A-B45C-A56E4F4C883B} - System32\Tasks\{DA608A7F-3D54-D701-9E09-F9D9310DBA45} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4f871b43\2eafea31.dll" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
C:\Program Files (x86)\Tencent
C:\Users\evenh\AppData\Roaming\Tencent
C:\Program Files (x86)\Common Files\Tencent
C:\ProgramData\a.bat
C:\ProgramData\adb.exe
C:\ProgramData\AdbWinApi.dll
C:\ProgramData\AdbWinUsbApi.dll
C:\ProgramData\apptj.exe
C:\ProgramData\fastboot.exe
C:\PROGRA~3\4f871b43
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

#5
chilligringo

Posted 29 April 2016 - 10:54 AM

New Member

Topic Starter
Member
9 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016

Ran by evenh (2016-04-29 18:47:45) Run:1

Running from C:\Users\evenh\Desktop

Loaded Profiles: evenh (Available Profiles: evenh)

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

AppInit_DLLs-x32: AirfoilInjector_3_7.dll => No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

Tcpip\..\Interfaces\{d5e60bb0-5347-408f-9c31-b5b2f8840054}: [DhcpNameServer] 82.163.143.171

FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-04-29] (Tencent Technology (Shenzhen) Company Limited)

R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-04-29] (Tencent)

U2 QQRepair251a; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair251a [140608 2016-04-29] ()

S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [140608 2016-04-29] ()

R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-04-18] (Tencent)

R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-04-29] (Tencent)

R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [172664 2016-04-29] ()

R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-04-29] (Tencent)

R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-04-29] (Tencent Technology(Shenzhen) Company Limited)

R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TS888x64.sys [38520 2016-04-29] (Tencent)

S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-04-29] (Tencent)

R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-04-29] ()

R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-04-29] (????)

R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-04-29] (????)

R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-04-29] (????)

2016-04-29 15:44 - 2016-04-29 15:44 - 00097400 _____ (????) C:\WINDOWS\system32\Drivers\TFsFltX64.sys

2016-04-29 15:43 - 2016-04-29 15:43 - 00114632 _____ (?????????????) C:\Users\evenh\AppData\Roaming\xldl.dll

2016-04-29 15:43 - 2016-04-29 15:43 - 0114632 _____ (?????????????) C:\Users\evenh\AppData\Roaming\xldl.dll

AV: ???????? (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}

AS: ???????? (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}

2016-04-29 16:35 - 2016-04-29 16:35 - 00768248 _____ (Reimage®) C:\Users\evenh\Downloads\ReimageRepair.exe

2016-04-29 16:19 - 2016-04-29 16:19 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys

2016-04-29 15:45 - 2016-04-29 15:45 - 00413439 _____ C:\ProgramData\xdo.zip

2016-04-29 15:45 - 2016-04-26 23:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe

2016-04-29 15:44 - 2016-04-29 16:18 - 00000000 ____D C:\ProgramData\TXQMPC

2016-04-29 15:44 - 2016-04-29 15:53 - 00000000 ____D C:\Users\evenh\AppData\Roaming\Tencent

2016-04-29 15:44 - 2016-04-29 15:50 - 00000000 ____D C:\ProgramData\Tencent

2016-04-29 15:44 - 2016-04-29 15:44 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys

2016-04-29 15:44 - 2016-04-29 15:44 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys

2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files\Common Files\Tencent

2016-04-29 15:44 - 2016-04-29 15:44 - 00000000 ____D C:\Program Files (x86)\Tencent

2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\Public\Thunder Network

2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\Users\evenh\AppData\Roaming\download

2016-04-29 15:43 - 2016-04-29 15:43 - 00000000 ____D C:\ProgramData\Thunder Network

Task: {033916B4-0899-449D-8E4F-3F9F3D0F6694} - \{7F0C7D47-0C0D-7E7A-0911-7E057D09110F} -> No File <==== ATTENTION

Task: {58140C7E-385F-459A-B45C-A56E4F4C883B} - System32\Tasks\{DA608A7F-3D54-D701-9E09-F9D9310DBA45} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\4f871b43\2eafea31.dll" <==== ATTENTION

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

C:\Program Files (x86)\Tencent

C:\Users\evenh\AppData\Roaming\Tencent

C:\Program Files (x86)\Common Files\Tencent

C:\ProgramData\a.bat

C:\ProgramData\adb.exe

C:\ProgramData\AdbWinApi.dll

C:\ProgramData\AdbWinUsbApi.dll

C:\ProgramData\apptj.exe

C:\ProgramData\fastboot.exe

C:\PROGRA~3\4f871b43

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

RemoveProxy:

EmptyTemp:

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset c:\resetlog.txt

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

"AirfoilInjector_3_7.dll" => Value data removed successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully

HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5e60bb0-5347-408f-9c31-b5b2f8840054}\\DhcpNameServer => value removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr" => key removed successfully

C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll => moved successfully

QQPCRTP => Unable to stop service.

QQPCRTP => service removed successfully

QQRepair251a => service removed successfully

QQRepairFixSVC => service removed successfully

QMUdisk => Unable to stop service.

QMUdisk => service removed successfully

softaal => Unable to stop service.

softaal => service removed successfully

SRepairDrv => Unable to stop service.

SRepairDrv => service removed successfully

TAOAccelerator => Unable to stop service.

TAOAccelerator => service removed successfully

TAOKernelDriver => Unable to stop service.

TAOKernelDriver => service removed successfully

TS888x64 => Unable to stop service.

TS888x64 => service removed successfully

TSDefenseBt => service removed successfully

tsnethlpx64 => Unable to stop service.

tsnethlpx64 => service removed successfully

QQSysMonX64 => Unable to stop service.

QQSysMonX64 => service removed successfully

TFsFlt => Unable to stop service.

TFsFlt => service removed successfully

TSSysKit => Unable to stop service.

TSSysKit => service removed successfully

C:\WINDOWS\system32\Drivers\TFsFltX64.sys => moved successfully

C:\Users\evenh\AppData\Roaming\xldl.dll => moved successfully

"C:\Users\evenh\AppData\Roaming\xldl.dll" => not found.

AV: ???????? (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5} => removed successfully

AS: ???????? (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48} => removed successfully

C:\Users\evenh\Downloads\ReimageRepair.exe => moved successfully

C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys => moved successfully

C:\ProgramData\xdo.zip => moved successfully

C:\ProgramData\apptj.exe => moved successfully

C:\ProgramData\TXQMPC => moved successfully

"C:\Users\evenh\AppData\Roaming\Tencent" folder move:

Could not move "C:\Users\evenh\AppData\Roaming\Tencent" => Scheduled to move on reboot.

"C:\ProgramData\Tencent" folder move:

Could not move "C:\ProgramData\Tencent" => Scheduled to move on reboot.

C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys => moved successfully

C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys => moved successfully

"C:\Program Files\Common Files\Tencent" folder move:

Could not move "C:\Program Files\Common Files\Tencent" => Scheduled to move on reboot.

"C:\Program Files (x86)\Tencent" folder move:

Could not move "C:\Program Files (x86)\Tencent" => Scheduled to move on reboot.

C:\Users\Public\Thunder Network => moved successfully

C:\Users\evenh\AppData\Roaming\download => moved successfully

C:\ProgramData\Thunder Network => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{033916B4-0899-449D-8E4F-3F9F3D0F6694}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{033916B4-0899-449D-8E4F-3F9F3D0F6694}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F0C7D47-0C0D-7E7A-0911-7E057D09110F}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58140C7E-385F-459A-B45C-A56E4F4C883B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58140C7E-385F-459A-B45C-A56E4F4C883B}" => key removed successfully

C:\WINDOWS\System32\Tasks\{DA608A7F-3D54-D701-9E09-F9D9310DBA45} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DA608A7F-3D54-D701-9E09-F9D9310DBA45}" => key removed successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP" => key removed successfully

"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP" => key removed successfully

"C:\Program Files (x86)\Tencent" folder move:

Could not move "C:\Program Files (x86)\Tencent" => Scheduled to move on reboot.

"C:\Users\evenh\AppData\Roaming\Tencent" folder move:

Could not move "C:\Users\evenh\AppData\Roaming\Tencent" => Scheduled to move on reboot.

C:\Program Files (x86)\Common Files\Tencent => moved successfully

C:\ProgramData\a.bat => moved successfully

C:\ProgramData\adb.exe => moved successfully

C:\ProgramData\AdbWinApi.dll => moved successfully

C:\ProgramData\AdbWinUsbApi.dll => moved successfully

"C:\ProgramData\apptj.exe" => not found.

C:\ProgramData\fastboot.exe => moved successfully

C:\PROGRA~3\4f871b43 => moved successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Operasjonen er utf›rt.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

Operasjonen er utf›rt.

========= End of Reg: =========

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-1389706129-1160737656-1141877127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Unicast Address, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Ingen tilgang.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : getinternet.no

IPv6 Address. . . . . . . . . . . : 2a02:fe0:c310:99c0:18f1:a546:d2c9:26f5

IPv6 Address. . . . . . . . . . . : 2a02:fe0:c310:99c1:18f1:a546:d2c9:26f5

Temporary IPv6 Address. . . . . . : 2a02:fe0:c310:99c0:60fe:5988:20f9:107b

Temporary IPv6 Address. . . . . . : 2a02:fe0:c310:99c1:60fe:5988:20f9:107b

Link-local IPv6 Address . . . . . : fe80::18f1:a546:d2c9:26f5%6

Default Gateway . . . . . . . . . : fe80::9284:dff:fed3:ae41%6

fe80::9484:dff:fede:420f%6

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : getinternet.no

IPv6 Address. . . . . . . . . . . : 2a02:fe0:c310:99c0:18f1:a546:d2c9:26f5

IPv6 Address. . . . . . . . . . . : 2a02:fe0:c310:99c1:18f1:a546:d2c9:26f5

Temporary IPv6 Address. . . . . . : 2a02:fe0:c310:99c0:60fe:5988:20f9:107b

Temporary IPv6 Address. . . . . . : 2a02:fe0:c310:99c1:60fe:5988:20f9:107b

Link-local IPv6 Address . . . . . : fe80::18f1:a546:d2c9:26f5%6

IPv4 Address. . . . . . . . . . . : 10.0.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : fe80::9284:dff:fed3:ae41%6

fe80::9484:dff:fede:420f%6

10.0.1.1

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:cf9:1e3a:f5ff:fefa

Link-local IPv6 Address . . . . . : fe80::cf9:1e3a:f5ff:fefa%10

Default Gateway . . . . . . . . . :

Tunnel adapter isatap.getinternet.no:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : getinternet.no

========= End of CMD: =========

========= netsh int ipv4 reset =========

Resetting Interface, OK!

Resetting , failed.

Ingen tilgang.

Restart the computer to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Ingen tilgang.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10586 ]

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{FE40548D-6A59-4E7A-8353-40966F0A841B} canceled.

{F8C07D57-E357-4BFE-B72A-FB9B147A95B8} canceled.

{03DA1D83-26EF-4696-87EA-76D7DA9D42AC} canceled.

{9247CF7A-0E74-41E6-A187-0A65EB56F328} canceled.

{74406E0B-52ED-4CEF-90BF-3D0A38AD4C16} canceled.

{6DB977D9-BFFF-4432-8FB1-2E2578DCE82A} canceled.

{C0681BFB-C89A-43D0-B7F3-EFCF64CCA968} canceled.

{0736C7AB-02FF-418F-9C38-0539B20FD633} canceled.

{FCC9CA45-19CC-46D3-8011-3E9E1CA42CFF} canceled.

{7587382A-79B7-4F80-862C-117D688205A7} canceled.

{089232CF-AF84-4F6E-AB04-C4C2F07E29D4} canceled.

{87057218-A326-4E1B-8D90-0E41C9FC2A9A} canceled.

{F6711DF3-7D8B-4151-8AF7-495094B91926} canceled.

{EDFF53E9-58A3-4806-A5DC-4B349E126972} canceled.

{95D91362-83D7-4A54-B565-4D43C0E59692} canceled.

{2224F903-DB83-4ED8-A9EC-C26B9EFD9B7C} canceled.

{15A91ECF-EF42-4F93-98A7-E7118B34FEBB} canceled.

{20235839-788F-447A-AE5B-9A2DF399067D} canceled.

{DCA3F026-3CE9-46D1-9923-735C7B147EE9} canceled.

{B120FAE3-438F-4F14-90C9-2D9B3C0E4CBC} canceled.

{C01E5F8C-AB3C-4051-94D9-B2B1A74882A6} canceled.

{0DF3808D-5D7B-4431-B23D-E08F09C60883} canceled.

22 out of 22 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 501.4 MB temporary data Removed.

#6
Essexboy

Posted 29 April 2016 - 10:58 AM

GeekU Moderator

Retired Staff
69,964 posts

Did FRST reboot the computer ? If not then please do so

#7
chilligringo

Posted 29 April 2016 - 11:11 AM

New Member

Topic Starter
Member
9 posts

# AdwCleaner v5.114 - Logfile created 29/04/2016 at 19:08:00

# Updated 27/04/2016 by Xplode

# Database : 2016-04-27.1 [Server]

# Operating system : Windows 10 Home (X64)

# Username : evenh - DESKTOP-VVO3BQM

# Running from : C:\Users\evenh\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QQPCRTP

[-] Service Deleted : TAOAccelerator

[-] Service Deleted : TSDefenseBt

[-] Service Deleted : TSSysKit

[-] Service Deleted : QMUdisk

[-] Service Deleted : TS888x64

[-] Service Deleted : QQSysMonX64

[-] Service Deleted : TFsFlt

[-] Service Deleted : TAOKernelDriver

[-] Service Deleted : softaal

[-] Service Deleted : SRepairDrv

[-] Service Deleted : tsnethlpx64

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\tencent

[#] Folder Deleted : C:\ProgramData\Application Data\tencent

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

[-] Folder Deleted : C:\Program Files (x86)\adblocker

[-] Folder Deleted : C:\Program Files (x86)\tencent

[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent

[-] Folder Deleted : C:\Users\evenh\AppData\Local\VirtualStore\ProgramData\Application Data\tencent

[-] Folder Deleted : C:\Users\evenh\AppData\Roaming\tencent

[-] Folder Deleted : C:\Users\evenh\AppData\Roaming\FreeVPN

[-] Folder Deleted : C:\Users\evenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

[#] Folder Deleted : C:\Program Files\Common Files\tencent

[-] Folder Deleted : C:\Users\evenh\AppData\Local\VirtualStore\Program Files (x86)\tencent

***** [ Files ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL

[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\metnsd

[-] Key Deleted : HKLM\SOFTWARE\Classes\qmbfile

[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu

[-] Key Deleted : HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\qmgcfiles

[-] Key Deleted : HKLM\SOFTWARE\Classes\qpakfile

[-] Key Deleted : HKLM\SOFTWARE\Classes\qqapp

[-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid

[-] Key Deleted : HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\QQPCMgr.qbox

[-] Key Deleted : HKLM\SOFTWARE\Classes\qqpro

[-] Key Deleted : HKLM\SOFTWARE\Classes\TencentAndroidAssistant

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{573F9869-D92C-4B7E-A9C3-F042278D5078}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}]

[-] Key Deleted : HKCU\Software\Installer

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{365ADADE-814B-400C-877C-95E9F684BBEB}

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bestpriceninja.com

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7822 bytes] - [29/04/2016 19:08:00]

C:\AdwCleaner\AdwCleaner[S1].txt - [327 bytes] - [29/04/2016 18:57:16]

C:\AdwCleaner\AdwCleaner[S2].txt - [7572 bytes] - [29/04/2016 19:07:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8040 bytes] ##########

#8
chilligringo

Posted 29 April 2016 - 11:13 AM

New Member

Topic Starter
Member
9 posts

Did I do something wrong? I can do the whole process again if you want.

Btw: thank you for your help :-)

Edit: No, frst did not reeboot the comp.

Edited by chilligringo, 29 April 2016 - 11:13 AM.

#9
Essexboy

Posted 29 April 2016 - 11:28 AM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now ?

Nope you appear to have done it quite nicely

Scan with Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware to your desktop
Launch Malwarebytes from your Desktop
In Database version section, click Update Now
Once the update is done, click Settings>Detection and Protection
Make sure that all three boxes under Detection Options are checked
Go back to Dashboard and click the big, green Scan Now button.
Wait for Malwarebytes Anti-Malware to finish the scan
If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
Click Export, then click Copy to Clipboard.
Paste (CTRL+V) the log into your next reply.

#10
chilligringo

Posted 29 April 2016 - 11:46 AM

New Member

Topic Starter
Member
9 posts

The computer seems fine, all the chineese programs are gone, everything loads smoothly and fast.

Malwarebytes Anti-Malware

www.malwarebytes.org

Skannedato: 29.04.2016

Skannetid: 19.36

Loggfil: scan_malware.txt

Administrator: Ja

Versjon: 2.2.1.1043

Malwaredatabase: v2016.04.29.06

Rootkitdatabase: v2016.04.17.01

Lisens: Gratis

Malwarebeskyttelse: Deaktivert

Ondsinnet Nettsidebeskyttelse: Deaktivert

Selvbeskyttelse: Deaktivert

OS: Windows 10

CPU: x64

Filsystem: NTFS

Bruker: evenh

Skannetype: Trusselskann

Resultat: Fullført

Objekter skannet: 368330

Tid brukt: 5 min, 57 sek

Minne: Aktivert

Oppstart: Aktivert

Filsystem: Aktivert

Arkiv: Aktivert

Rootkits: Aktivert

Heuristikk: Aktivert

PUP: Aktivert

PUM: Aktivert

Prosesser: 0

(Ingen ondsinnede elementer funnet)

Moduler: 0

(Ingen ondsinnede elementer funnet)

Registernøkler: 0

(Ingen ondsinnede elementer funnet)

Registerverdier: 0

(Ingen ondsinnede elementer funnet)

Registerdata: 0

(Ingen ondsinnede elementer funnet)

Mapper: 0

(Ingen ondsinnede elementer funnet)

Filer: 0

(Ingen ondsinnede elementer funnet)

Fysiske sektorer: 0

(Ingen ondsinnede elementer funnet)

(end)

#11
chilligringo

Posted 29 April 2016 - 11:47 AM

New Member

Topic Starter
Member
9 posts

Eh, see now that the log is in Norwegian. But Malwarebyte found nothing.

#12
Essexboy

Posted 29 April 2016 - 11:48 AM

GeekU Moderator

Retired Staff
69,964 posts

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#13
chilligringo

Posted 29 April 2016 - 12:05 PM

New Member

Topic Starter
Member
9 posts

I have to say that people like you are a reason to belive in the human race. That those scumbags that make all the malware and cryptoware have a match is just great. I consider myself to be an experienced computer user, and that I got infected is a bit embarrising, but it happened when I tried to reinstall the Hearts of Iron 3 fix from a source I thought was trustworthy in the paradox forum. That shows me that you really cant be to carefull. But anyway, thank you for your fast and brilliant help. Keep up the good work!

When I get my next paycheck I will donate :-)

#14
Essexboy

Posted 29 April 2016 - 12:34 PM

GeekU Moderator

Retired Staff
69,964 posts

My pleasure, keep safe now

#15
Essexboy

Posted 30 April 2016 - 06:23 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, adware, Tencent

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,726 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,789 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,863 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,789 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,600 views	DR M 03 Feb 2022