Avatar billede HEF Juniormester
08. september 2015 - 12:32 Der er 23 kommentarer og
1 løsning

Trojaner - Coupon etc.... Hedder vist Artemis_et eller andet forskelligt

Hej

Har denne modbydelige trojaner på min PC.
Den reklamere for alverdens ting og overtager link m.m.

Har levet med den længe og bare symptom bethandlet, med rimelig succes.

Allerede lige efter jeg havde fået PC fik jeg trojaneren og geninstallerede til fabriksindstillinger. Alligevel havde jeg den igen indenfor kort tid.

Fik også mit sikkerhedsprogram til at tage dem i en periode med rimelig succes.

Nu har den gjort det helt umuligt at arbejde i broweserne.

Den låser også mine mapper og spammer helt vildt med 'vindersider'.
Den ligger ikke længere i browsernes tilføjelser og det er derfor svært at finde navne at søge efter, når jeg vil slette filer, som jeg kan se er vedrørende.

Hjælp, hvordan kommer jeg denne skurk til livs en gang for alle og hvordan sikre jeg mig imod den. Jeg aner ikke hvordan/hvor vi lukker den kommer ind.

Havde det været gamle dage havde jeg formateret hardisken og genistalleret styresystemet fra en DVD/diskette :D, men i daq kommer programmet jo på PC'en og jeg ved ikke helt hvordan det virker under overfladen. Jeg kan godt bruge det. :D

Nogen god vejledning.
På forhånd tak.
Avatar billede Slettet bruger
08. september 2015 - 12:47 #1
Avatar billede HEF Juniormester
08. september 2015 - 16:16 #2
Tak for dit indlæg, jeg har prøvet dit forslag, og der var en del der blev renset ud, MEN desværre IKKE mit problem.
Den er helt vild aggresiv og innovativ.
Avatar billede HEF Juniormester
08. september 2015 - 16:39 #3
HJÆLP

Har nu kørt Macafee, antimailware program og hitman.
Intet har hjulpet.
Jeg er fuldstændig desperat.

Hvad gør jeg?
Avatar billede 220661 Ekspert
08. september 2015 - 17:08 #4
Prøv at køre AdwCleaner en gang til og læg loggen i tråden her der fremkommer.
Avatar billede Poko1 Ekspert
08. september 2015 - 17:12 #5
Der er nogle trin du skal huske når du har kørt forskellige Adware programmer
1. gå til Ie funktioner Administrer tilføjelsesprogrammer de aktiver div programmer du ikke har brug for under opstart.
2.  fanen søgemaskiner slæt søgemaskiner bortset fra Bing
3. gå ned til fanen indstillinger vælg Avancerede og tryk på nulstil
genstart og vælg din foretrukne Browser.
Avatar billede HEF Juniormester
08. september 2015 - 19:51 #6
Tak for jeres indlæg

Kørte ADWCLEANER og gennemgik poko's 3 punkter.

Troede faktisk også at det var lykkedes, men der gik ikke lang tid så var de på igen de små grønne pile og reklamerne.

Dog kan jeg nu åbne sider uden at skulle forbi fremmede sider der åbner automatisk med tilbud om test af telefoner eller andet mærkeligt.

Så noget har vi fået lukket ned, med mindre det dukker op igen senere. ;)


logen er nu tom, for jeg kørte ADWCLEANER 2 gange. ;(

Andre forslag til hvordan jeg får den sidste del væk.
PLEASE :)

På forhånd tak
Avatar billede 220661 Ekspert
08. september 2015 - 20:29 #7
Bruger du C-Net når du henter programmer?
Under tilføj/fjern programmer har du noget der hedder download.com installer herinde?
Hvis du har vil jeg anbefale det fjernes.
Og til at fjerne vil jeg anbefale du bruger Revo Uninstaller free.  http://www.revouninstaller.com/revo_uninstaller_free_download.html
Når programmet startes kommer et billede med alle programmer som du har. Vælg "Dit program" og tryk på afinstaller. 3 mulighed der vises i næste boks accepteres. Programmet afinstalleres. Du trykker på næste og registreringen tjekkes for efterladenskaber. Når resultatet kommer vælger du "vælg alt" og trykker slet og herefter på  næste. nogle gange kommer der filer op to gange og her vælges også at slette disse.
Genstart pc.
09. september 2015 - 06:33 #8
Du/I skal altid skrive under hvilket Styresystem det drejer sig om!
Win98, ME, W2000, XP, Vista, Win7, Win8, OS/2, Unix, Linux, ... ?

---

Her er et alternativ til [ADWCleaner] >

Junkware Removal Tool (JRT) guide

Hent Junkware Removal Tool her: http://downloads.malwarebytes.org/file/jrt

Luk alle åbne browsere og programmer + deaktiver antivirus.

Kør den hentede fil JRT.exe som administrator (højreklik på filen og vælg kør som administrator)

Når du bliver bedt om det i kommando prompt, så tryk på en tast.

Det er vigtigt IKKE at bruge pc mens der scannes!

Lad programmet køre til det er færdigt, og kopier evt. loggen ind som en kommentar.
Avatar billede HEF Juniormester
09. september 2015 - 13:00 #9
Tusinde tak for jeres indspark.

Desværre har intet hjulpet og det er nu lige så slemt som i går.
Jeg har kørt det hele flere gange, slettet crome og firefox helt fra PC'en og alt hvad jeg kunne finde som var forbundet med dem.


Så både jeres Adware programmer og mit virus program insistere nu på at der ikke er nogen problemer. HA - HA

Hvert - hvertandet klik udløser åbning af en ny side med snask, og så er der alle reklamerne fra DNSunlocker.

Jeg har installeret windows 10, kan det betyde noget for effektiviteten af de anvendte programmer.

jeg vil prøve at gå tilbage til fabriksindstillinger og så prøve at rense herfra, med mindre nogen har et bedre forslag.

Vh
Avatar billede f-arn Guru
09. september 2015 - 15:16 #10
At fjerne den burde ikke være noget problem, hvis du altså kan gøre det jeg skriver du skal.

Først vil jeg gerne se de første logs fra AdwCleaner og Malwarebytes.
Avatar billede HEF Juniormester
09. september 2015 - 16:41 #11
Det lyder dejligt.
Har dog opgivet at arbejde på den befængte :) PC så jeg skal lige have overført filer til denne PC.
Har fået slettet Malewarebytes filen, så kører en ny, der ud til at have fundet noget.
Den kommer efterfølgende :)
Her er den første:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 10 Home x64
Ran by xxxx on 09-09-2015 at 11:47:13,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09-09-2015 at 11:48:45,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Avatar billede HEF Juniormester
09. september 2015 - 16:49 #12
Her er malewarebytes log;

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Dato: 09-09-2015
Scan Tid: 16:27
Logfil:
Administrator: Ja
Version: 2.1.8.1057
Malware Database: v2015.09.09.05
Rootkit Database: v2015.08.16.01
Licens: Gratis
Malware Protection: Handicappede
Ondsindet Hjemmeside Beskyttelse: Handicappede
Selvbeskyttelse: Handicappede
OS: Windows 10
CPU: x64
Fil system: NTFS
Bruger: xxxx
Scan Type: Trussel Scanning
Resultater: Fuldført
Objekter Scannet: 425078
Forløbet Tid: 13 min, 59 sek
Hukommelse: Aktiveret
Startop: Aktiveret
Filsystem: Aktiveret
Arkiver: Aktiveret
Rootkits: Aktiveret
Heuristics: Aktiveret
PUP: Aktiveret
PUM: Aktiveret
Processer: 0
(Ingen skadelige varer fundet)
Moduler: 0
(Ingen skadelige varer fundet)
Nøgle Register: 1
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-2661258678-709168960-819984101-1004\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [8e4b77b63f4c7fb7c1afd9dc699b59a7],
Værdi Register: 0
(Ingen skadelige varer fundet)
Data Register: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{bbb874d1-5eba-4a32-a149-d99febd19c29}|NameServer, 199.203.131.152,82.163.143.182, Godt:)), Bad:)199.203.131.152,82.163.143.182),,[5089a08de0ab52e42bd68ddd91746a96]
Mapper: 0
(Ingen skadelige varer fundet)
Filer: 1
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Windows\Temp\10975389559115663387\greent panda 65.exe, , [dffa9598513a0f27e8eae8cdc23f7f81],
Fysiske sektorer: 0
(Ingen skadelige varer fundet)

(end)
Avatar billede HEF Juniormester
09. september 2015 - 16:55 #13
ups, fik byttet lidt rundt. Der kommer en 3. log når den er fundet og flyttet tak.
Avatar billede HEF Juniormester
09. september 2015 - 17:02 #14
Så varden der :))


# AdwCleaner v5.006 - Logfile created 09/09/2015 at 16:58:10

# Updated 06/09/2015 by Xplode

# Database : 2015-09-08.2 [Server]

# Operating system : Windows 10 Home  (x64)

# Username : xxxx

# Running from : G:\gem2\adwcleaner_5.006.exe

# Option : Scan

# Support : http://toolslib.net/forum



***** [ Services ] *****





***** [ Folders ] *****





***** [ Files ] *****





***** [ Shortcuts ] *****





***** [ Scheduled tasks ] *****





***** [ Registry ] *****





***** [ Web browsers ] *****





########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [538 bytes] ##########
Avatar billede f-arn Guru
09. september 2015 - 17:06 #15
Det er nu ikke de første - men ok :)

Lod du malwarebytes fjerne det den fandt, for det ser ikke sådan ud ?

------

Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på Skrivebordet.

Deaktiver dit sikkerhedprogram, mens du kører den !

Start Farbar Recovery Scan Tool og klik på Scan.

Første gang der scannes, laver den automatisk Addition.txt.

Når scanningen er færdig, har du 2 log filer på Skrivebordet -  FRST.txt og Addition.txt som du bedes kopiere herind.

Send dem i separate indlæg, da de kan være meget lange !
Avatar billede HEF Juniormester
09. september 2015 - 17:14 #16
UPS igen - jeg havde ikke læst indenad.
JEg kan klare AdwCleaners gl. log fil

 
# AdwCleaner v5.006 - Logfile created 08/09/2015 at 18:46:43

# Updated 06/09/2015 by Xplode

# Database : 2015-08-31.2 [Local]

# Operating system : Windows 10 Home  (x64)

# Username : xxxx - xxxx

# Running from : C:\Users\xxxx\Downloads\adwcleaner_5.006.exe

# Option : Scan

# Support : http://toolslib.net/forum



***** [ Services ] *****





***** [ Folders ] *****



Folder Found : C:\Program Files (x86)\Crawler

Folder Found : C:\Program Files (x86)\GreenTree Applications

Folder Found : C:\ProgramData\ytd video downloader

Folder Found : C:\ProgramData\35cae7d9120586f9

Folder Found : C:\ProgramData\{ed67a85a-b00e-47a5-ed67-7a85ab00a16a}

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader

Folder Found : C:\Users\xxxx\AppData\Local\PackageAware

Folder Found : C:\Users\xxxx\AppData\Local\Hola

Folder Found : C:\Users\xxxx\AppData\Local\MalwareProtectionLive

Folder Found : C:\Users\xxxx\AppData\Roaming\Update Manager

Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Super Optimizer



***** [ Files ] *****



File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage

File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage

File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal

File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_da.reimageplus.com_0.localstorage

File Found : C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_da.reimageplus.com_0.localstorage-journal

File Found : C:\Users\xxxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YTD Video Downloader.lnk

File Found : C:\Users\Public\Desktop\YTD Video Downloader.lnk



***** [ Shortcuts ] *****





***** [ Scheduled tasks ] *****



Task Found : Superclean



***** [ Registry ] *****



Key Found : HKLM\SOFTWARE\522e8b63-8716-d01e-69fd-60e1360a0491

Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7A6DCEC2-55AB-418F-A903-93D0DF482809}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}

Key Found : HKCU\Software\PRODUCTSETUP

Key Found : HKCU\Software\AppDataLow\Software\Settings Manager

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}

Key Found : [x64] HKCU\Software\PRODUCTSETUP

Key Found : HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\AppDataLow\Software\Settings Manager



***** [ browsers ] *****



[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.4zmxc0HvP54DTbzZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.T1QYILq1PwmxyFVZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.WLtVauN5ltDAn7eG.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.XyFhyp63k4tzmXuP.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.YFFC2ANyCpOBDNpf.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.YOZVrJoKibBAcwxg.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.aQ3R0sv6Y3lFpsWe.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.q5qFxymWFVgyP27b.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditser[...]

[C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\prefs.js] [Preference] Found : user_pref("extensions.uEBhLweOTgRGUgzW.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]

[C:\Users\Andaaf\AppData\Roaming\Mozilla\Firefox\Profiles\278ns58d.default\prefs.js] [Preference] Found : user_pref("extensions.XyFhyp63k4tzmXuP.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.c[...]

[C:\Users\Andaaf\AppData\Roaming\Mozilla\Firefox\Profiles\278ns58d.default\prefs.js] [Preference] Found : user_pref("extensions.YFFC2ANyCpOBDNpf.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]

[C:\Users\Andaaf\AppData\Roaming\Mozilla\Firefox\Profiles\278ns58d.default\prefs.js] [Preference] Found : user_pref("extensions.YOZVrJoKibBAcwxg.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

[C:\Users\Andaaf\AppData\Roaming\Mozilla\Firefox\Profiles\278ns58d.default\prefs.js] [Preference] Found : user_pref("extensions.q5qFxymWFVgyP27b.scode", "(function(){try{if(window.location.href.indexOf(\"rjaGqTU5rTa7rTkFrda6qHaErHY\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]



########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7608 bytes] ##########
Avatar billede HEF Juniormester
09. september 2015 - 17:58 #17
hvorfor føles det næsten som at ligge nø...billeder op?
Man føler sig noget afklædt. :)

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015

Ran by xxxx (administrator) on  (09-09-2015 17:21:46)

Running from C:\Users\xxxx\Desktop

Loaded Profiles: xxxx & bbbb (Available Profiles: xxxx & bbbb)

Platform: Windows 10 Home (X64) Language: Dansk (Danmark)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



==================== Processes (Whitelisted) =================



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe

() C:\Windows\System32\PnkBstrA.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe





==================== Registry (Whitelisted) ===========================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.)

HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-24] (Valve Corporation)

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\Run: [OneDrive] => C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-21] (Microsoft Corporation)

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"

HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"

HKU\S-1-5-21-2661258678-709168960-819984101-1004\...\Run: [GoogleChromeAutoLaunch_363848ABB1D5D22CAB5F970D973D52A2] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

HKU\S-1-5-21-2661258678-709168960-819984101-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-08]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-2661258678-709168960-819984101-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION



==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



Hosts: 0.0.0.1    mssplus.mcafee.com

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{8bfb5ef1-7415-4876-b376-8a7629cbac10}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{bbb874d1-5eba-4a32-a149-d99febd19c29}: [DhcpNameServer] 192.168.0.1



Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

HKU\S-1-5-21-2661258678-709168960-819984101-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-2661258678-709168960-819984101-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-21] (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-21] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.)



FireFox:

========

FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default

FF SelectedSearchEngine: Yahoo!

FF Homepage: hxxp://.dk/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]

FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]

FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-21] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]

FF Plugin-x32: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin HKU\S-1-5-21-2661258678-709168960-819984101-1001: @hola.org/vlc,version=1.8.649 -> C:\Users\xxxx\AppData\Local\Hola\firefox\app\vlc No File

FF Plugin HKU\S-1-5-21-2661258678-709168960-819984101-1001: @verimatrix.com/ViewRightWeb -> C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll [2012-12-19] (Verimatrix, Inc.)

FF Extension: McAfee WebAdvisor - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wqnf1zf9.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-07]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-08-01]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-05-04]

FF HKU\S-1-5-21-2661258678-709168960-819984101-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]



Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]



==================== Services (Whitelisted) ========================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)

R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-07-02] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-07-02] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-09-02] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)

R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-01] (Electronic Arts)

R2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [76152 2015-03-21] ()

R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-03-21] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)



===================== Drivers (Whitelisted) ==========================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-08] ()

S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4220416 2014-01-08] (Intel Corporation) [File not signed]

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-07-02] (Intel Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3772632 2015-07-10] (Realtek Semiconductor Corporation                          )

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)





==================== One Month Created files and folders ========



(If an entry is included in the fixlist, the file/folder will be moved.)



2015-09-09 17:21 - 2015-09-09 17:22 - 00022728 _____ C:\Users\xxxx\Desktop\FRST.txt

2015-09-09 17:21 - 2015-09-09 17:21 - 00000000 ____D C:\FRST

2015-09-09 17:19 - 2015-09-09 17:21 - 02190336 _____ (Farbar) C:\Users\xxxx\Desktop\FRST64.exe

2015-09-09 17:00 - 2015-09-09 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-09-09 16:58 - 2015-09-08 18:46 - 01654784 _____ C:\Users\xxxx\Desktop\adwcleaner_5.006.exe

2015-09-09 16:56 - 2015-09-08 15:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\xxxx\Desktop\mbam-setup-2.1.8.1057.exe

2015-09-09 16:54 - 2015-09-09 16:54 - 00016148 _____ C:\WINDOWS\system32\_xxxx_HistoryPrediction.bin

2015-09-09 16:42 - 2015-09-09 16:42 - 00001562 _____ C:\Users\xxxx\Desktop\123.txt

2015-09-09 11:55 - 2015-09-09 11:55 - 00000000 ____D C:\Intel

2015-09-09 11:48 - 2015-09-09 11:57 - 00000597 _____ C:\Users\xxxx\Desktop\JRT.txt

2015-09-09 10:41 - 2015-09-09 10:41 - 00003338 _____ C:\WINDOWS\system32\adorage-protocol.txt

2015-09-09 10:28 - 2015-09-09 10:28 - 00001046 _____ C:\Users\xxxx\Desktop\JRTb.txt

2015-09-09 09:51 - 2015-09-09 09:57 - 00002378 _____ C:\Users\xxxx\Desktop\JRTa.txt

2015-09-09 08:41 - 2015-09-09 09:46 - 01799392 _____ (Malwarebytes Corporation) C:\Users\xxxx\Desktop\JRT (1).exe

2015-09-09 08:23 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-09-09 08:23 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-09-09 08:23 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-09-09 08:23 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-09-09 08:23 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2015-09-09 08:23 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-09-09 08:23 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-09-09 08:23 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-09-09 08:23 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2015-09-09 08:23 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2015-09-09 08:23 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-09-09 08:23 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll

2015-09-09 08:23 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2015-09-09 08:23 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-09-09 08:23 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-09-09 08:23 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-09-09 08:23 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2015-09-09 08:23 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-09-09 08:23 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll

2015-09-09 08:23 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll

2015-09-09 08:23 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2015-09-09 08:23 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-09-09 08:23 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2015-09-09 08:23 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-09-09 08:23 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-09-09 08:23 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

2015-09-09 08:23 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-09-09 08:23 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-09-09 08:23 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2015-09-09 08:23 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll

2015-09-09 08:23 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-09-09 08:23 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2015-09-08 18:46 - 2015-09-09 17:16 - 00000000 ____D C:\AdwCleaner

2015-09-08 16:28 - 2015-09-08 16:28 - 00006280 _____ C:\WINDOWS\system32\.crusader

2015-09-08 16:20 - 2015-09-08 16:29 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys

2015-09-08 16:19 - 2015-09-08 16:28 - 00000000 ____D C:\ProgramData\HitmanPro

2015-09-08 15:15 - 2015-09-09 16:26 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-09-08 15:15 - 2015-09-09 10:49 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-09-08 15:15 - 2015-09-09 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-09-08 15:15 - 2015-09-09 10:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-09-08 15:15 - 2015-09-08 15:15 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-09-08 15:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-09-08 15:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-09-08 15:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-09-08 13:04 - 2015-09-09 16:22 - 00000000 ____D C:\Users\xxxx\Downloads\gem2

2015-09-04 12:23 - 2015-09-04 12:23 - 00000000 ____D C:\$SysReset

2015-08-28 15:18 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-08-28 15:18 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-08-28 15:18 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-08-28 15:18 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2015-08-28 15:18 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll

2015-08-28 15:18 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-08-28 15:18 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-08-28 15:18 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2015-08-28 15:18 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2015-08-28 15:18 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-08-28 15:18 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2015-08-28 15:18 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-08-28 15:18 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll

2015-08-28 15:18 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2015-08-28 15:18 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2015-08-28 15:18 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2015-08-28 15:18 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2015-08-28 15:18 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2015-08-28 15:18 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll

2015-08-28 15:18 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll

2015-08-28 15:18 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2015-08-28 15:18 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll

2015-08-28 15:18 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll

2015-08-28 15:18 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll

2015-08-28 15:18 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll

2015-08-28 15:18 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll

2015-08-28 15:18 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-08-28 15:18 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll

2015-08-28 15:18 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll

2015-08-28 15:18 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2015-08-28 15:18 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-08-28 15:18 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2015-08-28 15:18 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2015-08-28 15:18 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll

2015-08-28 15:18 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll

2015-08-28 15:18 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll

2015-08-28 15:18 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll

2015-08-28 15:18 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll

2015-08-28 15:18 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2015-08-28 15:18 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll

2015-08-28 15:18 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList

2015-08-28 15:12 - 2015-08-28 15:12 - 06520208 _____ (Tim Kosse) C:\Users\xxxx\Downloads\FileZilla_3.13.1_win64-setup.exe

2015-08-21 16:39 - 2015-08-21 16:39 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2015-08-21 16:39 - 2015-08-21 16:39 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Sun

2015-08-21 16:39 - 2015-08-21 16:39 - 00000000 ____D C:\Users\xxxx\.oracle_jre_usage

2015-08-19 14:58 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2015-08-19 14:58 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2015-08-19 14:58 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2015-08-19 14:58 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2015-08-19 14:58 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2015-08-19 14:58 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2015-08-19 14:58 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2015-08-19 14:58 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll

2015-08-19 14:58 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2015-08-19 14:58 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2015-08-19 14:58 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll

2015-08-19 14:58 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2015-08-19 14:58 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2015-08-19 14:58 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2015-08-19 14:58 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2015-08-19 14:58 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll

2015-08-19 14:58 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2015-08-19 14:58 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll

2015-08-19 14:58 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-08-19 14:58 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2015-08-19 14:58 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll

2015-08-19 14:58 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2015-08-19 14:58 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll

2015-08-19 14:58 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2015-08-19 14:58 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-08-19 14:58 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll

2015-08-19 14:58 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll

2015-08-19 14:58 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll

2015-08-19 14:58 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2015-08-19 14:58 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2015-08-19 14:58 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-08-19 14:58 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll

2015-08-19 14:58 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2015-08-19 14:58 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2015-08-19 14:58 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2015-08-19 14:58 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2015-08-19 14:58 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2015-08-19 14:58 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe

2015-08-19 14:58 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-08-19 14:58 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll

2015-08-19 14:58 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll

2015-08-19 14:58 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2015-08-19 14:58 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2015-08-19 14:58 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2015-08-19 14:58 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-08-19 14:58 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2015-08-19 14:58 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll

2015-08-19 14:58 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll

2015-08-19 14:58 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll

2015-08-19 14:58 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2015-08-19 14:58 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll

2015-08-19 14:58 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2015-08-19 14:58 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-08-19 14:58 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2015-08-19 14:58 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-08-19 14:58 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll

2015-08-19 14:58 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe

2015-08-19 14:58 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll

2015-08-19 14:58 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2015-08-19 14:58 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2015-08-19 14:58 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-08-19 14:58 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2015-08-19 14:58 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2015-08-19 14:58 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2015-08-19 14:58 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2015-08-19 14:58 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-08-19 14:58 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2015-08-19 14:58 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-08-19 14:58 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2015-08-19 14:58 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

2015-08-17 13:26 - 2015-08-17 13:26 - 00000000 _____ C:\Users\xxxx\Downloads\Fore.htm

2015-08-15 22:43 - 2015-08-15 22:43 - 00011924 _____ C:\Users\xxxx\AppData\Local\recently-used.xbel

2015-08-15 20:46 - 2015-08-15 20:46 - 00013938 _____ C:\Users\xxxx\Documents\project.nbtitle

2015-08-15 15:11 - 2015-08-15 15:11 - 00000000 ____D C:\Users\xxxx\Documents\NewBlueFX

2015-08-15 15:11 - 2015-08-15 15:11 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Titler

2015-08-15 13:00 - 2015-08-15 13:00 - 06483456 _____ (Tim Kosse) C:\Users\xxxx\Downloads\FileZilla_3.12.0.2_win64-setup.exe

2015-08-15 12:28 - 2015-09-09 16:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-08-15 12:28 - 2015-08-15 12:28 - 00003806 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-08-13 04:12 - 2015-08-08 09:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-08-13 04:12 - 2015-08-08 09:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-08-13 04:12 - 2015-08-08 08:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2015-08-13 04:12 - 2015-08-08 08:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2015-08-13 04:12 - 2015-08-08 08:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2015-08-13 04:12 - 2015-08-06 05:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys

2015-08-13 04:12 - 2015-08-06 05:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys

2015-08-13 04:12 - 2015-08-06 04:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2015-08-13 04:12 - 2015-08-05 06:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2015-08-13 04:12 - 2015-08-05 06:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2015-08-13 04:12 - 2015-08-05 06:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll

2015-08-13 04:12 - 2015-08-05 05:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-08-13 04:12 - 2015-08-05 05:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll

2015-08-13 04:12 - 2015-08-04 06:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys

2015-08-13 04:12 - 2015-08-04 06:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2015-08-13 04:12 - 2015-08-04 06:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2015-08-13 04:12 - 2015-08-04 05:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll

2015-08-13 04:12 - 2015-08-04 04:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2015-08-13 04:12 - 2015-08-04 04:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2015-08-13 04:12 - 2015-08-03 04:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

2015-08-13 04:12 - 2015-08-03 04:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll

2015-08-13 04:12 - 2015-08-03 04:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2015-08-13 04:12 - 2015-08-03 04:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2015-08-13 04:12 - 2015-08-03 04:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2015-08-13 04:12 - 2015-08-03 04:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2015-08-13 04:12 - 2015-08-03 04:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2015-08-13 04:12 - 2015-08-03 04:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys

2015-08-13 04:12 - 2015-08-03 04:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-08-13 04:12 - 2015-08-03 04:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys

2015-08-13 04:12 - 2015-08-03 04:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2015-08-13 04:12 - 2015-08-03 03:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2015-08-13 04:12 - 2015-08-03 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2015-08-13 04:12 - 2015-08-03 03:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2015-08-13 04:12 - 2015-08-03 03:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll

2015-08-13 04:12 - 2015-08-03 03:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2015-08-13 04:12 - 2015-08-03 03:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2015-08-13 04:12 - 2015-08-03 03:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll

2015-08-13 04:12 - 2015-08-03 03:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2015-08-13 04:12 - 2015-08-03 03:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2015-08-13 04:12 - 2015-08-03 03:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll

2015-08-13 04:12 - 2015-08-03 03:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll

2015-08-13 04:12 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe

2015-08-13 04:12 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe

2015-08-13 04:12 - 2015-08-03 03:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2015-08-13 04:12 - 2015-08-03 03:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll

2015-08-13 04:12 - 2015-08-03 03:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll

2015-08-13 04:12 - 2015-08-03 03:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2015-08-13 04:12 - 2015-08-03 03:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2015-08-13 04:12 - 2015-08-03 03:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll

2015-08-13 04:12 - 2015-08-03 03:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2015-08-13 04:12 - 2015-08-03 03:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll

2015-08-13 04:12 - 2015-08-03 03:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2015-08-13 04:12 - 2015-08-03 03:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2015-08-13 04:12 - 2015-08-03 03:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll

2015-08-13 04:12 - 2015-08-03 03:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll

2015-08-13 04:12 - 2015-08-03 03:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2015-08-13 04:12 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe

2015-08-13 04:12 - 2015-08-03 03:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2015-08-13 04:12 - 2015-08-03 03:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2015-08-13 04:12 - 2015-08-03 03:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2015-08-13 04:12 - 2015-08-03 02:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll

2015-08-10 10:58 - 2015-01-24 19:39 - 00217891 ____N C:\Users\xxxx\Documents\20150124_182943.jpeg

2015-08-10 10:57 - 2014-11-24 09:24 - 00000091 ____N C:\Users\xxxx\Documents\Elin_Bonde.vcf



==================== One Month Modified files and folders ========



(If an entry is included in the fixlist, the file/folder will be moved.)



2015-09-09 16:59 - 2015-08-06 14:24 - 01410196 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-09-09 16:59 - 2015-07-10 18:56 - 00464630 _____ C:\WINDOWS\system32\perfh006.dat

2015-09-09 16:59 - 2015-07-10 18:56 - 00079890 _____ C:\WINDOWS\system32\perfc006.dat

2015-09-09 16:55 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-09-09 16:53 - 2015-08-06 14:05 - 00000000 ____D C:\ProgramData\NVIDIA

2015-09-09 16:53 - 2015-08-06 14:01 - 00046070 _____ C:\WINDOWS\PFRO.log

2015-09-09 16:53 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-09-09 16:53 - 2015-07-10 14:20 - 00278192 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-09-09 16:53 - 2014-04-29 12:57 - 00000000 ____D C:\WINDOWS\pl

2015-09-09 16:52 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-09-09 16:52 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-09-09 16:51 - 2015-07-10 18:58 - 00000000 ____D C:\Program Files\Windows Journal

2015-09-09 16:51 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-09-09 15:42 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-09-09 14:51 - 2015-05-05 19:35 - 00000000 ____D C:\Users\xxxx\Documents\TV ØST Løbet on Lapio.com_files

2015-09-09 14:41 - 2015-02-27 12:28 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\FileZilla

2015-09-09 12:15 - 2015-03-21 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-09-09 11:52 - 2015-08-06 14:08 - 00000000 ____D C:\Users\xxxx

2015-09-09 10:13 - 2015-04-17 18:40 - 00000000 ____D C:\Program Files\Rockstar Games

2015-09-09 10:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-09-08 16:45 - 2015-04-16 15:28 - 00000000 ____D C:\Users\xxxx\Documents\Cyberlink

2015-09-08 16:27 - 2015-07-07 11:44 - 00000000 ____D C:\Program Files (x86)\Despicable Pay

2015-09-08 16:05 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-09-08 16:02 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Branding

2015-09-08 15:39 - 2015-08-06 14:58 - 00000000 ____D C:\Windows.old

2015-09-07 19:27 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-09-07 19:27 - 2015-05-04 18:36 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-09-02 12:55 - 2014-07-02 13:57 - 00000000 ____D C:\Users\Public\CyberLink

2015-09-02 12:40 - 2015-07-10 14:20 - 00024720 _____ C:\WINDOWS\setupact.log

2015-08-31 19:05 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache

2015-08-30 14:33 - 2015-02-25 08:40 - 00000000 ____D C:\Users\xxxx\AppData\Local\Packages

2015-08-30 03:15 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe

2015-08-28 15:12 - 2015-02-26 22:09 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2015-08-28 15:12 - 2015-02-26 22:09 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

2015-08-21 16:39 - 2015-06-22 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-08-21 16:38 - 2015-03-25 18:53 - 00000000 ____D C:\Program Files (x86)\Java

2015-08-21 16:29 - 2015-08-06 14:45 - 00002379 _____ C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-08-21 16:29 - 2015-08-06 14:45 - 00000000 ___RD C:\Users\xxxx\OneDrive

2015-08-21 04:00 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2015-08-19 14:44 - 2015-04-21 15:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2015-08-19 14:44 - 2015-04-21 15:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2015-08-19 14:43 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-08-19 14:43 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-08-15 22:43 - 2015-02-26 19:09 - 00000000 ____D C:\Users\xxxx\AppData\Local\gtk-2.0

2015-08-15 22:43 - 2015-02-26 18:45 - 00000000 ____D C:\Users\xxxx\.gimp-2.8

2015-08-15 22:39 - 2014-07-02 13:53 - 00000000 ____D C:\ProgramData\CyberLink

2015-08-15 15:12 - 2015-04-16 15:37 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\NVIDIA

2015-08-15 12:30 - 2015-06-16 12:12 - 00000000 ____D C:\Users\xxxx\down160615

2015-08-13 04:22 - 2015-02-25 10:19 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-08-13 04:15 - 2015-04-21 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-08-13 04:15 - 2014-04-24 18:12 - 132483416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-08-11 04:20 - 2014-04-25 10:12 - 00000000 ____D C:\ProgramData\McAfee

2015-08-11 04:19 - 2015-05-04 18:33 - 00000000 ____D C:\Program Files\Common Files\McAfee

2015-08-11 04:18 - 2015-08-04 10:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee



==================== Files in the root of some directories =======



2015-08-04 15:10 - 2015-08-04 15:10 - 0000079 _____ () C:\Program Files (x86)\prefs.js

2015-08-15 22:43 - 2015-08-15 22:43 - 0011924 _____ () C:\Users\xxxx\AppData\Local\recently-used.xbel

2015-03-13 20:42 - 2015-03-13 20:42 - 0000057 _____ () C:\ProgramData\Ament.ini

2015-08-06 14:05 - 2015-08-06 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl



Files to move or delete:

====================

C:\Users\xxxx\temp.dat





Some files in TEMP:

====================

C:\Users\xxxx\AppData\Local\Temp\npp.6.8.1.Installer.exe

C:\Users\xxxx\AppData\Local\Temp\uninstall.exe





==================== Bamital & volsnap =================



(There is no automatic fix for files that do not pass verification.)



C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed





LastRegBack: 2015-09-07 04:06



==================== End of FRST.txt ============================
Avatar billede HEF Juniormester
09. september 2015 - 18:00 #18
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by xxxx (2015-09-09 17:22:21)
Running from C:\Users\xxxx\Desktop
Windows 10 Home (X64) (2015-08-06 12:41:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2661258678-709168960-819984101-500 - Administrator - Disabled)
bbbb (S-1-5-21-2661258678-709168960-819984101-1004 - Limited - Enabled) => C:\Users\bbbb
DefaultAccount (S-1-5-21-2661258678-709168960-819984101-503 - Limited - Disabled)
xxxx (S-1-5-21-2661258678-709168960-819984101-1001 - Administrator - Enabled) => C:\Users\xxxx
Gæst (S-1-5-21-2661258678-709168960-819984101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2661258678-709168960-819984101-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Antivirus og Antispyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Antivirus og Antispyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Internet Protection (HKLM-x32\...\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}) (Version:  - "")
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programunderstøttelse (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
csp (x32 Version: 7.3.0 - InstallAware Software Corporation) Hidden
CyberLink AudioDirector 5 (HKLM-x32\...\{78D01FB2-57B6-4612-89EC-5B19A93E5F43}) (Version: 5.0.4712.0 - CyberLink Corp.)
CyberLink Holiday Pack vol 5 (HKLM-x32\...\InstallShield_{56534024-7852-4F49-A27E-02CF3F2CD540}) (Version: Holiday Pack 5 - CyberLink Corp.)
CyberLink Holiday Pack vol 6 (HKLM-x32\...\InstallShield_{E33E83D2-5B7E-447E-9B02-BBBD47B86389}) (Version: Holiday Pack 6 - CyberLink Corp.)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3618 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2408.0 - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Essential (HKLM-x32\...\InstallShield_{749B310F-A489-439D-9AEF-1332222F2E04}) (Version: 13 Essential - CyberLink Corp.)
CyberLink PowerDirector 13 Content Pack Premium (HKLM-x32\...\InstallShield_{9B866025-5082-4B88-8A62-F6FBBFCBBBA1}) (Version: 13 Premium - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.3019 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.3019 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 5620 - CyberLink Corp.)
CyberLink Wedding Pack (HKLM-x32\...\InstallShield_{741635DB-36DA-4BCF-BB52-0F4C1C4E0DFB}) (Version: Wedding Pack - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FileZilla Client 3.13.1 (HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foto&#287;raf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8610 - basissoftware til enheden (HKLM\...\{2CC40961-0668-4121-8DCA-EEA2F8A4B8E7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hjælp (HKLM-x32\...\{25C80124-99FA-47FD-8C35-1EB1C5AE843E}) (Version: 32.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LibreOffice 4.4 Help Pack (Danish) (HKLM-x32\...\{15A04FE1-FCA6-43C0-9B6A-530D67BD4BD1}) (Version: 4.4.0.3 - The Document Foundation)
LibreOffice 4.4.0.3 (HKLM-x32\...\{8BEE1CDD-F95D-4759-952D-6B38DF99D1F0}) (Version: 4.4.0.3 - The Document Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.152 - McAfee, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NemID CSP (HKLM-x32\...\NemID CSP) (Version: 7.3.0 - Nets DanID)
NemID CSP (Version: 7.3.0 - Nets DanID) Hidden
NemID CSP (x32 Version: 7.3.0 - Nets DanID) Hidden
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controllerdriver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision-driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Grafikdriver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD-lyddriver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Miracast virtuel lyd 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-2661258678-709168960-819984101-1004\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Undersøgelse med henblik på produktforbedringer til HP Officejet Pro 8610 (HKLM\...\{4357F8AD-D41F-4D48-8655-4AC31EBDB1F4}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Version 3.12 (HKLM-x32\...\{10279852-49FE-4C0D-BEF1-25201A6AA66C}_is1) (Version:  - KIIP)
ViewRight Web PC (HKLM-x32\...\{68A0C31B-EBF0-498E-93E6-8479B8060913}) (Version: 3.3.0.0 - Verimatrix, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
&#931;&#965;&#955;&#955;&#959;&#947;&#942; &#966;&#969;&#964;&#959;&#947;&#961;&#945;&#966;&#953;&#974;&#957; (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2661258678-709168960-819984101-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
25-08-2015 14:39:15 Windows Update
28-08-2015 12:09:38 McAfee Vulnerability Scanner
31-08-2015 18:50:01 Windows Update
04-09-2015 17:12:47 Windows Update
07-09-2015 19:54:42 Windows Update
09-09-2015 09:47:06 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-07-27 12:11 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0ACE3A63-AC2C-4314-AB84-13CB166CE6E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {14492F8E-6314-4D24-8E8B-A92850762055} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {22BA02E9-532C-4068-AC59-FDF98CEBE957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3A1CAAEF-E29B-4C9E-8A09-B166524F7013} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4C067AB1-FBC3-4769-B9DC-87F0FD688FF6} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7DF82FA3-BD13-4304-840C-161F2DF1C30E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8AD57968-FBC9-44DB-8A23-20B4B1071B7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B7EA579-6C3E-4B4F-97AA-A982367A91C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-06] (Microsoft Corporation)
Task: {9CE55CC9-6A35-4381-9F05-7F731B82042F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A7AF0DFA-49FC-4BEA-BBFF-E99F3803C783} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BB48F96C-B764-44B5-861A-39EEDA40F1E3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C0CB4381-07F7-4AD8-BD89-DDD0E47BE1DA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C6183DFA-3C0C-4D7F-8F0A-E97AC2AAD68F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D1CA1470-8A5A-4A57-A0B9-B04C798A15B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DD3476B4-3EDB-48BF-AB00-4E6A57EC850D} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-05-27] (CyberLink Corp.)
Task: {E2D4D44A-C2AD-4DAF-ACCD-21464E8C7D12} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)
Task: {E9D73DF4-D404-454C-9933-F555B8D05F1C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-06 14:57 - 2015-08-06 14:57 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-06 14:05 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-19 14:58 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-21 17:56 - 2015-03-21 17:55 - 00076152 _____ () C:\windows\system32\PnkBstrA.exe
2015-08-28 15:18 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 15:18 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-13 04:12 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:58 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 14:58 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-13 04:12 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-05 12:58 - 2015-05-01 18:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-07-02 13:54 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-02 17:27 - 2014-07-02 11:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\certifikat.dk -> hxxps://certifikat.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\certifikat.dk -> hxxp://certifikat.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\danid.dk -> hxxps://danid.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\danid.dk -> hxxp://danid.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\medarbejdersignatur.dk -> hxxps://medarbejdersignatur.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\medarbejdersignatur.dk -> hxxp://medarbejdersignatur.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\nets-danid.dk -> hxxps://nets-danid.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\nets-danid.dk -> hxxp://nets-danid.dk
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\nets.eu -> hxxps://nets.eu
IE trusted site: HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\nets.eu -> hxxp://nets.eu

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2661258678-709168960-819984101-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxx\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\20140726_112049(0).jpg
HKU\S-1-5-21-2661258678-709168960-819984101-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{94EAF0D5-B3E0-4CD5-B426-A30ED25A157E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EBB0CADC-7F80-4A7F-BEED-5B5C8D08E7C9}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS790C\HPDiagnosticCoreUI.exe
FirewallRules: [{718DCA2E-3AB3-4773-AA1C-4A69DA409E5A}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS790C\HPDiagnosticCoreUI.exe
FirewallRules: [{388DF2C8-8DC7-449E-B5B5-3615D83F2ECB}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS3F0B\HPDiagnosticCoreUI.exe
FirewallRules: [{DED16E48-F2F2-4E34-87B2-F89CFC2906A9}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS3F0B\HPDiagnosticCoreUI.exe
FirewallRules: [{0E2BC019-CE8C-46EC-B063-1560FFAEE2AD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{795BA17E-FDBC-4D40-A5E8-1E46525347BE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{D5BAEAFB-D141-40DC-9957-84D3CAB58DA9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{FC4E8486-3277-46A9-B3A5-4B9F20223A76}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9A3846FA-D445-4919-A6FA-784F4871C836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{09EC255F-6CFE-4EA8-8EFF-10D054633FF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe
FirewallRules: [{3EBFF608-6948-42E3-93DB-F07C8847B8CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{6CCFB183-D8BF-49C1-926E-A8F27BD69DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe
FirewallRules: [{EDABD2F5-0D8A-4469-A631-DCF1EF68B575}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS7429\HPDiagnosticCoreUI.exe
FirewallRules: [{DB63754F-2BD5-41A8-984D-4B2B7AD842F6}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS7429\HPDiagnosticCoreUI.exe
FirewallRules: [{D14479E5-7628-4906-A7E1-AA35E34CE55E}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS455E\HPDiagnosticCoreUI.exe
FirewallRules: [{E8591D8F-F69F-48B8-8A95-6D2EC45BFF45}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS455E\HPDiagnosticCoreUI.exe
FirewallRules: [{D6E1B81D-D0D6-4A44-96FF-D3CE44772239}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS3AEF\HPDiagnosticCoreUI.exe
FirewallRules: [{CA6F38E0-D919-4EED-A06C-7CA4F4D4EE14}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS3AEF\HPDiagnosticCoreUI.exe
FirewallRules: [{371F9D3A-48F2-4F58-86DA-9A9DEB22EFE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{359CAE8F-057B-494A-B08A-3C81C63F9C58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C65979B3-9F81-444D-92DB-DE4419F539BE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CD4EF39E-6459-4A82-A9D4-354CDCF9F1F1}] => (Allow) LPort=5357
FirewallRules: [{C3835A4F-1708-45CC-91E1-809B6F391B65}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{5F26C95C-130A-42FB-92DE-E6816D6590E1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{E2337639-6087-4CE9-AE37-FA2DBC56EA94}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{A64E4D29-6AF4-464B-999F-F91059A172AC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{88558A78-B2C8-42FF-80D1-7471FBF0C1EC}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS7BDC\HPDiagnosticCoreUI.exe
FirewallRules: [{42861327-B594-46BA-9F36-05ED7F58CBE7}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS7BDC\HPDiagnosticCoreUI.exe
FirewallRules: [{913E7E38-7370-4196-AC41-3D5632F5C725}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{42F8DB7C-F8D3-4607-9180-F250CBCEB638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{922B38BE-F1D2-454D-8848-5BAC82156FF3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{163C8E4C-5A4D-46A2-AEE9-306D81F85B50}] => (Allow) C:\Program Files\CyberLink\PowerDirector13\PDR10.EXE
FirewallRules: [{DC0DE7D1-3EE3-4FE0-A71E-5B643321A101}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{56332D53-61DB-45F1-9876-4FBFA73FFEEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{E77D9723-8CB5-44FE-8E90-757708C1CC88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{97D25EAA-53C9-413D-AEB8-5CBBF6E31B66}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B6E4B66-DB10-492B-9334-7098B825E944}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4E75B93F-8A6F-4082-B13D-8EA0FB58C6B1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5B6CD84D-A262-43BF-A70C-BA37A0BCB7D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{06790D7E-84BD-40CF-B1BC-A65C8F173405}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DC85C6F3-DBBB-4D82-BD98-12DD2FF59A0E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{211A8294-F078-43E2-93C6-F02DE1358019}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{0D7CA3BB-70FC-4F0C-A4D9-FA49E69D06BF}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{96FC9BC4-D598-44AC-8FDA-990D3334551C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{1C0F9959-CF4C-4926-9E1E-1845B4D25E37}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{898DA5AA-FE84-4B8D-8705-070E8D8A5DA8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3FCD024F-5374-40DD-BAC6-978632CFECAB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{795801C7-F48F-4A30-A384-D172D9611821}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{575D319C-DD68-4E54-823B-B97E6363B3DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{43B5D333-6440-4337-83A5-6237909C7F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0551B481-591D-4A11-B2EB-33FACFF8EBE5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{930CF273-8867-4A8D-AEC6-7CB5E9915FD7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EE92A34A-37F8-4C98-8752-2AF3D649327E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A2BF4CB0-F68F-407A-878B-3E37503A36F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F8C60452-8F54-4CC5-84FF-F68E716D966D}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS6D7B\HPDiagnosticCoreUI.exe
FirewallRules: [{2E4CC0B7-B736-4572-BA95-4239188352FB}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS6D7B\HPDiagnosticCoreUI.exe
FirewallRules: [{304CD1AB-1C5C-4F5E-BD37-628912F5A3FB}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE
FirewallRules: [{7444B070-8E08-48C8-A0B1-22DE9F908422}] => (Allow) LPort=1900
FirewallRules: [{FFC0F777-525B-4416-8BC1-E5B95DBB29E8}] => (Allow) LPort=2869
FirewallRules: [{E7FB244F-0022-40A0-B0B6-83F6DE5AC5C1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{7434059A-3D75-45E6-9E61-6BE112F41800}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS26AA\HPDiagnosticCoreUI.exe
FirewallRules: [{B6204620-9ECA-44BA-A4A4-AC995F5585D2}] => (Allow) C:\Users\xxxx\AppData\Local\Temp\7zS26AA\HPDiagnosticCoreUI.exe
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2015 04:52:33 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 04:04:27 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 11:58:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
Error: (09/09/2015 09:47:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Der opstod en fejl i kryptografiske tjenester under behandlingen af kaldet OnIdentity() i objektet System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery-protokol.
System Error:
Adgang nægtet.
.
Error: (09/09/2015 09:17:37 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 08:20:59 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/08/2015 09:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: ShellExperienceHost.exe, version: 10.0.10240.16425, tidsstempel: 0x55bec5f5
Navn på modul med fejl: StartUI.dll, version: 10.0.10240.16431, tidsstempel: 0x55c9bb30
Undtagelseskode: 0x80000003
Forskydning med fejl 0x00000000001c028f
Proces-id 0x5d8
Programmets starttidspunkt 0xShellExperienceHost.exe0
Programsti: ShellExperienceHost.exe1
Modulsti: ShellExperienceHost.exe2
Rapport-id: ShellExperienceHost.exe3
Fuldt navn på program med fejl: ShellExperienceHost.exe4
Relativt program-id for program med fejl: ShellExperienceHost.exe5
Error: (09/08/2015 09:40:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/08/2015 09:05:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Aktivering af app‘en Microsoft.Windows.Photos_8wekyb3d8bbwe!App mislykkedes med fejlen: -2147023170 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.
Error: (09/08/2015 07:30:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Aktivering af app‘en Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI mislykkedes med fejlen: -2144927141 Du kan finde flere oplysninger i loggen Microsoft-Windows-TWinUI/Operational.

System errors:
=============
Error: (09/09/2015 04:57:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/09/2015 04:51:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Synkroniseringsvært_Session1 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
Error: (09/09/2015 03:41:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfejl: Der opstod en fejl, da Windows skulle installere følgende opdatering 0x80070490: HP - Other hardware, Printer - Null Fax - HP Officejet Pro 8610.
Error: (09/09/2015 12:38:31 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/09/2015 12:29:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
Error: (09/09/2015 12:29:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjenesten Synkroniseringsvært_Session1 blev afbrudt uventet. Dette er sket 1 gange. Følgende korrigerende handling foretages om 10000 millisekunder: Genstart tjenesten.
Error: (09/09/2015 12:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) Dynamic Application Loader Host Interface Service afsluttede uventet. Dette er sket 1 gang(e).
Error: (09/09/2015 12:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) ME Service afsluttede uventet. Dette er sket 1 gang(e).
Error: (09/09/2015 12:17:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten Intel(R) Rapid Storage Technology afsluttede uventet. Dette er sket 1 gang(e).
Error: (09/09/2015 12:17:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten NVIDIA Network Service afsluttede uventet. Dette er sket 1 gang(e).

Microsoft Office:
=========================
Error: (09/09/2015 04:52:33 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 04:04:27 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 11:58:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
Error: (09/09/2015 09:47:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery-protokol.
System Error:
Adgang nægtet.
Error: (09/09/2015 09:17:37 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/09/2015 08:20:59 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/08/2015 09:50:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1642555bec5f5StartUI.dll10.0.10240.1643155c9bb308000000300000000001c028f5d801d0ea5c43e74966C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dllfa5dec64-4087-4e90-b60a-48e894ad617fMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
Error: (09/08/2015 09:40:00 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (09/08/2015 09:05:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Microsoft.Windows.Photos_8wekyb3d8bbwe!App-2147023170
Error: (09/08/2015 07:30:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xxxx)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8144.44 MB
Available physical RAM: 6211.26 MB
Total Virtual: 9424.44 MB
Available Virtual: 7453.2 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:1800.87 GB) (Free:1560.25 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.04 GB) NTFS
Drive g: (Lille-X-HD) (Fixed) (Total:931.51 GB) (Free:428.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 48AF3B0C)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Avatar billede f-arn Guru
09. september 2015 - 20:38 #19
Du må selv holde styr på de steder hvor der står xxxx i stedet for dit bruger navn :)

Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

Åben Notesblok, kopier det fremhævede med fed ind, og gem filen som Fixlist på Skrivebordet ved siden af Farbar Recovery Scan Tool.

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2661258678-709168960-819984101-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-08] ()
File: C:\Windows\System32\drivers\udecx.sys
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\xxxx\temp.dat
Task: {0ACE3A63-AC2C-4314-AB84-13CB166CE6E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {14492F8E-6314-4D24-8E8B-A92850762055} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {22BA02E9-532C-4068-AC59-FDF98CEBE957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C067AB1-FBC3-4769-B9DC-87F0FD688FF6} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {7DF82FA3-BD13-4304-840C-161F2DF1C30E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8AD57968-FBC9-44DB-8A23-20B4B1071B7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B7EA579-6C3E-4B4F-97AA-A982367A91C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C6183DFA-3C0C-4D7F-8F0A-E97AC2AAD68F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1CA1470-8A5A-4A57-A0B9-B04C798A15B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E9D73DF4-D404-454C-9933-F555B8D05F1C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
CMD: netsh advfirewall reset
reg: reg query "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces"
EmptyTemp:
end


Dette Fix blev skrevet specielt til denne bruger og til brug på denne PC.
Køres dette på en anden PC, kan det forårsage skade, og i værste fald vil PCen ikke starte
.

Start FRST (Farbar Recovery Scan Tool) og klik på FIX (og vent til den er færdig)

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

Luk Farbar Recovery Scan Tool, og lad PCen genstarte.

------

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Husk at vælge den rigtige version. (64 bit)

Deaktiver dit sikkerhedprogram, mens du kører den :exclaim:

Luk alle vinduer og kør "RogueKiller" (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, klikker du på report,gemmer den og kopierer den herind.

Du skal ikke fjerne noget !!!!
Avatar billede HEF Juniormester
10. september 2015 - 08:12 #20
Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by xxxx (2015-09-10 07:23:30) Run:1
Running from C:\Users\xxxx\Desktop
Loaded Profiles: xxxx & bbbb (Available Profiles: xxxx & Andaaf)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2661258678-709168960-819984101-1001\...\RunOnce: [Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupMcAfeeSecurity Scan Plus.lnk [2015-03-08]
ShortcutTarget:McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2661258678-709168960-819984101-1004\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-08] ()
File: C:\Windows\System32\drivers\udecx.sys
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\xxxx\temp.dat
Task: {0ACE3A63-AC2C-4314-AB84-13CB166CE6E7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {14492F8E-6314-4D24-8E8B-A92850762055} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {22BA02E9-532C-4068-AC59-FDF98CEBE957} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C067AB1-FBC3-4769-B9DC-87F0FD688FF6} - Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {7DF82FA3-BD13-4304-840C-161F2DF1C30E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8AD57968-FBC9-44DB-8A23-20B4B1071B7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8B7EA579-6C3E-4B4F-97AA-A982367A91C0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C6183DFA-3C0C-4D7F-8F0A-E97AC2AAD68F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1CA1470-8A5A-4A57-A0B9-B04C798A15B1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E9D73DF4-D404-454C-9933-F555B8D05F1C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
CMD: netsh advfirewall reset
reg: reg query "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces"
EmptyTemp:
end
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 => value removed successfully
HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5892.0626 => value removed successfully
HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 => value removed successfully
HKU\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\xxxx\AppData\Local\Microsoft\OneDrive\17.3.5907.0716 => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupMcAfeeSecurity Scan Plus.lnk not found.
ShortcutTarget:McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2661258678-709168960-819984101-1004\SOFTWARE\Policies\Google" => key removed successfully
hitmanpro37 => service removed successfully
========================= File: C:\Windows\System32\drivers\udecx.sys ========================
File is digitally signed
MD5: 4E1543ACE2F6E2846713E5123D9D4159
Creation and modification date: 2015-07-10 12:59 - 2015-07-10 12:59
Size: 0044032
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
wfpcapture => service removed successfully
C:\Users\xxxx\temp.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ACE3A63-AC2C-4314-AB84-13CB166CE6E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ACE3A63-AC2C-4314-AB84-13CB166CE6E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14492F8E-6314-4D24-8E8B-A92850762055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14492F8E-6314-4D24-8E8B-A92850762055}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22BA02E9-532C-4068-AC59-FDF98CEBE957}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22BA02E9-532C-4068-AC59-FDF98CEBE957}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C067AB1-FBC3-4769-B9DC-87F0FD688FF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C067AB1-FBC3-4769-B9DC-87F0FD688FF6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeOptimizer Pro Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DF82FA3-BD13-4304-840C-161F2DF1C30E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DF82FA3-BD13-4304-840C-161F2DF1C30E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AD57968-FBC9-44DB-8A23-20B4B1071B7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AD57968-FBC9-44DB-8A23-20B4B1071B7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B7EA579-6C3E-4B4F-97AA-A982367A91C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B7EA579-6C3E-4B4F-97AA-A982367A91C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6183DFA-3C0C-4D7F-8F0A-E97AC2AAD68F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6183DFA-3C0C-4D7F-8F0A-E97AC2AAD68F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1CA1470-8A5A-4A57-A0B9-B04C798A15B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1CA1470-8A5A-4A57-A0B9-B04C798A15B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9D73DF4-D404-454C-9933-F555B8D05F1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D73DF4-D404-454C-9933-F555B8D05F1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
=========  netsh advfirewall reset =========
Ok.

========= End of CMD: =========

========= reg query "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces" =========

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3dfce771-d2ad-4e30-adce-df51872a3a22}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8bfb5ef1-7415-4876-b376-8a7629cbac10}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{bbb874d1-5eba-4a32-a149-d99febd19c29}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d36352d1-3c32-11e5-9bc2-806e6f6e6963}

========= End of Reg: =========
EmptyTemp: => 1.9 GB temporary data Removed.

The system needed a reboot..
==== End of Fixlog 07:24:56 ====
Avatar billede HEF Juniormester
10. september 2015 - 08:13 #21
RogueKiller V10.10.4.0 [Sep  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : xxxx [Administrator]
Started from : C:\Users\xxxx\Desktop\RogueKiller.exe
Mode : Scan -- Date : 09/10/2015 07:50:54
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2661258678-709168960-819984101-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB  -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.com
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wqnf1zf9.default : user_pref("browser.startup.homepage", "http://foverskovs.dk/"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 922f8f9bdb220ad10bc8ea858fbb250e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1490944 | Size: 1024 MB
4 - Basic data partition | Offset (sectors): 3588096 | Size: 1844088 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 3780280320 | Size: 450 MB
6 - Basic data partition | Offset (sectors): 3781201920 | Size: 61434 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] Enheden er ikke klar. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Anmodningen understøttes ikke. )
Avatar billede HEF Juniormester
10. september 2015 - 13:02 #22
Hej igen f-arn.

Du får lige en update.
Jeg havde gang i Microsoft Edge og den vedblev med at være meget inficeret og umulig at arbejde på, også efter min seneste rensning efter din anvisning og genstart m.m. :(

Så fandt jeg ud af at Edge nærmest var låst, så nogle sider ikke kunne lukkes helt ned. Selv ved brug af jobliste viste det sig, at den ikke lukkede rigtigt ned.

Efter at jeg nu har fået Edge lukket helt ned (tror jeg) ser det rigtig fornuftigt ud i Explore, -  de øvrige browsere har jeg jo fjernet midlertidigt. ;)

Betyder det, at jeg nu er helt fri for hvad det var jeg/PC'en havde? :D

I givet fald siger jeg mange mange tak. Jeg er dybt taknemlig. :)
Er det noget med at du skal give et svar så jeg kan sende points.

Tak til alle der bidrog.
Hvis nogen føler jeg skylder noget så skriv endelig.

Mange hilsner
Avatar billede f-arn Guru
10. september 2015 - 16:48 #23
Ved du hvad hxxp://foverskovs.dk er for en side ?

Prøv at læse den guide Pixxel har lavet om reklamer i Edge.
Avatar billede HEF Juniormester
08. oktober 2015 - 12:10 #24
;)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester